Install Moodle 3.2 on a RHEL 7 server

moodle

Introduction

Moodle is a learning platform designed to provide a single, integrated system for educational institutes.
It powers tens of thousands of environments all over the world, especially in Europe and North America, for a total of 235 countries and countless education centres including the London School of Economics. The project is developed and lead by Moodle HQ, and is distributed under the GNU General Public License.
It is fully customizable, allowing users to create or install available plugins.
This tutorial explains how to install Moodle 3.2 on a Red Hat Enterprise Linux 7 server with NGINX as web server.

Getting started

Install NGINX

Add the NGINX yum repository, creating a new file in /etc/yum.repos.d/:

# $EDITOR /etc/yum.repos.d/nginx.repo

In that file, paste the following configuration:

[nginx]
name=NGINX repo
baseurl=http://nginx.org/packages/rhel/7/x86_64/
gpgcheck=0
enabled=1

Install NGINX with yum:

# yum install nginx

Start NGINX using systemd:

# systemctl start nginx

Just for testing, execute the following command:

$ curl -Ss http://localhost

And it should output the following message:

<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>

Enable NGINX to start at boot time:

# systemctl enable nginx

Install PHP-FPM

The PHP version required by is 5.6.5+. It is possible to use version 7, although it can have some engine limitations.

Let’s look at how to install PHP 5.6.5. First, add the Webtatic repository:

# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Next, install PHP-FPM (and other modules) with yum:

# yum install php56w-fpm php56w-cli php56w-pspell php56w-curl php56w-gd php56w-intl php56w-mysql php56w-xml php56w-xmlrpc php56w-ldap php56w-zip php56w-json php56w-opcache php56w-readline php56w-mbstring php56w-soap

At the end of the installation process, open PHP configuration file with a text editor:

# $EDITOR /etc/php.ini

Search for the cgi.fix_pathinfos line, uncomment it and edit as follows:

cgi.fix_pathinfos=0

Save and exit.

Start PHP-FPM:

systemctl start php-fpm.service

Install and configure MariaDB

Moodle supports PostgreSQL, MySQL, MariaDB, Microsoft SQL Server and Oracle Database. In this tutorial, Moodle will be configured for using MariaDB. Install this database with yum:

# yum install mariadb-server

Start MariaDB:

# systemctl start mariadb

Next, set the MariaDB root account by executing the following command:

# mysql_secure_installation
Set root password? [Y/n] 
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!
Remove anonymous users? [Y/n] 
 ... Success!
Disallow root login remotely? [Y/n] 
 ... Success!
Remove test database and access to it? [Y/n] 
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!
Reload privilege tables now? [Y/n] 
 ... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Next, edit the /etc/my.cnf.d/server.cnf file:

# $EDITOR /etc/my.cnf.d/server.cnf

Put the following content under the [mysqld] block:

default_storage_engine = innodb
innodb_file_per_table = 1
innodb_file_format = Barracuda

Save, exit and restart MariaDB service:

# systemctl restart mariadb

Execute the command netstat -plntu | grep mysql and check the output:

[[email protected] ~]# netstat -plntu | grep mysql
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 8006/mysqld

This output means that MariaDB has been correctly installed and started. The next step is to create a new database for Moodle. Execute the following command:

# mysql -u root -p

Run the following queries:

MariaDB [(none)]> CREATE DATABASE moodle_db DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> CREATE USER moodle_usr@localhost IDENTIFIED BY 'usr_strong_password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON moodle_db.* TO moodle_usr@localhost IDENTIFIED BY 'usr_strong_password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> EXIT;
Bye

Installing Moodle

Obtaining Moodle

There are two different ways to obtain Moodle:

  1. Download and unpack an archive;
  2. Use git.

In this tutorial we’ll be used the second one option, which is perfect for developers and makes it easier to upgrade Moodle. In order to use this method, install git:

# yum install git

Next, clone the repository in the web server root directory:

# cd /var/www
# git clone --single-branch -b MOODLE_32_STABLE git://git.moodle.org/moodle.git

When git is finished downloading the code, secure it executing the following commands:

# chown -R root /var/www/moodle 
# chmod -R 0755 /var/www/moodle 
# find /var/www/moodle -type f -exec chmod 0644 {} \;

Create a data directory

Moodle requires a directory to store all of its files. This directory, moodledata, will be placed outside the web root directory or Moodle program files directory for security reasons.

Create this directory in /var/, remembering that the web server needs to be able to write the following into it:

# mkdir /var/moodledata
# chmod 0777 /var/moodledata

Note: moodledata should not be accessible directly via the web. However, if there is no way to avoid this, you can secure it using a .htaccess file as explained below. If already hidden from the web, ignore this step.

For securing moodledata, create a .htaccess file inside it:

# $EDITOR /var/moodledata/.htaccess

In that file, paste the following lines:

order deny,allow
deny from all

Save and exit.

Generate a SSL certificate

Using HTTPS connections requires a SSL certificate. Create a self-signed one:

# mkdir -p /etc/nginx/certs
# openssl req -new -x509 -days 365 -nodes -out /etc/nginx/certs/moodle.crt -keyout /etc/nginx/certs/moodle.key

Then, make sure you change the private key permissions:

# chmod 600 /etc/nginx/certs/moodle.key

Create a Virtual Host file

Next, create a new virtual host configuration file for Moodle:

# $EDITOR /etc/nginx/conf.d/unixmen-moodle.conf

In that file, paste the following content:

# PHP Upstream Handler
upstream php-handler {
    server unix:/run/php/php7.0-fpm.sock;
}
 
# Nginx redirect HTTP to HTTPS
server {
    listen 80;
    server_name moodle.mydomain.com;
    # enforce https
    return 301 https://$server_name$request_uri;
}
 
# HTTPS Configuration
server {
        server_name          moodle.mydomain.com;
 
        listen               *:443 ssl http2;
        listen               [::]:443 ssl http2;
 
        # SSL Configuration    
        ssl  on;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;
        ssl_session_tickets off;
        #ssl_stapling on;
        #ssl_stapling_verify on;
        resolver_timeout 5s;
        ssl_certificate /etc/nginx/certs/moodle.crt;
        ssl_certificate_key /etc/nginx/certs/moodle.key;
        
        # Root Moodle Data DIrectory
        root /var/www/moodle;
        rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last;
 
        location ^~ / {
                try_files $uri $uri/ /index.php?q=$request_uri;
                index index.php index.html index.htm;
 
                location ~ \.php$ {
                        include snippets/fastcgi-php.conf;
                        fastcgi_pass php-handler;
                }
        }
}

Save and exit.

Next, backup the default.conf file:

# mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.old
# cp /etc/nginx/conf.d/unixmen-moodle.conf /etc/nginx/conf.d/default.conf

Then restart NGINX:

# systemctl restart nginx

Moodle installation

The last step is to open a web browser and go to this URL: https://moodle.mydomain.com. The browser will show the Moodle installation page. Simply fill out the required forms and you’ll be ready to roll!

Conclusions

Moodle is a de facto standard in educational institutes all over the world, with thousands of users. In this tutorial, we have seen how to install and configure it on a RHEL 7 based server, with MariaDB, NGINX and PHP-FPM.