From 731a3858b1deda0858740d3e35816249bf6006d3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Jun 2021 14:02:16 -0500 Subject: [PATCH 01/24] drop apache --- roles/moodle/tasks/install.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 4bbd6cd20..370bff894 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -8,14 +8,14 @@ # (as required by Moodle's CLI installer) AND THIRDLY below (for now, until # Moodle's ported to NGINX!) in /etc/php/{{ php_version }}/apache2/php.ini -- name: "Set 'apache_install: True' and 'apache_enabled: True'" - set_fact: - apache_install: True - apache_enabled: True +#- name: "Set 'apache_install: True' and 'apache_enabled: True'" +# set_fact: +# apache_install: True +# apache_enabled: True -- name: APACHE - run 'httpd' role - include_role: - name: httpd +#- name: APACHE - run 'httpd' role +# include_role: +# name: httpd - name: "Enact the equivalent of 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini for Moodle 3.11+" lineinfile: From 4545856f88d471cd1ae8f8adac8973ca71167c79 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Jun 2021 14:05:19 -0500 Subject: [PATCH 02/24] more apache --- roles/moodle/tasks/install.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 370bff894..34390ecc1 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -98,16 +98,16 @@ group: "{{ apache_user }}" #mode: '0770' # Regardless, permissions end up as: drwxrwsrwx -- name: Remove stock /etc/{{ apache_conf_dir }}/moodle.conf - file: - path: "/etc/{{ apache_conf_dir }}/moodle.conf" # apache2/sites-available - state: absent +#- name: Remove stock /etc/{{ apache_conf_dir }}/moodle.conf +# file: +# path: "/etc/{{ apache_conf_dir }}/moodle.conf" # apache2/sites-available +# state: absent # 2021-02-01: Not nec if we can hopefully migrate from Apache to NGINX soon! -- name: Install /etc/{{ apache_conf_dir }}/022-moodle.conf from template - template: - src: 022-moodle.j2 - dest: "/etc/{{ apache_conf_dir }}/022-moodle.conf" +#- name: Install /etc/{{ apache_conf_dir }}/022-moodle.conf from template +# template: +# src: 022-moodle.j2 +# dest: "/etc/{{ apache_conf_dir }}/022-moodle.conf" # roles/postgresql/templates/postgresql-iiab.service WAS INSTALLED HERE: # /etc/systemd/system/postgresql-iiab.service @@ -148,10 +148,10 @@ state: restarted #enabled: yes # Service ends up enabled regardless -- name: (Re)Start '{{ apache_service }}' systemd service - systemd: - name: "{{ apache_service }}" - state: restarted +#- name: (Re)Start '{{ apache_service }}' systemd service +# systemd: +# name: "{{ apache_service }}" +# state: restarted - name: Does {{ moodle_base }}/config.php exist? stat: From fe933dccb3fb12627a705fea4fc1e705f7a9454c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Jun 2021 14:09:53 -0500 Subject: [PATCH 03/24] more apache2 --- roles/moodle/tasks/main.yml | 4 ++-- .../{022-moodle.j2 => 022-moodle.jv.unused} | 0 roles/moodle/templates/moodle-nginx.conf.j2 | 21 +++++++++++-------- .../templates/moodle-nginx.conf.j2.native | 16 -------------- .../templates/moodle-nginx.conf.j2.unused | 13 ++++++++++++ 5 files changed, 27 insertions(+), 27 deletions(-) rename roles/moodle/templates/{022-moodle.j2 => 022-moodle.jv.unused} (100%) delete mode 100644 roles/moodle/templates/moodle-nginx.conf.j2.native create mode 100644 roles/moodle/templates/moodle-nginx.conf.j2.unused diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 621e30fb4..1a618363b 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -39,8 +39,8 @@ name: postgresql -- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache - include_tasks: apache.yml +#- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache +# include_tasks: apache.yml - name: Enable/Disable/Restart NGINX include_tasks: nginx.yml diff --git a/roles/moodle/templates/022-moodle.j2 b/roles/moodle/templates/022-moodle.jv.unused similarity index 100% rename from roles/moodle/templates/022-moodle.j2 rename to roles/moodle/templates/022-moodle.jv.unused diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index eea1b9f39..bbf2fabe0 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -1,13 +1,16 @@ -location /moodle { +location ^/moodle { + alias /opt/iiab/moodle; + try_files $uri $uri/ index.php =404; +} +location ~ /moodle/(.*)\.php { + root /opt/iiab/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:{{ apache_port }}; -} - -location ~ ^/moodle.*\.php$ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:{{ apache_port }}; + include fastcgi_params; + fastcgi_index index.php; + fastcgi_pass php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; } diff --git a/roles/moodle/templates/moodle-nginx.conf.j2.native b/roles/moodle/templates/moodle-nginx.conf.j2.native deleted file mode 100644 index bbf2fabe0..000000000 --- a/roles/moodle/templates/moodle-nginx.conf.j2.native +++ /dev/null @@ -1,16 +0,0 @@ -location ^/moodle { - alias /opt/iiab/moodle; - try_files $uri $uri/ index.php =404; -} -location ~ /moodle/(.