Note: You are currently viewing documentation for Moodle 3.9. Up-to-date documentation for the latest stable version of Moodle may be available here: Apache.

Apache: Difference between revisions

From MoodleDocs
No edit summary
(46 intermediate revisions by 20 users not shown)
Line 1: Line 1:
When most people refer to '''Apache''' they are talking about the "Apache HTTP Server Project". In fact Apache is really the "Apache Software Foundation" which hosts a long list of projects of which the HTTP server is just one, albeit the best known.
{{Installing Moodle}}
'''This article refers to the 'Apache HTTP server''''


The Apache HTTP Server enables web pages to be published on the internet (or an intranet or even on a single test machine). The [[PHP]] scripting language, in which Moodle is developed, is tightly integrated with the Apache HTTP Server. A web server is a required component of a Moodle installation. There are two distinct developments of the Apache HTTP Server, version 1 and version 2. Although version 2 should have replaced version 1, the architectures are so different that they both continue to be supported. Either are fully supported by PHP and Moodle.
The Apache HTTP server is the software that (along with the PHP scripting language) 'runs' Moodle. Note that there are alternatives (e.g. IIS on Windows, Nginx on Linux, MacOS) but the Apache HTTP Server is very popular on all platforms.  


The Apache HTTP Server Project describes itself thus:
== Installing Apache ==
Installers are available for most platforms from http://httpd.apache.org/download.cgi. The official installation instructions are here: http://httpd.apache.org/docs/2.0/install.html. If you are running Linux then you are recommended to use the packaged version if you can. For example in Debian/Ubuntu it is simply:
<pre>
sudo apt-get install apache2
</pre>
 
See the documentation for your particular platform for the instructions. Apache is straightforward to build from source if you have to and the PHP documentation contains an article on building both Apache and PHP together - although you should rarely need to do that.
 
==Performance==
 
See [[Performance recommendations]]
 
==Slasharguments==
 
The function ''slash arguments'' is required for various features in Moodle to work correctly, as described in [[Using slash arguments]].
 
To turn it on, add this line to your ''httpd.conf'', or to a ''.htaccess'' file in your local directory:
 
AcceptPathInfo On
 
Note: When using ".htaccess" in your local Moodle install folder, you should include/enable "AllowOverride Directive" in "httpd.conf", first.
Also! please note that using .htaccess file will cause performance hit on your server!


"The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
If you are using 1and1 as a hosting company the above does not work. The solution is to create a php.ini file in the moodle directory with this content:


Apache has been the most popular web server on the Internet since April 1996. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined."
cgi.fix_pathinfo = 0


== Installing Apache ==
It was a know bug when using PHP as CGI.
 
==SSL==
 
Moodle has an option to enable HTTPS for the whole site or for just the login pages; either option requires that your web server is configured for SSL.
 
* Whole site HTTPS is enabled by changing http://<url> to https:// <url> in your config.php 'wwwroot' parameter.
* Login only HTTPS is enabled by setting the 'loginhttps' parameter, where the wwwroot schema should remain as http://
 
NOTE: Login only https was deprecated and removed from Moodle 3.4: https://tracker.moodle.org/browse/MDL-42834
 
Login only https is available in Moodle 3.3 and earlier in the admin interface via Administration>Security>HTTP Security and checking the button. (Note the warning and see ssl section below)


Usually Apache is installed alongside PHP and [[MySQL]] in a combination known as AMP, see [[Installing AMP]] for details.
Prior to Moodle 2.3 It was not advised to run the whole site over HTTPS due to legacy restrictions with client-side caching. This is no longer the case assuming client browsers support the 'Cache-Control: public' method, which all supported browsers for this version of Moodle do.


==Performance==
To use HTTPS you will need to obtain an SSL certificate, you have two options:


Apache can be tuned to make pages load faster by specifying how the browser should cache the various page elements. How to do this varies slightly between OSes but there are two basic steps
* Generate a self-signed certificate. This is fine on (say) an Intranet but unsuitable for the public internet, but users will we warned the certificated is untrusted when used publicly.
* Purchase a certificate from a vendor. There is a surprising range of prices and value-added services available. Some hosting companies even provide free certificates.  


