Apache: Difference between revisions
No edit summary |
Klaus Steitz (talk | contribs) (→Hiding internal paths: possbile content-blocking by rewrite-rules) |
||
| (67 intermediate revisions by 24 users not shown) | |||
| Line 1: | Line 1: | ||
{{Installing Moodle}} | |||
'''This article refers to the 'Apache HTTP server'''' | |||
The Apache HTTP | The Apache HTTP server is the software that (along with the PHP scripting language) 'runs' Moodle. Note that there are alternatives (e.g. IIS on Windows, Nginx on Linux, MacOS) but the Apache HTTP Server is very popular on all platforms. | ||
The | == Installing Apache == | ||
Installers are available for most platforms from http://httpd.apache.org/download.cgi. The official installation instructions are here: http://httpd.apache.org/docs/2.0/install.html. If you are running Linux then you are recommended to use the packaged version if you can. For example in Debian/Ubuntu it is simply: | |||
<pre> | |||
sudo apt-get install apache2 | |||
</pre> | |||
See the documentation for your particular platform for the instructions. Apache is straightforward to build from source if you have to and the PHP documentation contains an article on building both Apache and PHP together - although you should rarely need to do that. | |||
==Performance== | |||
See [[Performance recommendations]] | |||
==Slasharguments== | |||
The function ''slash arguments'' is required for various features in Moodle to work correctly, as described in [[Using slash arguments]]. | |||
To turn it on, add this line to your ''httpd.conf'', or to a ''.htaccess'' file in your local directory: | |||
<code php> | |||
AcceptPathInfo On | |||
</code> | |||
''Note:'' When using ".htaccess" in your local Moodle install folder, you may need to include/enable "AllowOverride Directive" in "httpd.conf", first. | |||
''Note:'' Using .htaccess file will cause performance hit on your server! | |||
If you are using Ionos (formerly 1&1) shared webhosting, the above does not work, there is a known bug when using PHP as CGI. The solution is to create a php.ini file in the moodle directory with this content: | |||
<code php> | |||
cgi.fix_pathinfo = 0 | |||
</code> | |||
Also Ionos requires that this php.ini be in every directory that a script executes. Use the procedure below to link a php.ini in every subdirectory back to your original php.ini file. | |||
<code php> | |||
cd your_moodle_directory | |||
find -type d -exec ln -s $PWD/php.ini {}/php.ini \; | |||
</code> | |||
Source: [[https://www.ionos.com/help/hosting/using-php-for-web-projects/applying-php-settings-to-all-subdirectories/ Ionos php.ini Help]] | |||
This may affect other shared hosting providers as well. | |||
== Handling 40x errors == | |||
This enables missing files to be themed by Moodle | |||
<pre> | |||
ErrorDocument 404 /error/index.php | |||
# This sends any 403 from apache through to the same page, but also | |||
# overrides the http status with 404 instead for better security. | |||
ErrorDocument 403 /error/index.php?code=404 | |||
</pre> | |||
== Hiding internal paths == | |||
<pre> | |||
RewriteEngine On | |||
# RewriteRule "(\/vendor\/)" - [F] | |||
# RewriteRule "(\/node_modules\/)" - [F] | |||
# RewriteRule "(^|/)\.(?!well-known\/)" - [F] | |||
# RewriteRule "(composer\.json)" - [F] | |||
# RewriteRule "(\.lock)" - [F] | |||
# RewriteRule "(\/environment.xml)" - [F] | |||
# Options -Indexes | |||
# RewriteRule "(\/install.xml)" - [F] | |||
# RewriteRule "(\/README)" - [F] | |||
# RewriteRule "(\/readme)" - [F] | |||
# RewriteRule "(\/moodle_readme)" - [F] | |||
# RewriteRule "(\/upgrade\.txt)" - [F] | |||
# RewriteRule "(phpunit\.xml\.dist)" - [F] | |||
# RewriteRule "(\/tests\/behat\/)" - [F] | |||
# RewriteRule "(\/fixtures\/)" - [F] | |||
</pre> | |||
''Note:'' Please pay attention that above rules may block loading desired/required content, e.g. SCORM-packages containing a "vendor"-directory. | |||
==SSL== | |||
Moodle has an option to enable HTTPS for the whole site or for just the login pages; either option requires that your web server is configured for SSL. | |||
* Whole site HTTPS is enabled by changing http://<url> to https:// <url> in your config.php 'wwwroot' parameter. | |||
* Login only HTTPS is enabled by setting the 'loginhttps' parameter, where the wwwroot schema should remain as http:// | |||
NOTE: Login only https was deprecated and removed from Moodle 3.4: https://tracker.moodle.org/browse/MDL-42834 | |||
Login only https is available in Moodle 3.3 and earlier in the admin interface via Administration>Security>HTTP Security and checking the button. (Note the warning and see ssl section below) | |||
Prior to Moodle 2.3 It was not advised to run the whole site over HTTPS due to legacy restrictions with client-side caching. This is no longer the case assuming client browsers support the 'Cache-Control: public' method, which all supported browsers for this version of Moodle do. | |||
To use HTTPS you will need to obtain an SSL certificate, you have two options: | |||
* Generate a self-signed certificate. This is fine on (say) an Intranet but unsuitable for the public internet, but users will we warned the certificated is untrusted when used publicly. | |||
* Purchase a certificate from a vendor. There is a surprising range of prices and value-added services available. Some hosting companies even provide free certificates. | |||
Debian provides instructions for installing a self-signed certificate [https://wiki.debian.org/Self-Signed_Certificate on their wiki] and includes general information on configuring Apache for SSL. | |||
If you purchase a vendor certificate you will normally receive instructions for installing it. | |||
A basic Apache SSL configuration can be summarised as: | |||
Listen 443 | |||
NameVirtualHost *:443 | |||
<VirtualHost *:443> | |||
SSLEngine On | |||
SSLCertificateFile /path/to/your/certificate.crt | |||
SSLCertificateKeyFile /path/to/your/certificate.key | |||
... | |||
</VirtualHost> | |||
== See also == | |||
* [http://httpd.apache.org/ The Apache HTTP Server Project homepage] | |||
* [http://en.wikipedia.org/wiki/Apache_HTTP_Server Wikipedia article on the Apache HTTP Server] | |||
* [http://httpd.apache.org/docs/2.0/misc/perf-tuning.html Apache Performance Tuning article at the official homepage] | |||
* [https://els.earlham.edu/cayaraa/weblog/1468.html Making Moodle work with SSL] | |||
* [http://www.krufix.de/ Using the same Moodle twice in local network and Internet via SSL-Proxy] (in German) | |||
[[pl:Apache]] | |||
[[ja:Apache]] | |||
[[de:Apache]] | |||
[[es:Apache]] | |||
Latest revision as of 11:13, 5 December 2022
This article refers to the 'Apache HTTP server'
The Apache HTTP server is the software that (along with the PHP scripting language) 'runs' Moodle. Note that there are alternatives (e.g. IIS on Windows, Nginx on Linux, MacOS) but the Apache HTTP Server is very popular on all platforms.