*)\.php { - root /opt/iiab/; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - include fastcgi_params; - fastcgi_index index.php; - fastcgi_pass php; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; -} diff --git a/roles/moodle/templates/moodle-nginx.conf.j2.unused b/roles/moodle/templates/moodle-nginx.conf.j2.unused new file mode 100644 index 000000000..eea1b9f39 --- /dev/null +++ b/roles/moodle/templates/moodle-nginx.conf.j2.unused @@ -0,0 +1,13 @@ +location /moodle { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:{{ apache_port }}; +} + +location ~ ^/moodle.*\.php$ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:{{ apache_port }}; +} From c2e9f670cc7f38b5a849db0af3ec252e65a684eb Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Jun 2021 15:44:39 -0500 Subject: [PATCH 04/24] upstream --- roles/moodle/templates/moodle-nginx.conf.j2 | 26 ++++++++++++--------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index bbf2fabe0..a33974474 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -1,16 +1,20 @@ location ^/moodle { - alias /opt/iiab/moodle; - try_files $uri $uri/ index.php =404; + alias {{ moodle_base }}; + try_files $uri $uri/ index.php =404; } -location ~ /moodle/(.*)\.php { - root /opt/iiab/; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; + +location /moodle/dataroot/ { + internal; + alias {{ moodle_data }}; +} + +location ~ /moodle/[^/]\.php(/|$) { include fastcgi_params; - fastcgi_index index.php; - fastcgi_pass php; fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_read_timeout 300; + fastcgi_pass php; + fastcgi_index index.php; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; + fastcgi_param PHP_VALUE "max_execution_time={{ max_execution_time }}\n upload_max_filesize={{ upload_max_filesize }}\n post_max_size={{ post_max_size }}\n max_input_vars={{ max_input_vars }}"; } From 352743dc0451fdc912c3a9d2e3b97fcae920e91e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Jun 2021 23:38:42 -0500 Subject: [PATCH 05/24] full path to fastcgi_params - apt managed file --- roles/moodle/templates/moodle-nginx.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index a33974474..9a754f656 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -9,7 +9,7 @@ location /moodle/dataroot/ { } location ~ /moodle/[^/]\.php(/|$) { - include fastcgi_params; + include /etc/nginx/fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_read_timeout 300; fastcgi_pass php; From db04ff3852ce393e201dbd79537389e9b2c8a07e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Jun 2021 23:47:38 -0500 Subject: [PATCH 06/24] list from moodlebox --- roles/moodle/tasks/install.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 34390ecc1..8ff16ba1c 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -47,6 +47,8 @@ - name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) package: name: + - php-apcu + - ghostscript - libsodium23 # 2021-06-28: Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND wordpress/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' #- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml #- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. @@ -55,9 +57,12 @@ - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - php{{ php_version }}-pgsql # 2021-06-27: Required for PostgreSQL + - php{{ php_version }}-json + - php{{ php_version }}-opcache + - php{{ php_version }}-readline - php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+ - php{{ php_version }}-xml # 2021-06-28: Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} - #- php{{ php_version }}-xmlrpc # 2021-06-27: Required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc + - php{{ php_version }}-xmlrpc # 2021-06-27: Required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present From 189e8d28e109bc6a51a7a4adc46bb8ce8c6d151e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 29 Jun 2021 00:34:13 -0500 Subject: [PATCH 07/24] hardcode --- roles/moodle/templates/moodle-nginx.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index 9a754f656..b1fe7ef7f 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -16,5 +16,5 @@ location ~ /moodle/[^/]\.php(/|$) { fastcgi_index index.php; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; - fastcgi_param PHP_VALUE "max_execution_time={{ max_execution_time }}\n upload_max_filesize={{ upload_max_filesize }}\n post_max_size={{ post_max_size }}\n max_input_vars={{ max_input_vars }}"; + fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000"; } From 967deea724fb0ea41f3ba7ed889c00a42780cf5a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 1 Jul 2021 01:18:12 -0500 Subject: [PATCH 08/24] nginx need group set to www-data --- roles/moodle/tasks/install.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 8ff16ba1c..746d83a0a 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -87,6 +87,8 @@ state: directory path: "{{ moodle_base }}" owner: "{{ apache_user }}" # www-data + group: "{{ apache_user }}" + mode: u+rw,g+r,o+r # '0755' forced executable bits on files recurse: yes - name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }} From 91774aff3ac2f1196f5edaf99e0e5f7f86159c78 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 1 Jul 2021 01:19:22 -0500 Subject: [PATCH 09/24] login works nginx.conf --- roles/moodle/templates/moodle-nginx.conf.j2 | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index b1fe7ef7f..6ac1a9955 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -1,20 +1,21 @@ -location ^/moodle { - alias {{ moodle_base }}; - try_files $uri $uri/ index.php =404; -} - -location /moodle/dataroot/ { +location ~ ^/moodle/dataroot/ { internal; alias {{ moodle_data }}; } -location ~ /moodle/[^/]\.php(/|$) { - include /etc/nginx/fastcgi_params; +location ~ ^/moodle(.