# ===================
# Install Moodle
#
# see:
# - https://docs.moodle.org/38/en/Installation_quick_guide
# - https://docs.moodle.org/38/en/Installing_Moodle
#
# Requirements:
#
# - NGINX Web Service is installed
# - MySQL Service is installed
# - PHP Service installed
# - lets encrypt certificates available for $FQHN_HOSTNAME
#
# ===================
FQHN_HOSTNAME="moodle.oopen.de"
# ---
# 0.) Requirements
# ---
# Install Nginx Webserver
#
cd /usr/local/src/nginx
./install_nginx.sh
# Install update mechanism for lets encrypt certificates
#
cd /usr/local/src/dehydrated-cron
./install_dehydrated.sh
# Create certificate(s)
#
# Adjust '/var/lib/dehydrated/domains.txt'
#
# vim /var/lib/dehydrated/domains.txt
#
cat <<EOF >> /var/lib/dehydrated/domains.txt
$FQHN_HOSTNAME
EOF
/var/lib/dehydrated/cron/dehydrated_cron.sh
# ---
# 0.1) Requirements MySQL Database Service
# ---
# Install MySQL Database Service
#
# Recommend Mysql Database distribution is MariaDB
#
# if you want install MySQL 8.x followd thess steps:
#
# cd /tmp
#
# # See at 'https://dev.mysql.com/downloads/repo/apt/' which is the
# # actual version of the apt-repository
# #
# mysql_apt_version=0.8.15-1
# wget https://dev.mysql.com/get/mysql-apt-config_${mysql_apt_version}_all.deb
# dpkg -i mysql-apt-config_${mysql_apt_version}_all.deb
#
# apt-get update
# apt-get install mysql-server
# Creating Moodle database
#
# These are the steps to create an empty Moodle database. Substitute your
# own database name, user name and password as appropriate.
#
# The instructions assume that the web server and MySQL server are on the
# same machine. In this case the 'dbhost' is 'localhost'. If they are on
# different machines substitute the name of the web server for 'localhost'
# in the following instructions and the 'dbhost' setting will be the name
# of the database server. Databases have a "Character set" and a "Collation".
# For Moodle, we recommend the Character Set be set to utf8mb4 and the
# Collation utf8mb4_unicode_ci. You may get the option to set these values
# when you create the database. If you are not given a choice, the default
# options are probably good. An install on an old server may have the wrong
# settings.
#
# Cretae Database:
#
# db_name: moodle
# db_user: moodleuser
# db_pass: 3wSF.XTC+L9Z
# Command line
# To create a database using the 'mysql' command line client, first log into MySQL
$ mysql -u root -p
Enter password:
# (Enter the password you previously set - or been given - for the MySQL 'root' user).
# After some pre-amble this should take you to the mysql> prompt.
# Create a new database (called 'moodle' - substitute your own name if required).
# If you have successfully configured the recommended full UTF-8 support as described above run:
mysql> CREATE DATABASE moodle DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
# If you do not have the recommended full UTF-8 support run:
mysql> CREATE DATABASE moodle DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
# Add a user/password with the minimum needed permissions:
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,CREATE TEMPORARY TABLES,DROP,INDEX,ALTER ON moodle.* TO moodleuser@localhost IDENTIFIED BY 'yourpassword';
# ...which creates a user called 'moodleuser' with a password 'yourpassword'.
# Make sure you invent a strong password and resist the temptation to 'GRANT ALL'.
# Exit from mysql:
mysql> quit
# ---
# Install Moodle
# ---
MOODLE_HOSTNAME="moodle.oopen.de"
MOODLE_GIT_BRANCH=MOODLE_38_STABLE
WEBSERVICE_USER="www-data"
WEBSERVICE_GROUP="www-data"
# Create Web base directory
#
if [[ ! -d "/var/www/${MOODLE_HOSTNAME}" ]] ; then
mkdir "/var/www/${MOODLE_HOSTNAME}"
fi
# Create data filr location for moodle
#
if [[ ! -d "/var/www/${MOODLE_HOSTNAME}/moodledata" ]] ; then
mkdir "/var/www/${MOODLE_HOSTNAME}/moodledata"
fi
chown ${WEBSERVICE_USER}:${WEBSERVICE_GROUP} "/var/www/${MOODLE_HOSTNAME}/moodledata"
# Download moodle code
#
cd /var/www/${MOODLE_HOSTNAME}
git clone -b MOODLE_38_STABLE git://git.moodle.org/moodle.git
ln -s moodle /var/www/${MOODLE_HOSTNAME}/htdocs
# Configure moodle
#
cp -a "/var/www/${MOODLE_HOSTNAME}/moodle/config-dist.php" "/var/www/${MOODLE_HOSTNAME}/moodle/config.php"
vim /var/www/${MOODLE_HOSTNAME}/moodle/config.php
# Create NGINX VHost configuration
#
cat <<EOF > "/etc/nginx/sites-enabled/${MOODLE_HOSTNAME}.conf"
# - ${MOODLE_HOSTNAME}
server {
listen 80;
listen [::]:80;
server_name ${MOODLE_HOSTNAME};
return 301 https://\$host\$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${MOODLE_HOSTNAME};
root /var/www/${MOODLE_HOSTNAME}/htdocs;
# Add index.php to the list if you are using PHP
#
index index.php index.html index.htm;
# Include location directive for Let's Encrypt ACME Challenge
#
# Needed for (automated) updating certificate
#
include snippets/letsencrypt-acme-challenge.conf;
ssl on;
ssl_certificate /var/lib/dehydrated/certs/${MOODLE_HOSTNAME}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/${MOODLE_HOSTNAME}/privkey.pem;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
#
# To generate a dhparam.pem file, run in a terminal
# openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048
#
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Eable session resumption to improve https performance
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 10m;
ssl_session_tickets off;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE
# omit SSLv3 because of POODLE
# omit TLSv1 TLSv1.1
ssl_protocols TLSv1.2 TLSv1.3;
# ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES)
# Everything better than SHA1 (deprecated)
#
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
#
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
#location / {
# # This is cool because no php is touched for static content.
# # include the "?\$args" part so non-default permalinks doesn't break when using query string
# try_files \$uri \$uri/ /index.php?\$args;
#}
location ~ [^/]\.php(/|\$) {
fastcgi_index index.php;
# regex to split \$uri to \$fastcgi_script_name and \$fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Use upstream
#
fastcgi_pass php-7.4-fpm;
include fastcgi_params;
fastcgi_param PATH_INFO \$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
EOF
# Plugin BigBluButton
#
# You need URL and Shared Secret from BigBlueButton server
#
# On BigBlueButton Server typw:
#
# o33:~ # bbb-conf --secret
#
#
# URL: https://bbb.oopen.de/bigbluebutton/
# Secret: aQBzH3tUbe4jt0dn421LhLCHiEJ8Fvk8TC5PfScYNN0
#
# Link to the API-Mate:
# https://mconf.github.io/api-mate/#server=https://bbb.oopen.de/bigbluebutton/&sharedSecret=aQBzH3tUbe4jt0dn421LhLCHiEJ8Fvk8TC5PfScYNN0
#
#
systemctl restart nginx
admin user: admin
admin pass: MU2/KL%dCoi4
admin email: ckubu-adm@oopen.de
admin user: chris
admin pass: EadGl15E.%
admin email: argus@oopen.de
