How to Install Moodle eLearning Platform on Rocky Linux 8

Moodle is a free, open-source, online Learning Management System (LMS). It allows educators to create a fully functional website for educational courses complete with an online classroom experience. It is written in PHP. It provides a rich set of features including, wiki, grading, assignment submission, online quizzes, discussion boards, and more.

This guide explains how to install Moodle on a Rocky Linux 8 server.

Prerequisites

  • A server running Rocky Linux 8.

  • A domain name pointing to the server. For our tutorial, we will use the moodle.example.com domain.

  • A non-root user with sudo privileges.

  • Make sure everything is updated.

    $ sudo dnf update
    
  • Install basic utility packages. Some of them may already be installed.

    $ sudo dnf install wget curl nano unzip yum-utils -y
    

Step 1 - Configure Firewall

The first step is to configure the firewall. Rocky Linux uses Firewalld Firewall. Check the firewall's status.

$ sudo firewall-cmd --state
running

The firewall works with different zones, and the public zone is the default one that we will use. List all the services and ports active on the firewall.

$ sudo firewall-cmd --permanent --list-services

It should show the following output.

cockpit dhcpv6-client ssh

Moodle needs HTTP and HTTPS ports to function. Open them.

$ sudo firewall-cmd --add-service=http --permanent
$ sudo firewall-cmd --add-service=https --permanent

Reload the firewall to apply the changes.

$ sudo firewall-cmd --reload

Step 2 - Install Git

Git is required by Moodle to grab the application files. Install Git.

$ sudo dnf install git

Step 3 - Install and Configure PHP

We need to install PHP 8.0 for Moodle to work for our tutorial. The first step is to grab the Epel repository.

$ sudo dnf install epel-release

Next, install the Remi repository.

$ sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm

Check for available PHP streams.

$ dnf module list php -y
Rocky Linux 8 - AppStream
Name                Stream                 Profiles                                 Summary
php                 7.2 [d]                common [d], devel, minimal               PHP scripting language
php                 7.3                    common [d], devel, minimal               PHP scripting language
php                 7.4                    common [d], devel, minimal               PHP scripting language
php                 8.0                    common [d], devel, minimal               PHP scripting language

Remi's Modular repository for Enterprise Linux 8 - x86_64
Name                Stream                 Profiles                                 Summary
php                 remi-7.2               common [d], devel, minimal               PHP scripting language
php                 remi-7.3               common [d], devel, minimal               PHP scripting language
php                 remi-7.4               common [d], devel, minimal               PHP scripting language
php                 remi-8.0               common [d], devel, minimal               PHP scripting language
php                 remi-8.1               common [d], devel, minimal               PHP scripting language

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

The default version is 7.2. Enable Remi's PHP 8.0 repository.

$ sudo dnf module reset php -y
$ sudo dnf module enable php:remi-8.0

Install PHP and the required extensions required by Moodle.

$ sudo dnf install graphviz aspell ghostscript clamav php-fpm php-iconv php-curl php-mysqlnd php-cli php-mbstring php-xmlrpc php-soap php-zip php-gd php-xml php-intl php-json php-sodium php-opcache

Verify the installation.

$ php --version
PHP 8.0.21 (cli) (built: Jul  6 2022 10:13:53) ( NTS gcc x86_64 )
Copyright (c) The PHP Group
Zend Engine v4.0.21, Copyright (c) Zend Technologies
    with Zend OPcache v8.0.21, Copyright (c), by Zend Technologies

Open the php.ini file for editing.

$ sudo nano /etc/php.ini

Change the values of the following variables to set the mail attachment size to 25MB.

upload_max_filesize = 25M
post_max_size = 25M

Next, uncomment the variable max_input_vars by removing the semi-colon in front of it and changing its value to 5000.

max_input_vars = 5000

Save the file by pressing Ctrl + X and entering Y when prompted.

Open the file /etc/php-fpm.d/www.conf.

$ sudo nano /etc/php-fpm.d/www.conf

Find the user=apache and group=apache lines in the file and change them as follows.

...
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
...

Next, uncomment the socket file owner, group, and default permission line and alter them as shown below.

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

Next, comment out the following line as shown by putting a semi-colon in front of it.

;listen.acl_users = apache,nginx

Save the file by pressing Ctrl + X and entering Y when prompted.

Give proper permissions to the PHP session directory.

$ chown -R nginx:nginx /var/lib/php/session/

Enable and start the PHP-FPM service.

$ sudo systemctl enable php-fpm --now

Step 4 - Install and Configure MySQL

Install MySQL server.

$ sudo dnf install mysql-server

Confirm the installation by checking the version.

