# =================== # Install Moodle # # see: # - https://docs.moodle.org/38/en/Installation_quick_guide # - https://docs.moodle.org/38/en/Installing_Moodle # # Requirements: # # - NGINX Web Service is installed # - MySQL Service is installed # - PHP Service installed # - lets encrypt certificates available for $FQHN_HOSTNAME # # =================== FQHN_HOSTNAME="moodle.oopen.de" # --- # 0.) Requirements # --- # Install Nginx Webserver # cd /usr/local/src/nginx ./install_nginx.sh # Install update mechanism for lets encrypt certificates # cd /usr/local/src/dehydrated-cron ./install_dehydrated.sh # Create certificate(s) # # Adjust '/var/lib/dehydrated/domains.txt' # # vim /var/lib/dehydrated/domains.txt # cat <> /var/lib/dehydrated/domains.txt $FQHN_HOSTNAME EOF /var/lib/dehydrated/cron/dehydrated_cron.sh # --- # 0.1) Requirements MySQL Database Service # --- # Install MySQL Database Service # # Recommend Mysql Database distribution is MariaDB # # if you want install MySQL 8.x followd thess steps: # # cd /tmp # # # See at 'https://dev.mysql.com/downloads/repo/apt/' which is the # # actual version of the apt-repository # # # mysql_apt_version=0.8.15-1 # wget https://dev.mysql.com/get/mysql-apt-config_${mysql_apt_version}_all.deb # dpkg -i mysql-apt-config_${mysql_apt_version}_all.deb # # apt-get update # apt-get install mysql-server # Creating Moodle database # # These are the steps to create an empty Moodle database. Substitute your # own database name, user name and password as appropriate. # # The instructions assume that the web server and MySQL server are on the # same machine. In this case the 'dbhost' is 'localhost'. If they are on # different machines substitute the name of the web server for 'localhost' # in the following instructions and the 'dbhost' setting will be the name # of the database server. Databases have a "Character set" and a "Collation". # For Moodle, we recommend the Character Set be set to utf8mb4 and the # Collation utf8mb4_unicode_ci. You may get the option to set these values # when you create the database. If you are not given a choice, the default # options are probably good. An install on an old server may have the wrong # settings. # # Cretae Database: # # db_name: moodle # db_user: moodleuser # db_pass: 3wSF.XTC+L9Z # Command line # To create a database using the 'mysql' command line client, first log into MySQL $ mysql -u root -p Enter password: # (Enter the password you previously set - or been given - for the MySQL 'root' user). # After some pre-amble this should take you to the mysql> prompt. # Create a new database (called 'moodle' - substitute your own name if required). # If you have successfully configured the recommended full UTF-8 support as described above run: mysql> CREATE DATABASE moodle DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; # If you do not have the recommended full UTF-8 support run: mysql> CREATE DATABASE moodle DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci; # Add a user/password with the minimum needed permissions: mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,CREATE TEMPORARY TABLES,DROP,INDEX,ALTER ON moodle.* TO moodleuser@localhost IDENTIFIED BY 'yourpassword'; # ...which creates a user called 'moodleuser' with a password 'yourpassword'. # Make sure you invent a strong password and resist the temptation to 'GRANT ALL'. # Exit from mysql: mysql> quit # --- # Install Moodle # --- MOODLE_HOSTNAME="moodle.oopen.de" MOODLE_GIT_BRANCH=MOODLE_38_STABLE WEBSERVICE_USER="www-data" WEBSERVICE_GROUP="www-data" # Create Web base directory # if [[ ! -d "/var/www/${MOODLE_HOSTNAME}" ]] ; then mkdir "/var/www/${MOODLE_HOSTNAME}" fi # Create data filr location for moodle # if [[ ! -d "/var/www/${MOODLE_HOSTNAME}/moodledata" ]] ; then mkdir "/var/www/${MOODLE_HOSTNAME}/moodledata" fi chown ${WEBSERVICE_USER}:${WEBSERVICE_GROUP} "/var/www/${MOODLE_HOSTNAME}/moodledata" # Download moodle code # cd /var/www/${MOODLE_HOSTNAME} git clone -b MOODLE_38_STABLE git://git.moodle.org/moodle.git ln -s moodle /var/www/${MOODLE_HOSTNAME}/htdocs # Configure moodle # cp -a "/var/www/${MOODLE_HOSTNAME}/moodle/config-dist.php" "/var/www/${MOODLE_HOSTNAME}/moodle/config.php" vim /var/www/${MOODLE_HOSTNAME}/moodle/config.php # Create NGINX VHost configuration # cat < "/etc/nginx/sites-enabled/${MOODLE_HOSTNAME}.conf" # - ${MOODLE_HOSTNAME} server { listen 80; listen [::]:80; server_name ${MOODLE_HOSTNAME}; return 301 https://\$host\$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name ${MOODLE_HOSTNAME}; root /var/www/${MOODLE_HOSTNAME}/htdocs; # Add index.php to the list if you are using PHP # index index.php index.html index.htm; # Include location directive for Let's Encrypt ACME Challenge # # Needed for (automated) updating certificate # include snippets/letsencrypt-acme-challenge.conf; ssl on; ssl_certificate /var/lib/dehydrated/certs/${MOODLE_HOSTNAME}/fullchain.pem; ssl_certificate_key /var/lib/dehydrated/certs/${MOODLE_HOSTNAME}/privkey.pem; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits # # To generate a dhparam.pem file, run in a terminal # openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048 # ssl_dhparam /etc/nginx/ssl/dhparam.pem; # Eable session resumption to improve https performance ssl_session_cache shared:SSL:50m; ssl_session_timeout 10m; ssl_session_tickets off; #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE # omit SSLv3 because of POODLE # omit TLSv1 TLSv1.1 ssl_protocols TLSv1.2 TLSv1.3; # ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES) # Everything better than SHA1 (deprecated) # ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) # add_header Strict-Transport-Security max-age=15768000; # OCSP Stapling --- # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify on; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } #location / { # # This is cool because no php is touched for static content. # # include the "?\$args" part so non-default permalinks doesn't break when using query string # try_files \$uri \$uri/ /index.php?\$args; #} location ~ [^/]\.php(/|\$) { fastcgi_index index.php; # regex to split \$uri to \$fastcgi_script_name and \$fastcgi_path fastcgi_split_path_info ^(.+\.php)(/.+)$; # Use upstream # fastcgi_pass php-7.4-fpm; include fastcgi_params; fastcgi_param PATH_INFO \$fastcgi_path_info; fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } } EOF # Plugin BigBluButton # # You need URL and Shared Secret from BigBlueButton server # # On BigBlueButton Server typw: # # o33:~ # bbb-conf --secret # # # URL: https://bbb.oopen.de/bigbluebutton/ # Secret: aQBzH3tUbe4jt0dn421LhLCHiEJ8Fvk8TC5PfScYNN0 # # Link to the API-Mate: # https://mconf.github.io/api-mate/#server=https://bbb.oopen.de/bigbluebutton/&sharedSecret=aQBzH3tUbe4jt0dn421LhLCHiEJ8Fvk8TC5PfScYNN0 # # systemctl restart nginx admin user: admin admin pass: MU2/KL%dCoi4 admin email: ckubu-adm@oopen.de admin user: chris admin pass: EadGl15E.% admin email: argus@oopen.de