*)\.php(.*)$ { + alias {{ moodle_base }}$1.php$2; + include fastcgi.conf; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_read_timeout 300; fastcgi_pass php; fastcgi_index index.php; fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000"; } + + +location ~ ^/moodle/ { + root {{ iiab_base }}; +} From 930cf691e4c6992aac97a4991fe1ba953bb911e7 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 1 Jul 2021 12:08:39 -0500 Subject: [PATCH 10/24] remove useless recently added change --- roles/moodle/tasks/install.yml | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 746d83a0a..1ffceff88 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -17,22 +17,6 @@ # include_role: # name: httpd -- name: "Enact the equivalent of 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini for Moodle 3.11+" - lineinfile: - path: /etc/php/{{ php_version }}/{{ apache_service }}/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/cli/php.ini - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - -# Apache's restarted prior to moodle_installer below, so no need right here! - - - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" set_fact: postgresql_install: True From c9ae808a6f1586d602e6af43094eec4e60c4aa18 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 2 Jul 2021 11:15:56 -0400 Subject: [PATCH 11/24] Experimental tightening up of Moodle on NGINX --- roles/moodle/defaults/main.yml | 4 +-- roles/moodle/tasks/install.yml | 17 ++++++------ roles/moodle/templates/moodle-nginx.conf.j2 | 30 ++++++++++++--------- 3 files changed, 29 insertions(+), 22 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 367af9fa8..9de4aee06 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -1,5 +1,5 @@ -# If using Moodle intensively, consider setting nginx_high_php_limits in: -# /etc/iiab/local_vars.yml +# 2021-07-02 WARNING: Stage 4's roles/www_options/tasks/main.yml FORCES +# (the equivalent of) 'nginx_high_php_limits: True' if 'moodle_install: True' # moodle_install: False # moodle_enabled: False diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 1ffceff88..95e700fa5 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -5,8 +5,8 @@ # should take advantage of soon, as it transitions from Apache to Moodle: #2785 # 2021-06-28: This ALSO now happens in /etc/php/{{ php_version }}/cli/php.ini -# (as required by Moodle's CLI installer) AND THIRDLY below (for now, until -# Moodle's ported to NGINX!) in /etc/php/{{ php_version }}/apache2/php.ini +# (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!) + #- name: "Set 'apache_install: True' and 'apache_enabled: True'" # set_fact: @@ -17,6 +17,7 @@ # include_role: # name: httpd + - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" set_fact: postgresql_install: True @@ -31,8 +32,8 @@ - name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) package: name: - - php-apcu - - ghostscript + #- php-apcu # 2021-07-02: Experiment with fewer dependencies + - ghostscript # 2021-07-02: OPTIONAL -- but useful for annotation of PDF's / assignments - libsodium23 # 2021-06-28: Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND wordpress/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' #- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml #- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. @@ -41,12 +42,12 @@ - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - php{{ php_version }}-pgsql # 2021-06-27: Required for PostgreSQL - - php{{ php_version }}-json - - php{{ php_version }}-opcache - - php{{ php_version }}-readline + #- php{{ php_version }}-json # 2021-07-02: Not requested by Moodle's PHP doc above. Package baked into PHP 8+. FWIW with PHP < 8, phpX.Y-json is already auto-installed by phpX.Y-fpm in 3-base-server's nginx/tasks/install.yml + #- php{{ php_version }}-opcache # 2021-07-02: Experiment with fewer dependencies + #- php{{ php_version }}-readline # 2021-07-02: Experiment with fewer dependencies - php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+ - php{{ php_version }}-xml # 2021-06-28: Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} - - php{{ php_version }}-xmlrpc # 2021-06-27: Required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc + #- php{{ php_version }}-xmlrpc # 2021-07-02: Doesn't exist with PHP 8.0 -- officially required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index 6ac1a9955..607619f0b 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -1,21 +1,27 @@ -location ~ ^/moodle/dataroot/ { - internal; - alias {{ moodle_data }}; -} +#location ~ ^/moodle/dataroot/ { +# internal; +# alias {{ moodle_data }}; +#} location ~ ^/moodle(.*)\.php(.