Moodle is a flexible and powerful free open source course management system and e-learning platform written in PHP and often deployed in Linux under Apache/Nginx web servers with PHP and MySQL/MariaDB database management system, also known as LAMP or LEMP stack.
This tutorial will explain how to install and configure the latest version of Moodle in Debian 9 release in order to create an e-learning platform at your premises.
Moodle platform offers an intuitive web interface that can be used by educators and trainers to store course data and to keep track of students, grades and online courses. Most major universities worldwide are deploying Moodle e-learning platform in order to ease the educational activities for their students and teachers.
Requirements
In order to successfully install and deploy Moodle, your server needs to meet the below requirements.
- A Debian 9 server installed with minimal software requirements on a bare-metal server machine or on a virtual private server
- direct access to root account via console or SSH or remote or direct access to an account with root privileges gained via sudo utility
- A network interface card configured with a static IP address
- In order to use Moodle email registration, notifications or another type of features you should properly set up a mail server properly at your premises with access to IMAP, POP3 and SMTP services.
- A private or a public domain name, depending on your deployment, with the proper DNS records configured for web services. If don’t have a valid or a registered domain name you can perform the installation and access the website via your server IP address
Install Apache, PHP, and MySQL
In the first step, before you start to install and configure Moodle platform, first log in to your server with root account or an account with root powers and start to update Debian system repositories and software packages by issuing the below commands.
apt update
apt upgrade
Next, after you’ve updated the system software, configure the name for your Debian server by executing the following commands. Make sure you replace the hostname variable to match your own settings, as illustrated in the below example.
hostnamectl set-hostname www.myblog.com
Then, you can verify your machine hostname and hosts file by issuing the below commands.
hostnamectl
cat /etc/hostname
hostname –s
hostname –f
In order to apply the kernel updates and apply the hostname changes, issue the below command to reboot the machine.
systemctl reboot
One of the most important LAMP components for deploying Moodle learning platform is an RDBMS database that is used by the web application to store different configurations, such as users, sessions, contacts and other data. In this tutorial, we’ll configure Moodle CMS with MariaDB database backend with loopback access to MySQL database. This means that the database can only be accessed via localhost or 127.0.0.1 address. No external connections can be made to MySQL database. In order to install MariaDB database server and client in Debian 9 server, issue the below command.
apt install mariadb-server mariadb-client
After MariaDB database has finished installing in your Debian server, issue netstat command as shown in the below example in order to check if the service is up and running and listens for connections on localhost, port 3306.
netstat –tlpn | grep mysql
In case netstat network utility is not installed by default in your Debian system, execute the below command to install it.
apt install net-tools
The MySQL root account is not properly secured in Debian 9 at installation time. You can log in to the database without a root password. In order to secure the root account, log in to MySQL server console and secure execute the following commands.
mysql -h localhost
Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 2 Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1 Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed
MariaDB [mysql]> update user set plugin=” where user=’root’;
Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]> exit
Bye
After you’ve properly enforced the database root account, execute the mysql_secure_installation script, provided by Debian stretch repositories while installing the database, in order to further secure MySQL database.The script will ask you a series of questions designed to secure MariaDB database: if you want to change MySQL root password, to remove anonymous users, to disable remote root logins and delete the test database. Execute the script by issuing the below command and assure you type yes to all questions, as shown in the below script output excerpt:
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have a root password set, so you can safely answer 'n'. Change the root password? [Y/n] y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
Finally, after you’ve secured MySQL daemon, log in to the database console and provide no password for root account. The access to the database should be denied if no password is provided for the root account, as illustrated in the below command excerpt:
mysql -h localhost -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
Logging in to MySQL database console should be granted if you provide the root password, as shown in the command sample:
mysql -h localhost -u root -p
Enter password: Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 15 Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1 Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. MariaDB [(none)]> exit Bye
Moodle CMS is a web-based application that is mostly written in PHP server-side programming language. So far we’ve installed only MySQL database component of LAMP. In order to execute the PHP file scripts of the application, a web server, such as Apache HTTP server, and a PHP processing gateway must be installed and operational in the system. In order to install Apache web server and the PHP interpreter alongside with all required PHP modules needed by the application to run properly, issue the following command in your server console.
apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-mysql php7.0-gd php7.0-opcache php7.0-json php7.0-mbstring php7.0-xml php7.0-ldap php7.0-cli php7.0-curl php7.0-ldap php7.0-zip php7.0-bcmath php-imagick php7.0-xmlrpc php7.0-soap php7.0-intl
Issue the following command in order to verify if all the installed PHP modules are enabled in your system
php7.0 –m
After Apache and PHP have been installed, test if the web server is up and running and listening for network connections on port 80 by issuing the following command with root privileges.
netstat –tlpn
From the netstat command output we can see that Apache web server is listening for incoming network connections on port 80. For the same task, you can also use the ss command, which is automatically installed, by default, in Debian 9.
ss- tulpn
In case the UFW firewall application is installed and enabled in Debian server, you should add a new rule to allow HTTP traffic to pass through the firewall by issuing the following command.
