From 7bc4423642ed73183fae49f33cec19930143dca4 Mon Sep 17 00:00:00 2001 From: Chritoph Date: Tue, 26 May 2020 02:45:52 +0200 Subject: [PATCH] update.. --- README.install | 213 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 193 insertions(+), 20 deletions(-) diff --git a/README.install b/README.install index 85be48e..0359efa 100644 --- a/README.install +++ b/README.install @@ -9,6 +9,7 @@ # # - NGINX Web Service is installed # - MySQL Service is installed +# - PHP Service installed # - lets encrypt certificates available for $FQHN_HOSTNAME # # =================== @@ -47,24 +48,25 @@ EOF # Install MySQL Database Service # -cd /tmp - -# See at 'https://dev.mysql.com/downloads/repo/apt/' which is the -# actual version of the apt-repository +# Recommend Mysql Database distribution is MariaDB # -mysql_apt_version=0.8.15-1 -wget https://dev.mysql.com/get/mysql-apt-config_${mysql_apt_version}_all.deb -dpkg -i mysql-apt-config_${mysql_apt_version}_all.deb - -apt-get update -apt-get install mysql-server +# if you want install MySQL 8.x followd thess steps: +# +# cd /tmp +# +# # See at 'https://dev.mysql.com/downloads/repo/apt/' which is the +# # actual version of the apt-repository +# # +# mysql_apt_version=0.8.15-1 +# wget https://dev.mysql.com/get/mysql-apt-config_${mysql_apt_version}_all.deb +# dpkg -i mysql-apt-config_${mysql_apt_version}_all.deb +# +# apt-get update +# apt-get install mysql-server - -# --- # Creating Moodle database -# --- - +# # These are the steps to create an empty Moodle database. Substitute your # own database name, user name and password as appropriate. # @@ -78,12 +80,12 @@ apt-get install mysql-server # when you create the database. If you are not given a choice, the default # options are probably good. An install on an old server may have the wrong # settings. - - -# db_name: moodle -# db_user: moodleuser -# db_pass: 3wSF.XTC+L9Z - +# +# Cretae Database: +# +# db_name: moodle +# db_user: moodleuser +# db_pass: 3wSF.XTC+L9Z # Command line @@ -120,6 +122,177 @@ mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,CREATE TEMPORARY TABLES,DROP,IND mysql> quit +# --- +# Install Moodle +# --- + +MOODLE_HOSTNAME="moodle.oopen.de" +MOODLE_GIT_BRANCH=MOODLE_38_STABLE +WEBSERVICE_USER="www-data" +WEBSERVICE_GROUP="www-data" + + +# Create Web base directory +# +if [[ ! -d "/var/www/${MOODLE_HOSTNAME}" ]] ; then + mkdir "/var/www/${MOODLE_HOSTNAME}" +fi + +# Create data filr location for moodle +# +if [[ ! -d "/var/www/${MOODLE_HOSTNAME}/moodledata" ]] ; then + mkdir "/var/www/${MOODLE_HOSTNAME}/moodledata" +fi +chown ${WEBSERVICE_USER}:${WEBSERVICE_GROUP} "/var/www/${MOODLE_HOSTNAME}/moodledata" + +# Download moodle code +# +cd /var/www/${MOODLE_HOSTNAME} +git clone -b MOODLE_38_STABLE git://git.moodle.org/moodle.git + +ln -s moodle /var/www/${MOODLE_HOSTNAME}/htdocs + + +# Configure moodle +# +cp -a "/var/www/${MOODLE_HOSTNAME}/moodle/config-dist.php" "/var/www/${MOODLE_HOSTNAME}/moodle/config.php" +vim /var/www/${MOODLE_HOSTNAME}/moodle/config.php + + +# Create NGINX VHost configuration +# +cat < "/etc/nginx/sites-enabled/${MOODLE_HOSTNAME}.conf" +# - ${MOODLE_HOSTNAME} + +server { + + listen 80; + listen [::]:80; + + server_name ${MOODLE_HOSTNAME}; + + return 301 https://\$host\$request_uri; +} + +server { + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name ${MOODLE_HOSTNAME}; + + root /var/www/${MOODLE_HOSTNAME}/htdocs; + + # Add index.php to the list if you are using PHP + # + index index.php index.html index.htm; + + # Include location directive for Let's Encrypt ACME Challenge + # + # Needed for (automated) updating certificate + # + include snippets/letsencrypt-acme-challenge.conf; + + ssl on; + + ssl_certificate /var/lib/dehydrated/certs/${MOODLE_HOSTNAME}/fullchain.pem; + ssl_certificate_key /var/lib/dehydrated/certs/${MOODLE_HOSTNAME}/privkey.pem; + + # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits + # + # To generate a dhparam.pem file, run in a terminal + # openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048 + # + ssl_dhparam /etc/nginx/ssl/dhparam.pem; + + # Eable session resumption to improve https performance + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 10m; + ssl_session_tickets off; + + #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE + # omit SSLv3 because of POODLE + # omit TLSv1 TLSv1.1 + ssl_protocols TLSv1.2 TLSv1.3; + + # ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES) + # Everything better than SHA1 (deprecated) + # + ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; + ssl_prefer_server_ciphers on; + + # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) + # + add_header Strict-Transport-Security max-age=15768000; + + # OCSP Stapling --- + # fetch OCSP records from URL in ssl_certificate and cache them + ssl_stapling on; + ssl_stapling_verify on; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + #location / { + # # This is cool because no php is touched for static content. + # # include the "?\$args" part so non-default permalinks doesn't break when using query string + # try_files \$uri \$uri/ /index.php?\$args; + #} + + location ~ [^/]\.php(/|\$) { + + fastcgi_index index.php; + + # regex to split \$uri to \$fastcgi_script_name and \$fastcgi_path + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + # Use upstream + # + fastcgi_pass php-7.4-fpm; + + include fastcgi_params; + fastcgi_param PATH_INFO \$fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + expires max; + log_not_found off; + } +} +EOF + +# Plugin BigBluButton +# +# You need URL and Shared Secret from BigBlueButton server +# +# On BigBlueButton Server typw: +# +# o33:~ # bbb-conf --secret +# +# +# URL: https://bbb.oopen.de/bigbluebutton/ +# Secret: aQBzH3tUbe4jt0dn421LhLCHiEJ8Fvk8TC5PfScYNN0 +# +# Link to the API-Mate: +# https://mconf.github.io/api-mate/#server=https://bbb.oopen.de/bigbluebutton/&sharedSecret=aQBzH3tUbe4jt0dn421LhLCHiEJ8Fvk8TC5PfScYNN0 +# +# + +systemctl restart nginx + +admin user: admin +admin pass: MU2/KL%dCoi4 +admin email: ckubu-adm@oopen.de + admin user: chris admin pass: EadGl15E.% admin email: argus@oopen.de