# Install and enable mod_rewrite - refer to documentation or man pages
Debian provides instructions for installing a self-signed certificate [https://wiki.debian.org/Self-Signed_Certificate on their wiki] and includes general information on configuring Apache for SSL.
# Add this code to the virtual server config file within the section for the root directory (or within the .htaccess file if AllowOverrides is On):
If you purchase a vendor certificate you will normally receive instructions for installing it.
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 seconds"
  ExpiresByType text/html "access plus 1 seconds"
  ExpiresByType image/gif "access plus 120 minutes"
  ExpiresByType image/jpeg "access plus 120 minutes"
  ExpiresByType image/png "access plus 120 minutes"
  ExpiresByType text/css "access plus 60 minutes"
  ExpiresByType text/javascript "access plus 60 minutes"
  ExpiresByType application/x-javascript "access plus 60 minutes"
  ExpiresByType text/xml "access plus 1 seconds"
</IfModule>


The effect is to make everything stay in the cache except HTML and XML, which change dynamically. It's possible to gain a several hundred percent decrease in load times this way
A basic Apache SSL configuration can be summarised as:


More info: [http://www.metaskills.net/blog/heuristics/sysadmin/how-to-control-browser-caching-with-apache-2 www.metaskills.net]
Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /path/to/your/certificate.crt
    SSLCertificateKeyFile /path/to/your/certificate.key
    ...
</VirtualHost>


== See also ==
== See also ==
Line 40: Line 69:
* [http://httpd.apache.org/ The Apache HTTP Server Project homepage]
* [http://httpd.apache.org/ The Apache HTTP Server Project homepage]
* [http://en.wikipedia.org/wiki/Apache_HTTP_Server Wikipedia article on the Apache HTTP Server]
* [http://en.wikipedia.org/wiki/Apache_HTTP_Server Wikipedia article on the Apache HTTP Server]
* [http://httpd.apache.org/docs/2.0/misc/perf-tuning.html Apache Performance Tuning article at the official homepage]
* [https://els.earlham.edu/cayaraa/weblog/1468.html Making Moodle work with SSL]
* [http://www.krufix.de/ Using the same Moodle twice in local network and Internet via SSL-Proxy] (in German)


 
[[pl:Apache]]
[[Category:Administrator]]
[[ja:Apache]]
[[Category:Developer]]
[[de:Apache]]
[[es:Apache]]

Revision as of 03:13, 2 January 2019

This article refers to the 'Apache HTTP server'

The Apache HTTP server is the software that (along with the PHP scripting language) 'runs' Moodle. Note that there are alternatives (e.g. IIS on Windows, Nginx on Linux, MacOS) but the Apache HTTP Server is very popular on all platforms.

Installing Apache

Installers are available for most platforms from http://httpd.apache.org/download.cgi. The official installation instructions are here: http://httpd.apache.org/docs/2.0/install.html. If you are running Linux then you are recommended to use the packaged version if you can. For example in Debian/Ubuntu it is simply:

sudo apt-get install apache2

See the documentation for your particular platform for the instructions. Apache is straightforward to build from source if you have to and the PHP documentation contains an article on building both Apache and PHP together - although you should rarely need to do that.

Performance

See Performance recommendations

Slasharguments

The function slash arguments is required for various features in Moodle to work correctly, as described in Using slash arguments.

To turn it on, add this line to your httpd.conf, or to a .htaccess file in your local directory:

AcceptPathInfo On

Note: When using ".htaccess" in your local Moodle install folder, you should include/enable "AllowOverride Directive" in "httpd.conf", first. Also! please note that using .htaccess file will cause performance hit on your server!

If you are using 1and1 as a hosting company the above does not work. The solution is to create a php.ini file in the moodle directory with this content:

cgi.fix_pathinfo = 0

It was a know bug when using PHP as CGI.

SSL

Moodle has an option to enable HTTPS for the whole site or for just the login pages; either option requires that your web server is configured for SSL.

  • Whole site HTTPS is enabled by changing http://<url> to https:// <url> in your config.php 'wwwroot' parameter.
  • Login only HTTPS is enabled by setting the 'loginhttps' parameter, where the wwwroot schema should remain as http://

NOTE: Login only https was deprecated and removed from Moodle 3.4: https://tracker.moodle.org/browse/MDL-42834

Login only https is available in Moodle 3.3 and earlier in the admin interface via Administration>Security>HTTP Security and checking the button. (Note the warning and see ssl section below)

Prior to Moodle 2.3 It was not advised to run the whole site over HTTPS due to legacy restrictions with client-side caching. This is no longer the case assuming client browsers support the 'Cache-Control: public' method, which all supported browsers for this version of Moodle do.

To use HTTPS you will need to obtain an SSL certificate, you have two options:

  • Generate a self-signed certificate. This is fine on (say) an Intranet but unsuitable for the public internet, but users will we warned the certificated is untrusted when used publicly.
  • Purchase a certificate from a vendor. There is a surprising range of prices and value-added services available. Some hosting companies even provide free certificates.

Debian provides instructions for installing a self-signed certificate on their wiki and includes general information on configuring Apache for SSL. If you purchase a vendor certificate you will normally receive instructions for installing it.

A basic Apache SSL configuration can be summarised as:

Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /path/to/your/certificate.crt
    SSLCertificateKeyFile /path/to/your/certificate.key
    ...
</VirtualHost>

See also