ufw allow WWW
or
ufw allow 80/tcp
In case iptables raw rules are used by the system administrator to manage Firewall rules in Debian server, add the following rules to allow port 80 inbound traffic on the firewall so that visitors can browse the online application.
apt-get install -y iptables-persistent
iptables -I INPUT -p tcp –destination-port 80 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent
systemctl enable netfilter-persistent.service
In case you are remotely managing your Debian server via SSH, make sure you add the below rule to allow incoming SSH connections to your machine.
iptables -I INPUT -p tcp –destination-port 22 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
You might also need to enable and activate the following Apache modules required by the Moodle application to run properly, by issuing the below commands.
a2enmod rewrite
systemctl restart apache2
Finally, test if Apache web server default web page can be displayed in your client’s browser by visiting your Debian machine IP address or your domain name or server FQDN via HTTP protocol, as shown in the below image. If you don’t know your machine IP address, execute ifconfig or ip a command to reveal the IP address of your server.
http://your_domain.tld
On the next step edit PHP default configuration file in order to assure that the following PHP variables are enabled and the PHP timezone setting is correctly configured and matches your system geographical location. Open /etc/php/7.0/apache2/php.ini file for editing and assure that the following lines are set up as follows. Also, initially, make a backup of PHP configuration file.
cp /etc/php/7.0/apache2/php.ini{,.backup}
nano /etc/php/7.0/apache2/php.ini
Search, edit and change the following variables in php.ini configuration file:
file_uploads = On memory_limit = 128M post_max_size = 80M upload_max_filesize = 80M default_charset = UTF-8 date.timezone = Europe/London
Increase upload_max_file_size variable as suitable to support large file attachments if that’s the case and replace the date.timezone variable accordingly to your geographical time by consulting the list of time zones provided by PHP docs at the following link http://php.net/manual/en/timezones.php
If you want to increase the load speed of your website pages via OPCache plugin available for PHP7, append the following OPCache settings at the bottom of the PHP interpreter configuration file, below the [opcache] statement, as detailed below:
nano /etc/php/7.0/apache2/conf.d/10-opcache.ini
[opcache] opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1
Close the php.ini configuration file and check if the verify the end of PHP configuration file to check if the OPCache variables had been correctly added by issuing the below command.
grep opcache /etc/php/7.0/apache2/conf.d/10-opcache.ini
After you’ve made all changes explained above, restart Apache daemon to apply the new changes by issuing the following command.
systemctl restart apache2
In order to access Moodle web interface via HTTPS protocol that will secure the traffic for your clients, issue the following command to enable Apache web server SSL module and SSL site configuration file.
a2enmod ssl
a2ensite default-ssl.conf
Next, open Apache default SSL site configuration file with a text editor and enable URL rewrite rules by adding the following lines of code after DocumentRoot directive, as shown in the below sample:
nano /etc/apache2/sites-enabled/default-ssl.conf
SSL site configuration file excerpt:
<Directory /var/www/html> Options +FollowSymlinks AllowOverride All Require all granted </Directory>
Also, make the following change to VirtualHost line to look like shown in the below excerpt:
<VirtualHost *:443>
Close the SSL Apache file and open /etc/apache2/sites-enabled/000-default.conf file for editing and add the same URL rewrite rules as for SSL configuration file. Insert the lines of code after DocumentRoot statement as shown in the below example.
<Directory /var/www/html> Options +FollowSymlinks AllowOverride All Require all granted </Directory>
Finally, restart Apache daemon to apply all rules configured so far and visit your domain via HTTP protocol. Because you’re using the automatically Self-Signed certificate pairs issued by Apache at installation time, the certificate is untrusted by the browser, an error warning should be displayed in the browser.
systemctl restart apache2
https://yourdomain.tld
Accept the warning in order to accept the untrusted certificate and continue to be redirected to Apache default web page.
In case the UFW firewall application blocks incoming network connections to HTTPS port, you should add a new rule to allow HTTPS traffic to pass through the firewall by issuing the following command.
ufw allow ‘WWW Full’
or
ufw allow 443/tcp
If iptables is the default firewall application installed to protect your Debian system at the network level, add the following rule to allow port 443 inbound traffic in the firewall so that visitors can browse your domain name.
iptables -I INPUT -p tcp –destination-port 443 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent
Finally, to display all server PHP variables, create a PHP info file by executing the following command and check if the PHP time zone has been correctly configured by visiting the PHP info script file from a browser at the following URL, as illustrated in the below image. Scroll down to the date setting to check PHP time zone configuration.
echo ‘<?php phpinfo(); ?>’| tee /var/www/html/info.php
https://domain.tld/info.php
Next, before creating the database required by Moodle to store information, first we need to make some changes to MariaDB server and set up the proper character set. Open MariaDB client configuration file and add the following line after [client] directive, as illustrated in the below sample:
nano /etc/mysql/mariadb.conf.d/50-client.cnf
[client] # Default is Latin1, if you need UTF-8 set this (also in server section) default-character-set = utf8mb4
Next, open mysql.cnf file and add the same line as above after [mysql] statement:
nano /etc/mysql/conf.d/mysql.cnf
mysql.cnf file excerpt:
default-character-set = utf8mb4
Open for editing MariaDB server configuration file and add the below lines after [mysqld] statement to ensure that MySQL engine innodb uses Barracuda file format and utf8mb4 character set.
