Moodle networking requires a number of additional components to be installed on your servers that deal with secure communication and safe data exchange.
The following elements have to be installed on all Moodle servers that are participating in the network:
curl: A PHP library of calls that are specifically designed to safely fetch data from remote sites. If not installed, you have to recompile PHP and add--with curlwhen runningconfigure.openssl: The OpenSSL PHP library provides encryption functionality without the need to purchase an SSL certificate (--with openssl).xmlrpc: A PHP library that supports remote procedure calls via XML (--with xmlrpc).
It is possible to add trusted hosts to Moodle, which allows them to execute calls via XML-RPC to any part of the Moodle API (Networking | XML-RPC hosts). This is potentially very dangerous and is only meant for developers. We will not be dealing with this functionality in this book.
To make sure whether the required PHP extensions have been installed, go to Server | Environment and make sure the status for all three components is OK.
The above PHP extensions ensure secure communication and the safe transmission of data between participating sites. Unlike other secure web systems, neither HTTPS nor the purchase of an SSL certificate is required. Moodle will generate a certificate to encrypt the communication, which is done via PHP using the certificate mentioned earlier.
To activate Moodle networking go to Advanced features and turn on networking. This step has to be performed on all participating servers in the Moodle network.
Once networking has been enabled, Moodle generates a public/private key pair using OpenSSL. When you later connect to another Moodle site (which also has a set of keys), the public key is exchanged and you will have to confirm that your site will trust this public key. When the two sites exchange data, the sender will sign each request using their private key and encrypt the message with the public key of the receiver. The receiver, holder of the sender's public key and its own private key, will be able to decrypt the message and execute the request. So much for the theory. Now, back to the real world.
Go to Networking | Settings where you will see the public key that has been created by OpenSSL. The key has an expiry date that is 28 days from creation; after this, a new key is created (so called key rotation). The key can be renewed manually by using the key deletion option on the same screen.
Tip
The key expiry duration cannot be changed via a Moodle parameter, but via a configuration setting (see Appendix, Configuration Settings). Add $CFG->mnetkeylifetime=365 to config.php to increase the expiry period to a full year to avoid regular renewal of keys.
Now that Moodle networking has been enabled and the public key has been generated, it is time to get the servers talking to each other.