*)$ { alias {{ moodle_base }}$1.php$2; - include fastcgi.conf; + fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_read_timeout 300; - fastcgi_pass php; fastcgi_index index.php; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; - fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000"; + fastcgi_pass php; + + #include fastcgi.conf; + include fastcgi_params; + + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + + #fastcgi_read_timeout 300; + + # Uncomment to override /etc/php//fpm/php.ini (AND .../cli/php.ini) + #fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000"; } - -location ~ ^/moodle/ { +location ~ ^/moodle { root {{ iiab_base }}; } From cce83897c789f9a26410a5f62986310fa3716829 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 2 Jul 2021 12:52:51 -0400 Subject: [PATCH 12/24] moodle-nginx.conf.j2: "fastcgi_read_timeout 300;" etc --- roles/moodle/templates/moodle-nginx.conf.j2 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index 607619f0b..c52957bde 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -10,15 +10,15 @@ location ~ ^/moodle(.*)\.php(.*)$ { fastcgi_index index.php; fastcgi_pass php; - #include fastcgi.conf; - include fastcgi_params; + fastcgi_read_timeout 300; # Default is 60s + include fastcgi_params; # fastcgi.conf also works fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; - #fastcgi_read_timeout 300; - - # Uncomment to override /etc/php//fpm/php.ini (AND .../cli/php.ini) + # Uncomment to override /etc/php//fpm/php.ini -- FYI Stage 4's + # roles/www_options/tasks/main.yml FORCES these same settings and more + # (equivalent to 'nginx_high_php_limits: True') when 'moodle_install: True' #fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000"; } From 551d8633a2ee0b4611c74e71a534b83b04aa6852 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 2 Jul 2021 13:42:19 -0400 Subject: [PATCH 13/24] moodle/tasks/install.yml: Link to moodlebox.net's great pkg list --- roles/moodle/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 95e700fa5..b5943b10f 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -28,8 +28,10 @@ name: postgresql +# 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: # https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries -- name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) +# https://github.com/moodlebox/moodlebox/blob/master/roles/packages/vars/main.yml +- name: Install ghostscript + libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) package: name: #- php-apcu # 2021-07-02: Experiment with fewer dependencies From 89da8c9db9bec2ab7ab6f3f718a9fb712a3d2dae Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 2 Jul 2021 14:37:00 -0400 Subject: [PATCH 14/24] moodle-nginx.conf.j2: Link to 2 critical pages for ongoing maintenance --- roles/moodle/templates/moodle-nginx.conf.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index c52957bde..2f19718e4 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -1,3 +1,7 @@ +# 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: +# https://docs.moodle.org/311/en/Nginx +# https://github.com/moodlebox/moodlebox/blob/master/roles/webserver/templates/etc/nginx/sites-available/default.j2 + #location ~ ^/moodle/dataroot/ { # internal; # alias {{ moodle_data }}; From 2cfff4fd3adfb22ff4f90bf6c4c2f192bbdb2287 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 2 Jul 2021 14:59:55 -0400 Subject: [PATCH 15/24] moodle-nginx.conf.j2: Is MoodleBox using XSendfile to deliver files fast? Or not? --- roles/moodle/templates/moodle-nginx.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index 2f19718e4..a005652eb 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -2,6 +2,7 @@ # https://docs.moodle.org/311/en/Nginx # https://github.com/moodlebox/moodlebox/blob/master/roles/webserver/templates/etc/nginx/sites-available/default.j2 +# Odd that MoodleBox.net is using only the 2nd half of https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect ? #location ~ ^/moodle/dataroot/ { # internal; # alias {{ moodle_data }}; From eeb7aac71aba97621d28e1a7142c292813acd152 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Jul 2021 09:07:41 -0400 Subject: [PATCH 16/24] mv moodle/tasks/apache.yml apache.yml.unused --- roles/moodle/tasks/{apache.yml => apache.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/moodle/tasks/{apache.yml => apache.yml.unused} (100%) diff --git a/roles/moodle/tasks/apache.yml b/roles/moodle/tasks/apache.yml.unused similarity index 100% rename from roles/moodle/tasks/apache.yml rename to roles/moodle/tasks/apache.yml.unused From c637245e97f5891e7a6b362d200ab668f917e7d8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Jul 2021 09:47:06 -0400 Subject: [PATCH 17/24] Future flag ideas for moodle_installer --- roles/moodle/templates/moodle_installer | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/moodle/templates/moodle_installer b/roles/moodle/templates/moodle_installer index d28808161..67e94a494 100755 --- a/roles/moodle/templates/moodle_installer +++ b/roles/moodle/templates/moodle_installer @@ -18,5 +18,11 @@ sudo -u {{ apache_user }} \ --non-interactive \ --agree-license \ --allow-unstable # TEMPORARY DURING MAY 2018 TESTING +# 2021-07-05 ideas from https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml : +# --lang="{{ moodlebox_moodle_lang }}" +# --dbtype=mariadb +# --prefix="{{ moodlebox_moodle_db_prefix }}" +# --summary="{{ moodlebox_moodle_summary }}" +# --adminemail="{{ moodlebox_moodle_username }}@{{ moodlebox_hostname }}.invalid" chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php From 0ac34ee395c52f9913de8533d9224978d4405edc Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Jul 2021 10:18:28 -0400 Subject: [PATCH 18/24] moodle/tasks/install.yml: Clarify fpm/php.ini --- roles/moodle/tasks/install.