Difference between revisions of "Apache"

Jump to: navigation, search
m (Slasharguments)
 
(8 intermediate revisions by 6 users not shown)
Line 2: Line 2:
 
'''This article refers to the 'Apache HTTP server''''
 
'''This article refers to the 'Apache HTTP server''''
  
The Apache HTTP server is the software that (along with the PHP scripting language) 'runs' Moodle. Note that there are alternatives (e.g. IIS on Windows) but the Apache HTTP Server is very popular on all platforms.  
+
The Apache HTTP server is the software that (along with the PHP scripting language) 'runs' Moodle. Note that there are alternatives (e.g. IIS on Windows, Nginx on Linux, MacOS) but the Apache HTTP Server is very popular on all platforms.  
  
 
== Installing Apache ==
 
== Installing Apache ==
Line 23: Line 23:
  
 
  AcceptPathInfo On
 
  AcceptPathInfo On
 +
 +
Note: When using ".htaccess" in your local Moodle install folder, you should include/enable "AllowOverride Directive" in "httpd.conf", first.
 +
Also! please note that using .htaccess file will cause performance hit on your server!
 +
 +
If you are using 1and1 as a hosting company the above does not work.  The solution is to create a php.ini file in the moodle directory with this content:
 +
 +
cgi.fix_pathinfo = 0
 +
 +
It was a know bug when using PHP as CGI.
  
 
==SSL==
 
==SSL==
  
Moodle has an option to enable login pages to force the HTTPS protocol. This is recommended but requires that your web server is configured for SSL. It is possible to run the whole site over HTTPS (typically by configuring Apache to rewrite all http:// URLs to <nowiki>https://</nowiki>) but as this disables caching, there is a considerable performance hit. Only do this if you have a very good reason.
+
Moodle has an option to enable HTTPS for the whole site or for just the login pages; either option requires that your web server is configured for SSL.
 +
 
 +
* Whole site HTTPS is enabled by changing http://<url> to https:// <url> in your config.php 'wwwroot' parameter.
 +
* Login only HTTPS is enabled by setting the 'loginhttps' parameter, where the wwwroot schema should remain as http://
 +
 
 +
NOTE: Login only https was deprecated and removed from Moodle 3.4: https://tracker.moodle.org/browse/MDL-42834
 +
 
 +
Login only https is available in Moodle 3.3 and earlier in the admin interface via Administration>Security>HTTP Security and checking the button. (Note the warning and see ssl section below)
  
'''WARNING: Before switching on login over HTTPS, make very sure that HTTPS is working (just change the http:// to https:// in any Moodle URL). If not, you may lock yourself out'''
+
Prior to Moodle 2.3 It was not advised to run the whole site over HTTPS due to legacy restrictions with client-side caching. This is no longer the case assuming client browsers support the 'Cache-Control: public' method, which all supported browsers for this version of Moodle do.
  
You have two options for obtaining an SSL certificate:
+
To use HTTPS you will need to obtain an SSL certificate, you have two options:
* generate a self-signed certificate. This is fine on (say) an Intranet but unsuitable for the public internet (except perhaps for testing). The user has no assurance that the certificate is legitimate.
 
* purchase a certificate from a vendor. There is a surprising range of prices and value-added services available. Some hosting companies even provide free certificates.
 
  
Below are instructions for install of a self-signed certificate. If you purchase a certificate you will normally receive instructions for installing it
+
* Generate a self-signed certificate. This is fine on (say) an Intranet but unsuitable for the public internet, but users will we warned the certificated is untrusted when used publicly.
 +
* Purchase a certificate from a vendor. There is a surprising range of prices and value-added services available. Some hosting companies even provide free certificates.
  
===Debian and Apache2===
+
Debian provides instructions for installing a self-signed certificate [https://wiki.debian.org/Self-Signed_Certificate on their wiki] and includes general information on configuring Apache for SSL.
 +
If you purchase a vendor certificate you will normally receive instructions for installing it.
  
1. generate a certification:
+
A basic Apache SSL configuration can be summarised as:
<pre>
 
apache2-ssl-certificate
 
</pre>
 
  
for debian etch, apache2-ssl-certificate is no longer available, use make-ssl-cert instead:
+
Listen 443
<pre>
+
NameVirtualHost *:443
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
+
<VirtualHost *:443>
</pre>
+
    SSLEngine On
2. edit /etc/apache2/ports.conf:
+
    SSLCertificateFile /path/to/your/certificate.crt
<pre>
+
    SSLCertificateKeyFile /path/to/your/certificate.key
      Listen 80
+
    ...
      Listen 443
+
</VirtualHost>
</pre>
 
3. copy /etc/apache)2/sites-available/default to /etc/apache2/sites-available/default-ssl, and change /etc/apache2/sites-available/default:
 
<pre>
 
      NameVirtualHost *:80
 
      <VirtualHost *:80>
 
      ...
 
