update..
This commit is contained in:
parent
33536f893a
commit
7bc4423642
213
README.install
213
README.install
@ -9,6 +9,7 @@
|
||||
#
|
||||
# - NGINX Web Service is installed
|
||||
# - MySQL Service is installed
|
||||
# - PHP Service installed
|
||||
# - lets encrypt certificates available for $FQHN_HOSTNAME
|
||||
#
|
||||
# ===================
|
||||
@ -47,24 +48,25 @@ EOF
|
||||
|
||||
# Install MySQL Database Service
|
||||
#
|
||||
cd /tmp
|
||||
|
||||
# See at 'https://dev.mysql.com/downloads/repo/apt/' which is the
|
||||
# actual version of the apt-repository
|
||||
# Recommend Mysql Database distribution is MariaDB
|
||||
#
|
||||
mysql_apt_version=0.8.15-1
|
||||
wget https://dev.mysql.com/get/mysql-apt-config_${mysql_apt_version}_all.deb
|
||||
dpkg -i mysql-apt-config_${mysql_apt_version}_all.deb
|
||||
|
||||
apt-get update
|
||||
apt-get install mysql-server
|
||||
# if you want install MySQL 8.x followd thess steps:
|
||||
#
|
||||
# cd /tmp
|
||||
#
|
||||
# # See at 'https://dev.mysql.com/downloads/repo/apt/' which is the
|
||||
# # actual version of the apt-repository
|
||||
# #
|
||||
# mysql_apt_version=0.8.15-1
|
||||
# wget https://dev.mysql.com/get/mysql-apt-config_${mysql_apt_version}_all.deb
|
||||
# dpkg -i mysql-apt-config_${mysql_apt_version}_all.deb
|
||||
#
|
||||
# apt-get update
|
||||
# apt-get install mysql-server
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# Creating Moodle database
|
||||
# ---
|
||||
|
||||
#
|
||||
# These are the steps to create an empty Moodle database. Substitute your
|
||||
# own database name, user name and password as appropriate.
|
||||
#
|
||||
@ -78,12 +80,12 @@ apt-get install mysql-server
|
||||
# when you create the database. If you are not given a choice, the default
|
||||
# options are probably good. An install on an old server may have the wrong
|
||||
# settings.
|
||||
|
||||
|
||||
# db_name: moodle
|
||||
# db_user: moodleuser
|
||||
# db_pass: 3wSF.XTC+L9Z
|
||||
|
||||
#
|
||||
# Cretae Database:
|
||||
#
|
||||
# db_name: moodle
|
||||
# db_user: moodleuser
|
||||
# db_pass: 3wSF.XTC+L9Z
|
||||
|
||||
# Command line
|
||||
|
||||
@ -120,6 +122,177 @@ mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,CREATE TEMPORARY TABLES,DROP,IND
|
||||
mysql> quit
|
||||
|
||||
|
||||
# ---
|
||||
# Install Moodle
|
||||
# ---
|
||||
|
||||
MOODLE_HOSTNAME="moodle.oopen.de"
|
||||
MOODLE_GIT_BRANCH=MOODLE_38_STABLE
|
||||
WEBSERVICE_USER="www-data"
|
||||
WEBSERVICE_GROUP="www-data"
|
||||
|
||||
|
||||
# Create Web base directory
|
||||
#
|
||||
if [[ ! -d "/var/www/${MOODLE_HOSTNAME}" ]] ; then
|
||||
mkdir "/var/www/${MOODLE_HOSTNAME}"
|
||||
fi
|
||||
|
||||
# Create data filr location for moodle
|
||||
#
|
||||
if [[ ! -d "/var/www/${MOODLE_HOSTNAME}/moodledata" ]] ; then
|
||||
mkdir "/var/www/${MOODLE_HOSTNAME}/moodledata"
|
||||
fi
|
||||
chown ${WEBSERVICE_USER}:${WEBSERVICE_GROUP} "/var/www/${MOODLE_HOSTNAME}/moodledata"
|
||||
|
||||
# Download moodle code
|
||||
#
|
||||
cd /var/www/${MOODLE_HOSTNAME}
|
||||
git clone -b MOODLE_38_STABLE git://git.moodle.org/moodle.git
|
||||
|
||||
ln -s moodle /var/www/${MOODLE_HOSTNAME}/htdocs
|
||||
|
||||
|
||||
# Configure moodle
|
||||
#
|
||||
cp -a "/var/www/${MOODLE_HOSTNAME}/moodle/config-dist.php" "/var/www/${MOODLE_HOSTNAME}/moodle/config.php"
|
||||
vim /var/www/${MOODLE_HOSTNAME}/moodle/config.php
|
||||
|
||||
|
||||
# Create NGINX VHost configuration
|
||||
#
|
||||
cat <<EOF > "/etc/nginx/sites-enabled/${MOODLE_HOSTNAME}.conf"
|
||||