$ mysql --version
mysql  Ver 8.0.26 for Linux on x86_64 (Source distribution)

Enable and start the MySQL service.

$ sudo systemctl enable mysqld --now

Run the Secure installation script.

$ sudo mysql_secure_installation

You will receive several prompts. The first prompt will ask whether you want to install the Validate Password Plugin. Press Y to install the plugin. Choose 2 as its security level which will require your password to be at least 8 characters long and include a mix of uppercase, lowercase, numeric, and special characters.

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: (Press Y)

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: (Type 2)

Next, you will be asked to create a strong root password. Make sure your password matches the requirements of the Validate plugin.

Please set the password for root here.

New password:

Re-enter new password:

Next, you will be asked several prompts relating to increasing the security of the database. Press Y in each prompt.

Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : (Press Y)
Remove anonymous users? (Press y|Y for Yes, any other key for No) : (Press Y)
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : (Press Y)
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : (Press Y)
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : (Press Y)
Success.

All done!

Log in to the MariaDB shell.

$ sudo mysql

Create a database for Moodle.

mysql > CREATE DATABASE moodledb DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

Create an SQL user to access the database. Replace YourPassword23! with a password of your choice.

mysql > create user 'moodleuser'@'localhost' IDENTIFIED BY 'YourPassword23!';

Grant moodleuser access to the database.

mysql > GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,CREATE TEMPORARY TABLES,DROP,INDEX,ALTER ON moodledb.* TO 'moodleuser'@'localhost';

Reload the privilege table.

mysql > FLUSH PRIVILEGES;

Exit the shell.

mysql > exit

Step 5 - Install Nginx

Rocky Linux ships with an older version of Nginx. You need to download the official Nginx repository to install the latest version.

Create and open the /etc/yum.repos.d/nginx.repo file for creating the official Nginx repository.

$ sudo nano /etc/yum.repos.d/nginx.repo

Paste the following code in it.

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

Save the file by pressing Ctrl + X and entering Y when prompted.

Install the Nginx server.

$ sudo dnf install nginx

Verify the installation.

$ nginx -v
nginx version: nginx/1.22.0

Step 6 - Install Moodle

Create the public directory for Moodle.

$ sudo mkdir /var/www/html/moodle

Give permission to the logged-in user to access the directory.

$ sudo chown -R $USER:$USER /var/www/html/moodle

Switch to the public directory.

$ cd /var/www/html/moodle

Clone the Moodle Github repository.

$ git clone https://github.com/moodle/moodle.git .

Check the list of available branches.

$ git branch -a

For now, MOODLE_400_STABLE is the latest available version. Create a local branch called MOODLE_400_STABLE and set it to track the remote branch.

$ git branch --track MOODLE_400_STABLE origin/MOODLE_400_STABLE

Switch to the newly created local branch.

$ git checkout MOODLE_400_STABLE

Create a data directory for Moodle.

$ sudo mkdir /var/moodledata

Give proper permissions to the Moodle data directory.

$ sudo chown -R nginx /var/moodledata
$ sudo chmod -R 775 /var/moodledata

Give write permissions on the Moodle directory.

$ sudo chmod -R 755 /var/www/html/moodle

Step 7 - Configure Moodle

Switch to the Moodle directory.

$ cd /var/www/html/moodle

Copy the sample configuration file to create the Moodle configuration file.

$ cp config-dist.php config.php

Open the configuration file for editing.

$ nano config.php

Lok for the database configuration section, then configure the database where all Moodle data will be stored, as shown below.

$CFG->dbtype    = 'mysqli';      // 'pgsql', 'mariadb', 'mysqli', 'auroramysql', 'sqlsrv' or 'oci'
$CFG->dblibrary = 'native';     // 'native' only at the moment
$CFG->dbhost    = 'localhost';  // eg 'localhost' or 'db.isp.com' or IP
$CFG->dbname    = 'moodledb';     // database name, eg moodle
$CFG->dbuser    = 'moodleuser';   // your database username
$CFG->dbpass    = 'YourPassword23!';   // your database password
$CFG->prefix    = 'mdl_';       // prefix to use for all table names

Also, configure the location of the Moodle domain name and the data directory.

$CFG->wwwroot   = 'https://moodle.example.com';
$CFG->dataroot  = '/var/moodledata';

Save the file by pressing Ctrl + X and entering Y when prompted.

Step 8 - Install SSL

Certbot tool generates SSL certificates using Let's Encrypt API. It requires the EPEL repository but since we have it installed, we can proceed directly. Issue the following command to install it.

$ sudo dnf install certbot

Generate the SSL certificate.