      </VirtualHost>
 
</pre>
 
and also /etc/apache2/sites-available/default-ssl:
 
<pre>
 
      NameVirtualHost *:443
 
      <VirtualHost *:443>
 
      ...
 
              SSLEngine on
 
              SSLCertificateFile /etc/apache2/ssl/apache.pem
 
      ...
 
      </VirtualHost>
 
</pre>
 
4. symbolic link the ssl file:
 
<pre>
 
a2ensite default-ssl
 
</pre>
 
5. don't forget to symbolic link the ssl module:
 
<pre>
 
a2enmod ssl
 
</pre>
 
6. restart apache and '''test the connection''' (e.g. https://localhost/):
 
<pre>
 
/etc/init.d/apache2 restart
 
</pre>
 
  
 
== See also ==
 
== See also ==
Line 93: Line 76:
 
[[ja:Apache]]
 
[[ja:Apache]]
 
[[de:Apache]]
 
[[de:Apache]]
 +
[[es:Apache]]

Latest revision as of 03:13, 2 January 2019

This article refers to the 'Apache HTTP server'

The Apache HTTP server is the software that (along with the PHP scripting language) 'runs' Moodle. Note that there are alternatives (e.g. IIS on Windows, Nginx on Linux, MacOS) but the Apache HTTP Server is very popular on all platforms.

Installing Apache

Installers are available for most platforms from http://httpd.apache.org/download.cgi. The official installation instructions are here: http://httpd.apache.org/docs/2.0/install.html. If you are running Linux then you are recommended to use the packaged version if you can. For example in Debian/Ubuntu it is simply:

sudo apt-get install apache2

See the documentation for your particular platform for the instructions. Apache is straightforward to build from source if you have to and the PHP documentation contains an article on building both Apache and PHP together - although you should rarely need to do that.

Performance

See Performance recommendations

Slasharguments

The function slash arguments is required for various features in Moodle to work correctly, as described in Using slash arguments.

To turn it on, add this line to your httpd.conf, or to a .htaccess file in your local directory:

AcceptPathInfo On

Note: When using ".htaccess" in your local Moodle install folder, you should include/enable "AllowOverride Directive" in "httpd.conf", first. Also! please note that using .htaccess file will cause performance hit on your server!

If you are using 1and1 as a hosting company the above does not work. The solution is to create a php.ini file in the moodle directory with this content:

cgi.fix_pathinfo = 0

It was a know bug when using PHP as CGI.

SSL

Moodle has an option to enable HTTPS for the whole site or for just the login pages; either option requires that your web server is configured for SSL.

  • Whole site HTTPS is enabled by changing http://<url> to https:// <url> in your config.php 'wwwroot' parameter.
  • Login only HTTPS is enabled by setting the 'loginhttps' parameter, where the wwwroot schema should remain as http://

NOTE: Login only https was deprecated and removed from Moodle 3.4: https://tracker.moodle.org/browse/MDL-42834

Login only https is available in Moodle 3.3 and earlier in the admin interface via Administration>Security>HTTP Security and checking the button. (Note the warning and see ssl section below)

Prior to Moodle 2.3 It was not advised to run the whole site over HTTPS due to legacy restrictions with client-side caching. This is no longer the case assuming client browsers support the 'Cache-Control: public' method, which all supported browsers for this version of Moodle do.

To use HTTPS you will need to obtain an SSL certificate, you have two options:

  • Generate a self-signed certificate. This is fine on (say) an Intranet but unsuitable for the public internet, but users will we warned the certificated is untrusted when used publicly.
  • Purchase a certificate from a vendor. There is a surprising range of prices and value-added services available. Some hosting companies even provide free certificates.

Debian provides instructions for installing a self-signed certificate on their wiki and includes general information on configuring Apache for SSL. If you purchase a vendor certificate you will normally receive instructions for installing it.

A basic Apache SSL configuration can be summarised as:

Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /path/to/your/certificate.crt
    SSLCertificateKeyFile /path/to/your/certificate.key
    ...
</VirtualHost>

See also