V Server Installation Guide - WEKIT-ECS/MIRAGE-XR GitHub Wiki

Installation Guide

This guide explains the necessary steps to deploy an installation.

  1. Select V-Server
  2. Required Packages
  3. Certificates
  4. Install and Configure Software
    1. Install Mail-Server
    2. Install Moodle
    3. Install LRS

Select V-Server

Possible providers:

Required Packages

The following packages have to be installed in order to run the software.

Certificates

Certbot will handle all the certificate management. We just need to specify which (sub)domains we have.

e.g. for lrs.wekit-ecs.com and learn.wekit-ecs.com:

sudo certbot --nginx -d lrs.wekit-ecs.com -d learn.wekit-ecs.com

Certbot should do the trick and manage the nginx configs:

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/learn.wekit-ecs.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/learn.wekit-ecs.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

Also, we can configure auto-renewal:

crontab -e

and add the following line:

0 12 * * * /usr/bin/certbot renew --quiet

Install and Configure Software

Here

Mail-Server

Moodle and Learning Locker send emails (account registration, lost password etc.). Therefore we need to provide a working mail server in the configuration files.

We are using Postfix together with Dovecot (SASL).

Postfix configuration /etc/postfix/main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2



# TLS parameters
smtpd_tls_cert_file = /etc/letsencrypt/live/learn.wekit-ecs.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/learn.wekit-ecs.com/privkey.pem
smtpd_tls_security_level=may 
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

#Enable TLS Encryption when Postfix sends outgoing emails
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

#Enforce TLSv1.3 or TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1


myhostname = learn.wekit-ecs.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = learn.wekit-ecs.com, mail.learn.wekit-ecs.com, h2954708, localhost.stratoserver.net, localhost, h2954708.stratoserver.net
relayhost = 
mynetworks = 172.18.0.3 172.18.0.2 172.18.0.1 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 85.214.83.137 192.168.64.6
mailbox_command = 
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
mydomain = learn.wekit-ecs.com
smtpd_sasl_type = dovecot
# Can be an absolute path, or relative to $queue_directory
# Debian/Ubuntu users: Postfix is setup by default to run chrooted, so it is best to leave it as-is below
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_reverse_client_hostname, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname, reject_unknown_client_hostname, reject_unknown_sender_domain
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
virtual_alias_domains = $mydomain
virtual_alias_maps = hash:/etc/postfix/virtual

Moodle

Configuration for Moodle:

version: '2'
services:
  mariadb:
    image: docker.io/bitnami/mariadb:10.3
    environment:
      # ALLOW_EMPTY_PASSWORD is recommended only for development.
      - ALLOW_EMPTY_PASSWORD=no
      - MARIADB_USER=bn_moodle
      - MARIADB_PASSWORD=CHANGEME
      - MARIADB_ROOT_PASSWORD=CHANGEME
      - MARIADB_DATABASE=bitnami_moodle
      - MARIADB_CHARACTER_SET=utf8mb4
      - MARIADB_COLLATE=utf8mb4_unicode_ci
    volumes:
      - '/root/moodle/mariadb:/bitnami/mariadb'
  moodle:
    image: docker.io/bitnami/moodle:3
    ports:
      - '8443:8443'
    environment:
      - MOODLE_DATABASE_HOST=mariadb
      - MOODLE_DATABASE_PORT_NUMBER=3306
      - MOODLE_DATABASE_USER=bn_moodle
      - MOODLE_DATABASE_NAME=bitnami_moodle
      - MOODLE_DATABASE_PASSWORD=CHANGEME
      - MOODLE_DATABASE_ROOT_PASSWORD=CHANGEME
      # ALLOW_EMPTY_PASSWORD is recommended only for development.
      - ALLOW_EMPTY_PASSWORD=no
      - BITNAMI_DEBUG=true
    volumes:
      - '/root/moodle/moodle:/bitnami/moodle'
      - '/root/moodle/moodledata:/bitnami/moodledata'
    depends_on:
      - mariadb

Set passwords in the configuration (moodle and mariadb should map) and then run:

docker compose up

LRS

We are using Learning Locker as an LRS provider. Configuration for Learning Locker:

version: '2'
services:
    mongo:
        image: mongo:3.6
        restart: unless-stopped
        command: mongod
        volumes:
            - "${PWD}/mongo:/data/db"
    redis:
        image: redis:4-alpine
        restart: unless-stopped
    worker:
        image: rwthacis/lrs
        restart: unless-stopped
        environment:
            - MONGO_URL=mongodb://mongo:27017/learninglocker_v2
            - MONGO_DB=learninglocker_v2
            - REDIS_URL=redis://redis:6379/0
            - SITE_URL=YOUR_DOMAIN
            - API_HOST=YOUR_DOMAIN
            - UI_HOST=YOUR_DOMAIN
            - APP_SECRET=SECRET
            - SMTP_HOST=MAIL_SERVER
            - SMTP_PORT=25
            - SMTP_SECURED=false
            - SMTP_IGNORE_TLS=true
            - SMTP_AUTH_REQUEST=false
        depends_on:
            - mongo
            - redis
        ports:
            - '3000:3000'
            - '8080:8080'
    xAPI:
        image: learninglocker/xapi-service
        restart: unless-stopped
        environment:
            - MONGO_URL=mongodb://mongo:27017/learninglocker_v2
            - MONGO_DB=learninglocker_v2
            - REDIS_URL=redis://redis:6379/0
            - EXPRESS_PORT=8081
    nginx:
        image: nginx
        ports:
          - '80:80'
        restart: unless-stopped
        volumes:
            - ${PWD}/site.conf:/etc/nginx/conf.d/default.conf

Set the domains in the configuration (moodle and mariadb should map) and then run:

docker compose up

Now you can create an admin account. Change the email and password:

docker compose exec worker cd learninglocker && node learninglocker/cli/dist/server createSiteAdmin EMAIL Main PASSWORD