Installing Apache
Installers are available for most platforms from http://httpd.apache.org/download.cgi. The official installation instructions are here: http://httpd.apache.org/docs/2.0/install.html. If you are running Linux then you are recommended to use the packaged version if you can. For example in Debian/Ubuntu it is simply:
sudo apt-get install apache2
See the documentation for your particular platform for the instructions. Apache is straightforward to build from source if you have to and the PHP documentation contains an article on building both Apache and PHP together - although you should rarely need to do that.
Performance
See Performance recommendations
Slasharguments
The function slash arguments is required for various features in Moodle to work correctly, as described in Using slash arguments.
To turn it on, add this line to your httpd.conf, or to a .htaccess file in your local directory:
AcceptPathInfo On
Note: When using ".htaccess" in your local Moodle install folder, you may need to include/enable "AllowOverride Directive" in "httpd.conf", first.
Note: Using .htaccess file will cause performance hit on your server!
If you are using Ionos (formerly 1&1) shared webhosting, the above does not work, there is a known bug when using PHP as CGI. The solution is to create a php.ini file in the moodle directory with this content:
cgi.fix_pathinfo = 0
Also Ionos requires that this php.ini be in every directory that a script executes. Use the procedure below to link a php.ini in every subdirectory back to your original php.ini file.
cd your_moodle_directory
find -type d -exec ln -s $PWD/php.ini {}/php.ini \;
Source: [Ionos php.ini Help]
This may affect other shared hosting providers as well.
Handling 40x errors
This enables missing files to be themed by Moodle
ErrorDocument 404 /error/index.php # This sends any 403 from apache through to the same page, but also # overrides the http status with 404 instead for better security. ErrorDocument 403 /error/index.php?code=404
Hiding internal paths
RewriteEngine On # RewriteRule "(\/vendor\/)" - [F] # RewriteRule "(\/node_modules\/)" - [F] # RewriteRule "(^|/)\.(?!well-known\/)" - [F] # RewriteRule "(composer\.json)" - [F] # RewriteRule "(\.lock)" - [F] # RewriteRule "(\/environment.xml)" - [F] # Options -Indexes # RewriteRule "(\/install.xml)" - [F] # RewriteRule "(\/README)" - [F] # RewriteRule "(\/readme)" - [F] # RewriteRule "(\/moodle_readme)" - [F] # RewriteRule "(\/upgrade\.txt)" - [F] # RewriteRule "(phpunit\.xml\.dist)" - [F] # RewriteRule "(\/tests\/behat\/)" - [F] # RewriteRule "(\/fixtures\/)" - [F]
Note: Please pay attention that above rules may block loading desired/required content, e.g. SCORM-packages containing a "vendor"-directory.
SSL
Moodle has an option to enable HTTPS for the whole site or for just the login pages; either option requires that your web server is configured for SSL.
- Whole site HTTPS is enabled by changing http://<url> to https:// <url> in your config.php 'wwwroot' parameter.
- Login only HTTPS is enabled by setting the 'loginhttps' parameter, where the wwwroot schema should remain as http://
NOTE: Login only https was deprecated and removed from Moodle 3.4: https://tracker.moodle.org/browse/MDL-42834
Login only https is available in Moodle 3.3 and earlier in the admin interface via Administration>Security>HTTP Security and checking the button. (Note the warning and see ssl section below)
Prior to Moodle 2.3 It was not advised to run the whole site over HTTPS due to legacy restrictions with client-side caching. This is no longer the case assuming client browsers support the 'Cache-Control: public' method, which all supported browsers for this version of Moodle do.
To use HTTPS you will need to obtain an SSL certificate, you have two options:
- Generate a self-signed certificate. This is fine on (say) an Intranet but unsuitable for the public internet, but users will we warned the certificated is untrusted when used publicly.
- Purchase a certificate from a vendor. There is a surprising range of prices and value-added services available. Some hosting companies even provide free certificates.
Debian provides instructions for installing a self-signed certificate on their wiki and includes general information on configuring Apache for SSL. If you purchase a vendor certificate you will normally receive instructions for installing it.
A basic Apache SSL configuration can be summarised as:
Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /path/to/your/certificate.crt
SSLCertificateKeyFile /path/to/your/certificate.key
...
</VirtualHost>