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index b5943b10f..9d9e5c10c 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -1,8 +1,7 @@ # 2021-05-22: FYI nginx_high_php_limits is effectively now auto-enabled by # www_options/tasks/main.yml#L100-L112 (as required by Moodle 3.11 w/ PHP 8) IF # 'moodle_install: True'. Happens at the end of 4-server-options/tasks/main.yml -# See the 6 settings in /etc/php/{{ php_version }}/fpm/php.ini -- which Moodle -# should take advantage of soon, as it transitions from Apache to Moodle: #2785 +# See the 6 settings in /etc/php/{{ php_version }}/fpm/php.ini # 2021-06-28: This ALSO now happens in /etc/php/{{ php_version }}/cli/php.ini # (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!) From e82cff06869ff40915221713d5df1435edfcae78 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Jul 2021 11:07:09 -0400 Subject: [PATCH 19/24] templates/moodle_installer: Fix instantiating comments --- roles/moodle/templates/moodle_installer | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/moodle/templates/moodle_installer b/roles/moodle/templates/moodle_installer index 67e94a494..bdf68bc37 100755 --- a/roles/moodle/templates/moodle_installer +++ b/roles/moodle/templates/moodle_installer @@ -19,10 +19,11 @@ sudo -u {{ apache_user }} \ --agree-license \ --allow-unstable # TEMPORARY DURING MAY 2018 TESTING # 2021-07-05 ideas from https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml : -# --lang="{{ moodlebox_moodle_lang }}" +# --lang= # moodlebox_moodle_lang # --dbtype=mariadb -# --prefix="{{ moodlebox_moodle_db_prefix }}" -# --summary="{{ moodlebox_moodle_summary }}" -# --adminemail="{{ moodlebox_moodle_username }}@{{ moodlebox_hostname }}.invalid" +# --prefix= # moodlebox_moodle_db_prefix +# --summary= # moodlebox_moodle_summary +# --adminemail= # moodlebox_moodle_username }}@{{ moodlebox_hostname }}.invalid +# Above vars set in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php From bf1a5ce832a927c5e85373e0fbb03603370a25ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Jul 2021 11:10:51 -0400 Subject: [PATCH 20/24] templates/moodle_installer: Clean up --- roles/moodle/templates/moodle_installer | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/templates/moodle_installer b/roles/moodle/templates/moodle_installer index bdf68bc37..bde8938ae 100755 --- a/roles/moodle/templates/moodle_installer +++ b/roles/moodle/templates/moodle_installer @@ -23,7 +23,7 @@ sudo -u {{ apache_user }} \ # --dbtype=mariadb # --prefix= # moodlebox_moodle_db_prefix # --summary= # moodlebox_moodle_summary -# --adminemail= # moodlebox_moodle_username }}@{{ moodlebox_hostname }}.invalid +# --adminemail= # moodlebox_moodle_username @ moodlebox_hostname .invalid # Above vars set in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php From b5844e17b8092ea9fb81718b5894564b2cfe4885 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 5 Jul 2021 16:05:12 +0000 Subject: [PATCH 21/24] Enable MathJax library/plugin with Moodle --- roles/moodle/tasks/install.yml | 2 ++ roles/moodle/tasks/mathjax.yml | 28 ++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 roles/moodle/tasks/mathjax.yml diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 9d9e5c10c..f476c8f0d 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -162,6 +162,8 @@ # path: "{{ moodle_base }}/config.php" # /opt/iiab/moodle # mode: '0644' +- include_tasks: mathjax.yml + # RECORD Moodle AS INSTALLED diff --git a/roles/moodle/tasks/mathjax.yml b/roles/moodle/tasks/mathjax.yml new file mode 100644 index 000000000..b6714c4e4 --- /dev/null +++ b/roles/moodle/tasks/mathjax.yml @@ -0,0 +1,28 @@ +# 2021-07-05: Thanks to https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/mathjax.yml + +# Verify this Moodle plugin after installation at: +# http://box.lan/moodle/admin/plugins.php +# http://box.lan/moodle/admin/settings.php?section=filtersettingmathjaxloader + +- name: Download (clone) MathJax library/plugin from https://github.com/mathjax/MathJax to {{ moodle_base }}/lib/MathJax + git: + repo: https://github.com/mathjax/MathJax # Or: git://github.com/mathjax/MathJax.git + dest: "{{ moodle_base }}/lib/MathJax" # /opt/iiab/moodle + #version: "{{ moodle_mathjax_version }}" # 2021-07-05: https://github.com/moodlebox/moodlebox/blob/master/default.config.yml uses 2.7.9 from 2020-08-25 -- whereas https://github.com/mathjax/MathJax/releases offers 3.2.0 from 2021-07-17 + depth: 1 + +- name: chmod -R ug+w,o-w {{ moodle_base }}/lib/MathJax (dirs 755 -> 775, files 644 -> 664, {{ apache_user }}:{{ apache_user }}) + file: + path: "{{ moodle_base }}/lib/MathJax" + state: directory + owner: "{{ apache_user }}" # www-data + group: "{{ apache_user }}" # MoodleBox uses {{ moodlebox_username }} set to 'moodlebox' in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml + mode: ug+w,o-w + recurse: yes + +# SEE https://github.com/moodle/moodle/blob/master/filter/mathjaxloader/lang/en/filter_mathjaxloader.php +- name: Run {{ moodle_base }}/admin/cli/cfg.php --component=filter_mathjaxloader to change MathJax library/plugin URL + command: > + /usr/bin/php {{ moodle_base }}/admin/cli/cfg.php --component=filter_mathjaxloader --name=httpsurl --set=/lib/MathJax/MathJax.js + register: mathjax_url_result + changed_when: mathjax_url_result.rc == 0 From 134997676e80ce7a5e1f0e31c734f182629d0607 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 5 Jul 2021 17:15:12 +0000 Subject: [PATCH 22/24] XSendfile Acceleration for Moodle/NGINX --- roles/moodle/tasks/install.yml | 29 ++++++++++++++++----- roles/moodle/tasks/mathjax.yml | 5 ++-- roles/moodle/templates/moodle-nginx.conf.j2 | 16 +++++++----- 3 files changed, 34 insertions(+), 16 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index f476c8f0d..71c8d0f23 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -146,22 +146,37 @@ # name: "{{ apache_service }}" # state: restarted -- name: Does {{ moodle_base }}/config.php exist? - stat: - path: "{{ moodle_base }}/config.php" - register: config +# - name: Does {{ moodle_base }}/config.php exist? +# stat: +# path: "{{ moodle_base }}/config.php" +# register: config -- name: Execute {{ moodle_base }}/moodle_installer -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS Moodle uses /etc/php/{{ php_version }}/{{ apache_service }}/php.ini or /etc/php/{{ php_version }}/fpm/php.ini during regular operation +- name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation shell: "{{ moodle_base }}/moodle_installer" - when: config.stat.exists is defined and not config.stat.exists + args: + creates: "{{ moodle_base }}/config.php" + #when: config.stat.exists is defined and not config.stat.exists -# 2021-02-01: Let's stick with Moodle's default (640) +# 2021-07-05: Let's stick with Moodle's default (755 dirs & 644 files), as we do in moodle/tasks/mathjax.yml #- name: Make {{ moodle_base }}/config.php readable, with permission '0644' # #command: chown -R {{ apache_user }} {{ moodle_base }} # file: # path: "{{ moodle_base }}/config.php" # /opt/iiab/moodle # mode: '0644' +# https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect +- name: Write extra parameters to {{ moodle_base }}/config.php -- "Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files" + lineinfile: + path: "{{ moodle_base }}/config.php" + line: '$CFG->{{ item.name }} = {{ item.value }};' + insertbefore: '^\$CFG->directorypermissions' + with_items: + #- { name: 'backuptempdir', value: "'{{ moodlebox_moodle_data_dir }}/backup'" } + - { name: 'xsendfile', value: "'X-Accel-Redirect'" } + - { name: 'xsendfilealiases', value: "array('/dataroot/' => $CFG->dataroot)" } + #- { name: 'customfiletypes', value: "array(\n (object)array(\n 'extension' => 'crt',\n 'icon' => 'sourcecode',\n 'type' => 'application/x-x509-ca-cert',\n 'customdescription' => 'X.509 CA certificate'\n )\n)"} + #- { name: 'showcampaigncontent', value: 'false' } + - include_tasks: mathjax.yml diff --git a/roles/moodle/tasks/mathjax.yml b/roles/moodle/tasks/mathjax.yml index b6714c4e4..046e3f747 100644 --- a/roles/moodle/tasks/mathjax.yml +++ b/roles/moodle/tasks/mathjax.yml @@ -11,13 +11,12 @@ #version: "{{ moodle_mathjax_version }}" # 2021-07-05: https://github.com/moodlebox/moodlebox/blob/master/default.config.yml uses 2.7.9 from 2020-08-25 -- whereas https://github.com/mathjax/MathJax/releases offers 3.2.0 from 2021-07-17 depth: 1 -- name: chmod -R ug+w,o-w {{ moodle_base }}/lib/MathJax (dirs 755 -> 775, files 644 -> 664, {{ apache_user }}:{{ apache_user }}) +- name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/lib/MathJax file: path: "{{ moodle_base }}/lib/MathJax" - state: directory owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" # MoodleBox uses {{ moodlebox_username }} set to 'moodlebox' in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml - mode: ug+w,o-w + #mode: ug+w,o-w # 2021-07-05: Let's stick with Moodle's default (755 dirs & 644 files), as we do in moodle/tasks/install.yml recurse: yes # SEE https://github.com/moodle/moodle/blob/master/filter/mathjaxloader/lang/en/filter_mathjaxloader.php diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index a005652eb..a4fd67574 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -1,12 +1,16 @@ -# 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: +# 2021-07-02: Let's monitor & learn from these 3 pages year-by-year: # https://docs.moodle.org/311/en/Nginx +# https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml # https://github.com/moodlebox/moodlebox/blob/master/roles/webserver/templates/etc/nginx/sites-available/default.j2 -# Odd that MoodleBox.net is using only the 2nd half of https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect ? -#location ~ ^/moodle/dataroot/ { -# internal; -# alias {{ moodle_data }}; -#} +# This passes 404 pages to Moodle so they can be themed +#error_page 404 /error/index.php; error_page 403 =404 /error/index.php; + +# https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect +location ~ ^/moodle/dataroot/ { + internal; + alias {{ moodle_data }}/; +} location ~ ^/moodle(.