$ sudo certbot certonly --standalone --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m [email protected] -d moodle.example.com

The above command will download a certificate to the /etc/letsencrypt/live/moodle.example.com directory on your server.

Generate a Diffie-Hellman group certificate.

$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096

Create a challenge web root directory for Let's Encrypt auto-renewal.

$ sudo mkdir -p /var/lib/letsencrypt

Create a Cron Job to renew the SSL. It will run every day to check the certificate and renew it if needed. For that, first, create the file /etc/cron.daily/certbot-renew and open it for editing.

$ sudo nano /etc/cron.daily/certbot-renew

Paste the following code.

#!/bin/sh
certbot renew --cert-name moodle.example.com --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"

Save the file by pressing Ctrl + X and entering Y when prompted.

Change the permissions on the task file to make it executable.

$ sudo chmod +x /etc/cron.daily/certbot-renew

Step 9 - Configure Nginx

Create and open the file /etc/nginx/conf.d/moodle.conf for editing.

$ sudo nano /etc/nginx/conf.d/moodle.conf

Paste the following code in it.

# Redirect all non-encrypted to encrypted
server {
    listen 80;
    listen [::]:80;
    server_name moodle.example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    
    server_name moodle.example.com;
    root   /var/www/html/moodle;
    index  index.php;

    ssl_certificate     /etc/letsencrypt/live/moodle.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/moodle.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/moodle.example.com/chain.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

    access_log /var/log/nginx/moodle.access.log main;
    error_log  /var/log/nginx/moodle.error.log;
    
    client_max_body_size 25M;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    location ~ ^(.+\.php)(.*)$ {
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_index index.php;
        fastcgi_pass unix:/run/php-fpm/www.sock;
        include /etc/nginx/mime.types;
        include fastcgi_params;
        fastcgi_param  PATH_INFO  $fastcgi_path_info;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
    
    # Hide all dot files but allow "Well-Known URIs" as per RFC 5785
	location ~ /\.(?!well-known).* {
    	return 404;
	}
 
	# This should be after the php fpm rule and very close to the last nginx ruleset.
	# Don't allow direct access to various internal files. See MDL-69333
	location ~ (/vendor/|/node_modules/|composer\.json|/readme|/README|readme\.txt|/upgrade\.txt|db/install\.xml|/fixtures/|/behat/|phpunit\.xml|\.lock|environment\.xml) {
     	deny all;
	    return 404;
	}
}

Once finished, save the file by pressing Ctrl + X and entering Y when prompted.

Open the file /etc/nginx/nginx.conf for editing.

$ sudo nano /etc/nginx/nginx.conf

Add the following line before the line include /etc/nginx/conf.d/*.conf;.

server_names_hash_bucket_size  64;

Save the file by pressing Ctrl + X and entering Y when prompted.

Verify the Nginx configuration file syntax.

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Enable and start the Nginx service to enable the new configuration.

$ sudo systemctl enable nginx --now

If you get the following error, then it is most probably due to SELinux Restrictions.

nginx: [emerg] open() "/var/run/nginx.pid" failed (13: Permission denied)

To fix the error, run the following commands.

$ sudo ausearch -c 'nginx' --raw | audit2allow -M my-nginx
$ sudo semodule -X 300 -i my-nginx.pp

Start the Nginx service again.

$ sudo systemctl start nginx

Step 10 - Configure SELinux

Change the file security context for Moodle's web and data directory.

$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/moodle'
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/moodledata'
$ sudo restorecon -Rv '/var/www/html/moodle'
$ sudo restorecon -Rv '/var/moodledata'

Configure SELinux to allow network connections from Moodle.

$ sudo setsebool -P httpd_can_network_connect on

Step 11 - Completing Moodle Installation

Open the URL https://moodle.example.com in your browser and you will be presented with the following welcome screen.

Moodle Welcome Page

Press the Continue button to proceed. Next, the installer will check for system requirements.

Moodle System Requirements

If everything is ok, then scroll down and click the Continue button to proceed with the installation of files and database setup.

Moodle Install Page

Click the Continue button once the installation is complete. Next, create an administrator account by filling in the account details as requested.

Moodle Administrator Account Setup

Once finished, scroll down to the page and click Update profile to proceed.

Moodle Administrator Account Update

Next, you will be asked to configure Moodle's front page settings.

Moodle Site Home Settings

Configure it as per requirements and click Save changes to proceed to the Moodle dashboard. Next, click on the Skip link at the bottom if you don't want to register your Moodle site with the company.

Moodle Dashboard

Now, you can start using the learning platform.

Conclusion

This concludes our tutorial on installing Moodle learning platform on a Rocky Linux 8 server. If you have any questions, post them in the comments below.

Share this page:

0 Comment(s)