nano /etc/mysql/mariadb.conf.d/50-server.cnf
50-server.cnf file excerpt:
[mysqld] innodb_file_format = Barracuda innodb_file_per_table = 1 innodb_large_prefix character-set-server = utf8mb4 collation-server = utf8mb4_unicode_ci skip-character-set-client-handshake
In order to apply all changes made so far to the database, restart the MySQL daemon and verify if the service is running by issuing the following commands.
systemctl restart mysql
systemctl status mysql
Finally, log in to the MariaDB database console and create a database for application with a user and a password that will be used to manage the application database, by issuing the following commands. Make sure you replace the database name, user and password accordingly.
mysql –u root -p
Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 2 Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1 Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE moodle_db;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on moodle_db.* to ‘moodle_user’@’localhost’ identified by ‘password1234’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
Install Moodle
After all system requirements are met to install the Moodle CMS application, visit Moodle official download page at https://download.moodle.org/releases/latest/ and grab the latest zip compressed archive in your system by issuing the below command.
wget https://download.moodle.org/download.php/direct/stable34/moodle-latest-34.zip
After the zip archive download finishes, extract Moodle zip archive file to your current working directory and list the extracted files by issuing the below commands. Also, remove the default index.html file installed by Apache web server to webroot path and also delete the info.php file created earlier.
unzip moodle-latest-34.zip
ls
rm /var/www/html/index.html
rm /var/www/html/info.php
Then, copy all the content of Moodle extracted directory to your web server document root path by issuing the following command. Also, make sure you copy the following hidden dot files to webroot path.
cp -rf moodle/* /var/www/html/
cp -rf moodle/.eslint* /var/www/html/
cp -rf moodle/.gherkin-lintrc /var/www/html/
cp -rf moodle/.jshintrc /var/www/html/
cp -rf moodle/.s* /var/www/html/
cp -rf moodle/.travis.yml /var/www/html/
Next, create the data directory for Moodle one level up to your server document root and execute the below commands in order to grant Apache runtime user with full write permissions to the web root path and moodle data directory. Use ls command to list permissions for application’s installed files, located in /var/www/html/ directory.
mkdir /var/www/moodledata
chown -R www-data:www-data /var/www/moodledata/
chown -R www-data:www-data /var/www/html/
ls -al /var/www/html/
Now let’s start installing Moodle CMS via the web interface installer. Open a browser and navigate to your server IP address or domain name via HTTPS protocol. On the first installation screen, choose the installation language and press on Next button to continue.
On the next screen, the installer will ask you to confirm the web server address, the moodle directory path and moodle data directory path. Leave the first two paths variables as default and add /var/www/moodledata for Moodle Data directory path, as illustrated in the below image. Hit on Next button to continue.
On the next screen, select MariaDB (native/madiadb) as database driver and hit on Next button to continue the installation process.
Next, add you Database settings, such as database host, name, user, and password. Use the database name and credentials configured earlier for the Moodle database.
Database host should be set to localhost. Add your own database table prefix, use 3306 as database port and hit on Next button to complete this step and continue the installation process.
On the next screen, read Moodle license terms and conditions and hit on Continue button to confirm the license terms.
Next, the Moodle installation script will perform a series of server checks in order to determine if all requirements are meet for continuing the installation process. Check if all database and PHP extensions are set to OK, scroll down to the bottom of the page and hit on Continue button to move forward with the installation process.
Next, wait while the installer finishes installing a series of modules and hit on Continue button again to move to the next step.
In the next step, add a Moodle administrator account, choose a strong password for this account and fill all account information, such as First name, Surname, email, City, Country, Timezone, and description. When you finish hit on Update profile button to save admin account information.
Next, set up the full site name, add a short site name and a front page summary, scroll down and hit in Save changes button to complete the installation process.
After completing the installation process, you will be redirected to the Moodle administration dashboard. Here you can use the registration form to register the application with Moodle.net portal.
In order to access Moodle frontend page, open a browser and navigate to your server IP address or domain name via HTTPS protocol.
Finally, return to Debian server console and create a .htaccess file that will be located in your website document root path, by issuing the below command.
nano /var/www/html/.htaccess
In .htaccess file, add the below lines so that you can manipulate the native PHP server settings to match your own server resources and configurations.
.htaccess file excerpt:
# Modify PHP settings
php_value register_globals 1 php_value upload_max_filesize 100M php_value post_max_size 100M Options -Indexes
Install cron
In order to periodically run the Moodle maintenance script that sends out emails, cleans up the database, updates feeds or other tasks, add the below cron job to run every 10 minutes, by issuing the below command.
crontab -u www-data -e
Add the following line and save the cronjob.
*/10 * * * * /usr/bin/php7.0 /var/www/html/admin/cli/cron.php >/dev/null
Congratulations! You have successfully installed and configured Moodle CMS in Debian 9 server. Moodle documentation page can be found at the following address: https://docs.moodle.org/23/en/Main_page