*)\.php(.*)$ { alias {{ moodle_base }}$1.php$2; From 6ec9fe8a5e220bb417d7e0195be2e32a36a71777 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 5 Jul 2021 16:57:26 -0400 Subject: [PATCH 23/24] Clean up roles/moodle + fix XSendfile so images appear --- roles/moodle/defaults/main.yml | 2 +- roles/moodle/tasks/install.yml | 87 ++++++--------------- roles/moodle/tasks/main.yml | 7 +- roles/moodle/templates/moodle-nginx.conf.j2 | 3 +- roles/moodle/templates/moodle_installer | 27 ++++--- 5 files changed, 43 insertions(+), 83 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 9de4aee06..193c21d64 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -8,7 +8,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! moodle_version: 311 -moodle_repo_url: https://github.com/moodle/moodle.git +moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! moodle_base: "{{ iiab_base }}/moodle" # /opt/iiab moodle_data: "{{ content_base }}/moodle" # /library diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 71c8d0f23..12e493a1f 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -7,16 +7,6 @@ # (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!) -#- name: "Set 'apache_install: True' and 'apache_enabled: True'" -# set_fact: -# apache_install: True -# apache_enabled: True - -#- name: APACHE - run 'httpd' role -# include_role: -# name: httpd - - - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" set_fact: postgresql_install: True @@ -52,57 +42,30 @@ - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present -- name: Does {{ moodle_base }}/config-dist.php exist? (indicating Moodle is/was installed) - stat: - path: "{{ moodle_base }}/config-dist.php" # /opt/iiab/moodle - register: moodle - -- name: Clone (i.e. use git to download) {{ moodle_repo_url }} to {{ moodle_base }} (~288 MB) +- name: Download (clone) {{ moodle_repo_url }} to {{ moodle_base }} (~350MB initially, ~371MB later) git: - repo: "{{ moodle_repo_url }}" - dest: "{{ moodle_base }}" + repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle + dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - force: yes version: "MOODLE_{{ moodle_version }}_STABLE" #version: master # TEMPORARY DURING MAY 2018 TESTING, installed 3.5beta+ = https://download.moodle.org/releases/development/ #ignore_errors: yes - when: internet_available and moodle.stat.exists is defined and not moodle.stat.exists -- name: Create dir {{ moodle_base }} owned by {{ apache_user }} (for config file?) +- name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: - state: directory path: "{{ moodle_base }}" owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" - mode: u+rw,g+r,o+r # '0755' forced executable bits on files recurse: yes -- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }} - file: - state: directory - path: "{{ content_base }}/dbdata/moodle" # /library - owner: "{{ apache_user }}" - -- name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}, '0770') +- name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}) (by default 755 = drwxr-xr-x initially, but moodle_installer sets drwxrwsrwx below) file: state: directory path: "{{ moodle_data }}" # /library/moodle owner: "{{ apache_user }}" group: "{{ apache_user }}" - #mode: '0770' # Regardless, permissions end up as: drwxrwsrwx -#- name: Remove stock /etc/{{ apache_conf_dir }}/moodle.conf -# file: -# path: "/etc/{{ apache_conf_dir }}/moodle.conf" # apache2/sites-available -# state: absent -# 2021-02-01: Not nec if we can hopefully migrate from Apache to NGINX soon! -#- name: Install /etc/{{ apache_conf_dir }}/022-moodle.conf from template -# template: -# src: 022-moodle.j2 -# dest: "/etc/{{ apache_conf_dir }}/022-moodle.conf" - -# roles/postgresql/templates/postgresql-iiab.service WAS INSTALLED HERE: # /etc/systemd/system/postgresql-iiab.service - name: Start 'postgresql-iiab' systemd service, to configure Moodle's DB systemd: @@ -129,42 +92,40 @@ become: yes become_user: postgres -- name: Install {{ moodle_base }}/moodle_installer from template ('0755') - template: - src: moodle_installer - dest: "{{ moodle_base }}" - mode: '0755' - - name: (Re)Start 'postgresql-iiab' systemd service systemd: name: postgresql-iiab state: restarted #enabled: yes # Service ends up enabled regardless -#- name: (Re)Start '{{ apache_service }}' systemd service -# systemd: -# name: "{{ apache_service }}" -# state: restarted -# - name: Does {{ moodle_base }}/config.php exist? -# stat: -# path: "{{ moodle_base }}/config.php" -# register: config +- name: Install {{ moodle_base }}/moodle_installer from template (0755) + template: + src: moodle_installer + dest: "{{ moodle_base }}" + mode: 0755 - name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation shell: "{{ moodle_base }}/moodle_installer" args: creates: "{{ moodle_base }}/config.php" - #when: config.stat.exists is defined and not config.stat.exists -# 2021-07-05: Let's stick with Moodle's default (755 dirs & 644 files), as we do in moodle/tasks/mathjax.yml -#- name: Make {{ moodle_base }}/config.php readable, with permission '0644' -# #command: chown -R {{ apache_user }} {{ moodle_base }} -# file: -# path: "{{ moodle_base }}/config.php" # /opt/iiab/moodle -# mode: '0644' +# 2021-07-05: For /opt/iiab/moodle, let's stick with default permissions from +# above (755 dirs & 644 files), and ownership (www-data:www-data), as we do in +# moodle/tasks/mathjax.yml + +# 2021-07-05: Seems like a good idea but Moodle's permissions recommendations +# at https://docs.moodle.org/20/en/Creating_Moodle_site_data_directory don't +# actually mandate this: +# +# - name: chmod -R o-rwx {{ moodle_data }} e.g. drwxrwsrwx to drwxrws--- +# file: +# path: "{{ moodle_data }}" # /library/moodle +# mode: o-rwx +# recurse: yes # https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect +# https://github.com/moodle/moodle/blob/master/config-dist.php#L274-L287 - name: Write extra parameters to {{ moodle_base }}/config.php -- "Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files" lineinfile: path: "{{ moodle_base }}/config.php" diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 1a618363b..5c4e6bf73 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -29,19 +29,16 @@ postgresql_install: True postgresql_enabled: True # Revert just below if... -- name: "Set 'postgresql_enabled: False' if 'not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)'" +- name: "Set 'postgresql_enabled: False' if not moodle_enabled" set_fact: postgresql_enabled: False - when: not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled) + when: not moodle_enabled # and not (pathagar_enabled is defined and pathagar_enabled) - name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL) include_role: name: postgresql -#- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache -# include_tasks: apache.yml - - name: Enable/Disable/Restart NGINX include_tasks: nginx.yml diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index a4fd67574..135096c5b 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -7,7 +7,8 @@ #error_page 404 /error/index.php; error_page 403 =404 /error/index.php; # https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect -location ~ ^/moodle/dataroot/ { +# https://github.com/moodle/moodle/blob/master/config-dist.php#L274-L287 +location /dataroot/ { internal; alias {{ moodle_data }}/; } diff --git a/roles/moodle/templates/moodle_installer b/roles/moodle/templates/moodle_installer index bde8938ae..be6b18bf6 100755 --- a/roles/moodle/templates/moodle_installer +++ b/roles/moodle/templates/moodle_installer @@ -6,18 +6,18 @@ # a capital letter, in keeping with Internet-in-a-Box's other server apps? sudo -u {{ apache_user }} \ - /usr/bin/php {{ moodle_base }}/admin/cli/install.php \ - --wwwroot=http://{{ iiab_hostname }}.{{ iiab_domain }}/moodle \ - --dataroot={{ moodle_data }} \ - --dbtype=pgsql \ - --dbname={{ moodle_database_name }} \ - --dbuser=Admin --dbpass=changeme \ - --fullname=Your_School \ - --shortname=School \ - --adminuser=admin --adminpass=changeme \ - --non-interactive \ - --agree-license \ - --allow-unstable # TEMPORARY DURING MAY 2018 TESTING + /usr/bin/php {{ moodle_base }}/admin/cli/install.php \ + --wwwroot=http://{{ iiab_hostname }}.{{ iiab_domain }}/moodle \ + --dataroot={{ moodle_data }} \ + --dbtype=pgsql \ + --dbname={{ moodle_database_name }} \ + --dbuser=Admin --dbpass=changeme \ + --fullname=Your_School \ + --shortname=School \ + --adminuser=admin --adminpass=changeme \ + --non-interactive \ + --agree-license \ + --allow-unstable # TEMPORARY DURING MAY 2018 TESTING # 2021-07-05 ideas from https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml : # --lang= # moodlebox_moodle_lang # --dbtype=mariadb @@ -26,4 +26,5 @@ sudo -u {{ apache_user }} \ # --adminemail= # moodlebox_moodle_username @ moodlebox_hostname .invalid # Above vars set in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml -chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php +# 2021-07-05: No longer needed +#chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php From 274a4b7abf8a847af67407c98eef36497aceb5a0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Jul 2021 23:26:08 -0400 Subject: [PATCH 24/24] Explain moodle_installer's cli/php.ini & LATER fpm/php.ini --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 12e493a1f..aa763be59 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -105,7 +105,7 @@ dest: "{{ moodle_base }}" mode: 0755 -- name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation +- name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS LATER Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation shell: "{{ moodle_base }}/moodle_installer" args: creates: "{{ moodle_base }}/config.php"