Moodle auf HTTPS umstellen: Unterschied zwischen den Versionen

Aus MoodleDocs
Wechseln zu:Navigation, Suche
(Die Seite wurde neu angelegt: „{{Übersetzen}} en:Transitioning to HTTPS“)
 
Keine Bearbeitungszusammenfassung
Zeile 1: Zeile 1:
{{Übersetzen}}
{{Sicherheit}}{{Übersetzen}}
 
Es gibt [https://developers.google.com/web/fundamentals/security/encrypt-in-transit/why-https zahlreiche Vorteile], wenn eine Moodle-Site unter HTTPS läuft. Es erhöht die Sicherheit, insbesondere in Bezug auf Sitzungen und Passwörter.
 
== Schritte==
=== Bevor Sie beginnen ===
Check all the content you use supports https. Use the [[HTTPS Konvertierung]] to do this.
 
Make sure you have a staging environment. You will want to set up HTTPS the first time on a staging environment rather than updating your live site. It will take some time to convert to https and you will need to update content (see below).
 
=== SSL-Zertifikat aufsetzen ===
The first thing you will need to do is acquire an SSL certificate. You can create these yourself, but this is only helpful for development purposes. Instead you will want to get your SSL certificate from a certificate authority, so that the certificate will be publicly verified.
 
The cost of certificates has been somewhat prohibitive, they come at various costs from a few dollars to hundreds of dollars per year. For the budget constrained, the "price is right" with a new initiative brought to us by the Internet Security Research Group (ISRG). Free domain-validated certificates can be acquired from [https://letsencrypt.org Let's Encrypt]. Let's Encrypt also tries to make the process of installing and managing certificates as painless as possible and there are numerous methods and clients available.
 
=== Server aufsetzen ===
Then you will need enable SSL on your web server to add your certificate. This process will vary depending on your web server of choice.
 
If you are using a proxy or load balancer, depending on your setup you will most likely want to set up the SSL certificate on your proxy server
 
=== Moodle aufsetzen ===
 
On a basic Moodle site, it will be simple to set up https. Simply edit config.php and change http:// to https:// in $CFG->wwwroot.
 
However, if you are using a proxy or load balancer, depending on your setup you may need to set $CFG->sslproxy to 1, and not use SSL on the Moodle server. Then the load balancer or proxy server can communicate directly to your Moodle site, but serve to the clients over SSL.
 
=== Redirecting the HTTP address to the new HTTPS address ===
 
You may want to add a redirection so that users who have the current http:// address to your site will be redirected automatically to the https:// address  instead of getting a page with a message such as "For security reasons only https connections are allowed, sorry."
 
There are several ways to do redirections, depending on your web server, hosting, and how you prefer to do this. A common solution on Apache web servers is to create an .htaccess file with a rewrite rule such as:
 
<syntaxhighlight lang="apacheconf">
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourmoodle.com/$1 [R,L]
</syntaxhighlight>
or in general
<syntaxhighlight lang="apacheconf">
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ {SERVER_NAME}/$1 [R,L]
</syntaxhighlight>
 
Be sure to look up current ways to do this for your web server and host, such as the how-to article [https://www.ssl.com/how-to/force-https-connections-in-an-apache-server-environment/ Force HTTPS connections in an Apache server environment].
 
=== Inhalte aktualisieren ===
You will need to change all embeded content from being requested over http. Links do not matter. But you will need to update images and iframes, scorm modules, and LTI external tools. You can modify external tools to open in a new window instead of in an iframe and they will work fine.
 
A new tool was added to Moodle 3.4 to aid in this process. This is available via a link in ''Site administration > Security > HTTP security > HTTPS conversion tool''.  See MDL-46269 for details.
 
== Siehe auch ==
 
* [https://developers.google.com/web/fundamentals/security/encrypt-in-transit/why-https Why HTTPS Matters - Google Web Grundlagen] (englisch)


[[en:Transitioning to HTTPS]]
[[en:Transitioning to HTTPS]]

Version vom 23. Juni 2022, 09:06 Uhr

Baustelle.png Diese Seite muss übersetzt werden. Greif zu!
Wenn du dich um diesen Artikel kümmern willst, dann kennzeichne das, indem du die Vorlage {{Übersetzen}} durch die Vorlage {{ÜbersetzenVergeben}} ersetzt.
Wenn du mit deiner Arbeit fertig bist, dann entferne die Vorlage aus dem Artikel.
Danke für deine Mitarbeit!


Es gibt zahlreiche Vorteile, wenn eine Moodle-Site unter HTTPS läuft. Es erhöht die Sicherheit, insbesondere in Bezug auf Sitzungen und Passwörter.

Schritte

Bevor Sie beginnen

Check all the content you use supports https. Use the HTTPS Konvertierung to do this.

Make sure you have a staging environment. You will want to set up HTTPS the first time on a staging environment rather than updating your live site. It will take some time to convert to https and you will need to update content (see below).

SSL-Zertifikat aufsetzen

The first thing you will need to do is acquire an SSL certificate. You can create these yourself, but this is only helpful for development purposes. Instead you will want to get your SSL certificate from a certificate authority, so that the certificate will be publicly verified.

The cost of certificates has been somewhat prohibitive, they come at various costs from a few dollars to hundreds of dollars per year. For the budget constrained, the "price is right" with a new initiative brought to us by the Internet Security Research Group (ISRG). Free domain-validated certificates can be acquired from Let's Encrypt. Let's Encrypt also tries to make the process of installing and managing certificates as painless as possible and there are numerous methods and clients available.

Server aufsetzen

Then you will need enable SSL on your web server to add your certificate. This process will vary depending on your web server of choice.

If you are using a proxy or load balancer, depending on your setup you will most likely want to set up the SSL certificate on your proxy server

Moodle aufsetzen

On a basic Moodle site, it will be simple to set up https. Simply edit config.php and change http:// to https:// in $CFG->wwwroot.

However, if you are using a proxy or load balancer, depending on your setup you may need to set $CFG->sslproxy to 1, and not use SSL on the Moodle server. Then the load balancer or proxy server can communicate directly to your Moodle site, but serve to the clients over SSL.

Redirecting the HTTP address to the new HTTPS address

You may want to add a redirection so that users who have the current http:// address to your site will be redirected automatically to the https:// address instead of getting a page with a message such as "For security reasons only https connections are allowed, sorry."

There are several ways to do redirections, depending on your web server, hosting, and how you prefer to do this. A common solution on Apache web servers is to create an .htaccess file with a rewrite rule such as:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourmoodle.com/$1 [R,L]

or in general

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ {SERVER_NAME}/$1 [R,L]

Be sure to look up current ways to do this for your web server and host, such as the how-to article Force HTTPS connections in an Apache server environment.

Inhalte aktualisieren

You will need to change all embeded content from being requested over http. Links do not matter. But you will need to update images and iframes, scorm modules, and LTI external tools. You can modify external tools to open in a new window instead of in an iframe and they will work fine.

A new tool was added to Moodle 3.4 to aid in this process. This is available via a link in Site administration > Security > HTTP security > HTTPS conversion tool. See MDL-46269 for details.

Siehe auch