Installation moodle - kwantu/platformconfiguration GitHub Wiki

back

Install Moodle

1. Prepare the server

Ansible scripts are used to initiate the server. Run the following playbooks:

  1. Basics
  2. MySQL
  3. NginX

2. Step 2 - Install and Configure PHP-FPM

Moodle 3.2+ supports the new PHP 7 version, so we will use PHP 7.3. PHP-FPM 7.3 is not available in the default CentOS repository. There is a third-party repository from 'webtatic' for PHP7 though that I will use here.

Add the new webtatic repository to the system with the rpm command.

rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Next, install PHP-FPM 7.3 with all extensions and packages needed by Moodle.

yum install -y graphviz aspell php70w-fpm php70w-cli php70w-pspell php70w-curl php70w-gd php70w-intl php70w-mysql php70w-xml php70w-xmlrpc php70w-ldap php70w-zip php70w-json php70w-opcache php70w-readline php70w-mbstring php70w-soap

Use this link to upgrade to 7.4 needed for Moodle 3.8 https://www.mysterydata.com/how-to-install-upgrade-to-php-7-4-on-rhel-centos-vestacp/

Edit php.ini

When the installation has been completed, edit the PHP configuration file php.ini with vim.

vim /etc/php.ini

#Uncomment the cgi.fix_pathinfo line and change value to 0.
cgi.fix_pathinfo=0

Save the php.ini file and exit vim.

Edit php-fpm configuration file

Go to the php-fpm configuration directory and edit the php-fpm configuration file www.conf.

cd /etc/php-fpm.d/
vim www.conf

#Change the user and group lines to 'nginx' so that the web server is running under user and group 'nginx'.
user = nginx
group = nginx

#Instead of using the server port, we will use a socket file for php-fpm. Change the value of the listen line to '/run/php-fpm/php-fpm.sock'
listen = /run/php-fpm/php-fpm.sock

#Next, uncomment the socket file owner, group and default permission line and alter them as shown as below.
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

#Configure the file extensions that PHP will parse.
#Allow only .php files.
security.limit_extensions = .php

#Uncomment the PHP-FPM environment variable lines below.
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

Save the file and exit the editor.

Create directory for the session path

Now we need to create a new directory for the php session path. Create the new directory and change the owner of the directory to the 'nginx' user and group.

mkdir -p /var/lib/php/session/
chown -R nginx:nginx /var/lib/php/session/

#Change owner of the php-fpm socket file directory to nginx user too.
chown -R nginx:nginx /run/php-fpm/

The PHP-FPM configuration has been completed.

Start PHP-FPM, add to startup at boot

Start PHP-FPM and add it to automatically start at boot time with the following two systemctl commands.

systemctl start php-fpm
systemctl enable php-fpm

Check its running

PHP-FPM will run under a socket file, check it to make sure PHP-FPM is running with netstat again.

netstat -lx | grep php-fpm.sock
...
[root@lmsntip php-fpm.d]# netstat -lx | grep php-fpm.sock
unix  2      [ ACC ]     STREAM     LISTENING     99769    /run/php-fpm/php-fpm.sock
[root@lmsntip php-fpm.d]#

Configure MySQL

Here we are using mysql not Maria at the moment, so we will just do the configurations. Most of the setups will have been taken care of by Ansible

Edit the configuration file my.cnf.

# First enable writing to the file
 chmod 777 /etc/my.cnf

# Then edit it
vim /etc/my.cnf

#At the end of the '[mysqld]' section, paste the configuration below.
default_storage_engine = innodb
innodb_file_per_table = 1
innodb_file_format = Barracuda

# Then secure it again
 chmod 400 /etc/my.cnf

# Restart mysqld to make sure all is well
 systemctl restart mysqld

Save and exit, then restart MySQL.

Download and Configure Moodle

We will download Moodle directly from the GitHub repository, so we need the git command on the system. Install git with yum as shown below. (This is covered by the basics role in ansible so we can skip it)

# yum -y install git

Next, create a new web root '/var/www/' directory and clone moodle into it.

mkdir -p /var/www/

# Go to the '/var/www/' directory and clone Moodle from the GitHub repository.
cd /var/www/
git clone https://github.com/moodle/moodle.git

# Then go to the 'moodle' directory and check the available Moodle branches.
cd moodle/
git branch -a

# List the Moodle stable branches, choose the latest stable branch and checkout latest stable branch version.
git branch --track MOODLE_38_STABLE remotes/origin/MOODLE_38_STABLE
git checkout MOODLE_38_STABLE

# Now you should be in the latest stable branch of Moodle, you can check that with the git command below.

git status

You will see results below.

On branch MOODLE_38_STABLE

nothing to commit, working directory clean

## Create the local data directories
### Now create a new directory 'moodledata' and make sure the owner of the directory is the 'nginx' user and group.
```bash
mkdir -p /usr/local/data/moodledata
chown -R nginx:nginx /usr/local/data/moodledata
chmod 777 /usr/local/data/moodledata

Change the owner of the moodle directory to the 'nginx' user.

chown -R nginx:nginx /var/www/moodle
chmod 755 /var/www/moodle

Moodle has been Downloaded.

Configure SELinux and Firewalld

In this step, we will configure SELinux and Firewalld. If your SELinux is off and you don't want to use it, then you can skip this step and start to configure Firewalld. Check your SELinux status and make sure firewalld installed.

Checking SELinux status on CentOS 7

Check SELinux status with the command below.

sestatus

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

# SELinux is enabled with 'Enforcing' mode.

To configure SELinux, we need the SELinux management tools installed on the system.

# Install 'policycoreutils-python' with yum. This should have been included in the basics installation
yum -y install policycoreutils-python

Now change the SELinux context files and directory settings for the moodle web root directory and the moodle data directory with the semanage command below.

semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/moodle(/.*)?'
restorecon -Rv '/var/www/moodle/'
 
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/local/data/moodledata(/.*)?'
restorecon -Rv '/usr/local/data/moodledata/'

SELinux configuration for moodle has been completed, now we must configure Firewalld.

Install firewalld packages if you do not have that.

This will have been done by the basics role in ansible.

yum -y install firewalld

#Start firewalld and add firewalld automatically to start at boot time.
systemctl start firewalld
systemctl enable firewalld

#Next, open the ports for HTTP, HTTPS and SSH with the firewall-cmd command below.

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-service=ssh

Reload firewalld and check HTTP and HTTPS is on the services list.

firewall-cmd --reload
firewall-cmd --list-all

Firewalld configuration completed.

./playbook.sh ntip basic all
where 
ntip = environment
basic = basic role to set up and harden the server
all = hosts in the environment

https://www.howtoforge.com/tutorial/how-to-install-moodle-32-on-centos-7/

Troubleshoot

  1. If you get the error: The Zip PHP extension is now required by Moodle, info-ZIP binaries or PclZip library are not used anymore.
yum install  php74-php-pecl-zip
⚠️ **GitHub.com Fallback** ⚠️