On this page:
The following are the specs where the eLearning Moodle instance has been installed and tested. Please try to recreate the following environment as close as possible to ensure the correct functionality of all components.
Hardware Specs
These specs belong to a t3.medium EC2 machine
Item | Value | Notes |
|---|---|---|
vCPUs | 2 |
|
RAM | 4 GiB |
|
SSD Storage | 50 GiB | If on AWS: gp3 volume |
Software Specs
Item | Version | Notes |
|---|---|---|
Ubuntu OS | ubuntu-noble-24.04-amd64-server-20240801 |
|
Nginx Web Server | 1.24.0 (Ubuntu) |
|
Docker Virtualization Software | 27.2.1 (build 9e34c9b) |
|
Certbot | 2.11.0 | Generates and automatically renews SSL certificates. |
Unzip | Latest | Required to decompress .zip files |
Open ports
Item | Notes |
|---|---|
80 | Certbot needs this port open for generating and the renewal of SSL certificates. |
443 | HTTPS port |
22 | SSH access |
Make sure to install nginx before generating an SSL certificate using Certbot, as Certbot can automatically install the certificate and make all the required configurations on nginx. This guide makes use of that functionality.
Certbot - SSL Certificate
Having an SSL certificate ensures a secured connection between users and the server, and that no data is compromised while it is traveling over the internet. This allows users to connect using HTTPS protocol over the port 443.
This guide assumes the server already has a domain and the necessary DNS record/s have been created.
Open ports 80 and 443, belonging to HTTP and HTTPS respectively. Port 22 is also required.
Connect via SSH to the server with a user with sudo privileges.
Install Certbot
sudo snap install --classic certbot
Prepare the Certbot command
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Generate the certificate, this will also automatically edit the nginx configuration to serve it.
sudo certbot --nginx
Certbot will ask some questions, like an email to send notifications about certificate renewals.
After the initial questions, Certbot will ask for the domain names to issue the certificate. It will try to access the server over port 80 using the domain name, so it’s imperative the DNS records are already configured.
Test that Certbot is capable of renewing the certificate, otherwise after a couple of months it will expire and users will lose access to the services.
sudo certbot renew --dry-run
Official installation guide: https://certbot.eff.org/instructions?ws=nginx&os=snap
Official documentation: https://eff-certbot.readthedocs.io/en/stable/
Nginx Configuration
It is recommended to install the SSL certificate using Certbot before going through this section of the configuration.
NiFi by default runs on port 8443, similarly, Superset runs on port 8088. However, to have a secured connection users should only be able to connect through port 443, where the SSL certificate is served.
Nginx will act as a reverse-proxy and redirect users requests that come through port 443 to the correct destinations.
Nginx configuration file can be edited using the following command:
nano /etc/nginx/sites-enabled/default
Search for the server bracket that is listening to port 443. Certbot configuration can be found here.
Edit and add the locations to redirect traffic.
location / { proxy_pass http://localhost:8080; proxy_redirect off; }
The above configuration will make Moodle accessible by using the base domain (https://exampledomain.com)
The following is a complete example of the file:
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name dev.p2zwe.psidigital.org; # managed by Certbot
location / {
proxy_pass http://localhost:8080;
proxy_redirect off;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/dev.p2zwe.psidigital.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev.p2zwe.psidigital.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = dev.p2zwe.psidigital.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name dev.p2zwe.psidigital.org;
return 404; # managed by Certbot
}
Remember that after any modification to a nginx configuration file, its is required to restart the service.
systemctl restart nginx
Docker Configuration
Please refer to the Docker official documentation for instructions on how to install Docker:
https://docs.docker.com/engine/install/ubuntu/#install-using-the-repositoryUnzip
Install unzip with the following command:
sudo apt-get install unzip