# - ${MOODLE_HOSTNAME}
|
||||
|
||||
server {
|
||||
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name ${MOODLE_HOSTNAME};
|
||||
|
||||
return 301 https://\$host\$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name ${MOODLE_HOSTNAME};
|
||||
|
||||
root /var/www/${MOODLE_HOSTNAME}/htdocs;
|
||||
|
||||
# Add index.php to the list if you are using PHP
|
||||
#
|
||||
index index.php index.html index.htm;
|
||||
|
||||
# Include location directive for Let's Encrypt ACME Challenge
|
||||
#
|
||||
# Needed for (automated) updating certificate
|
||||
#
|
||||
include snippets/letsencrypt-acme-challenge.conf;
|
||||
|
||||
ssl on;
|
||||
|
||||
ssl_certificate /var/lib/dehydrated/certs/${MOODLE_HOSTNAME}/fullchain.pem;
|
||||
ssl_certificate_key /var/lib/dehydrated/certs/${MOODLE_HOSTNAME}/privkey.pem;
|
||||
|
||||
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
|
||||
#
|
||||
# To generate a dhparam.pem file, run in a terminal
|
||||
# openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048
|
||||
#
|
||||
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
||||
|
||||
# Eable session resumption to improve https performance
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_timeout 10m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE
|
||||
# omit SSLv3 because of POODLE
|
||||
# omit TLSv1 TLSv1.1
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
|
||||
# ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES)
|
||||
# Everything better than SHA1 (deprecated)
|
||||
#
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
|
||||
#
|
||||
add_header Strict-Transport-Security max-age=15768000;
|
||||
|
||||
# OCSP Stapling ---
|
||||
# fetch OCSP records from URL in ssl_certificate and cache them
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
location = /favicon.ico {
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
#location / {
|
||||
# # This is cool because no php is touched for static content.
|
||||
# # include the "?\$args" part so non-default permalinks doesn't break when using query string
|
||||
# try_files \$uri \$uri/ /index.php?\$args;
|
||||
#}
|
||||
|
||||
location ~ [^/]\.php(/|\$) {
|
||||
|
||||
fastcgi_index index.php;
|
||||
|
||||
# regex to split \$uri to \$fastcgi_script_name and \$fastcgi_path
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
|
||||
# Use upstream
|
||||
#
|
||||
fastcgi_pass php-7.4-fpm;
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_param PATH_INFO \$fastcgi_path_info;
|
||||
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
|
||||
}
|
||||
|
||||
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
||||
expires max;
|
||||
log_not_found off;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
# Plugin BigBluButton
|
||||
#
|
||||
# You need URL and Shared Secret from BigBlueButton server
|
||||
#
|
||||
# On BigBlueButton Server typw:
|
||||
#
|
||||
# o33:~ # bbb-conf --secret
|
||||
#
|
||||
#
|
||||
# URL: https://bbb.oopen.de/bigbluebutton/
|
||||
# Secret: aQBzH3tUbe4jt0dn421LhLCHiEJ8Fvk8TC5PfScYNN0
|
||||
#
|
||||
# Link to the API-Mate:
|
||||
# https://mconf.github.io/api-mate/#server=https://bbb.oopen.de/bigbluebutton/&sharedSecret=aQBzH3tUbe4jt0dn421LhLCHiEJ8Fvk8TC5PfScYNN0
|
||||
#
|
||||
#
|
||||
|
||||
systemctl restart nginx
|
||||
|
||||
admin user: admin
|
||||
admin pass: MU2/KL%dCoi4
|
||||
admin email: ckubu-adm@oopen.de
|
||||
|
||||
admin user: chris
|
||||
admin pass: EadGl15E.%
|
||||
admin email: argus@oopen.de
|
||||
|
||||
Loading…
Reference in New Issue
Block a user