In this section we follow a secure installation of Moodle. In case you do not already have an installed instance of Moodle, we will show you the quickest way to do that, and at the same time focus on security. If you already have Moodle installed, go to the following section where you will see how to secure an existing installation of Moodle.
In order to install Moodle on your server you need to install and configure the web server with support for PHP and the database server. We will not go into the specifics of setting up a particular web server, PHP, and/or database server right now, since it depends on the OS your server has installed. Also we will not explain in detail tasks like creating directories, setting up file permissions, etc as they are OS specific. Later in this book we will address them in detail for both Linux and Windows. If you need to know that right now then I suggest you go directly to the chapter dedicated to the Operating System you plan on using. This section assumes you already know about your OS and have already configured your web server with an empty database. Every installation of Moodle must have:
We assume that your web server is Apache (Linux) or IIS (Windows), and that you use PHP 5.1.x or later and MySQL 5.0 or later.
The following checklist will guide you through the basic installation procedure for Moodle.
moodle-weekly-19.zip
archive. In case you use Linux you can choose either. In case of Windows, ZIP file is the preferred choice. The reason for this is simple. Every Windows server comes, by default, with installed support for managing Zip archives. On the other hand, TGZ is readily available on every Linux distribution. moodle
which contains all of the platform files. Move that directory to the web-root of your web server. After doing that it is recommended to make all files read-only for safety reasons. moodledata
somewhere on the disk. Make sure that it is not in the web-root of your web server since that would incur a serious security breach. Doing that might expose all platform files submitted by course participants and teachers together with the course content to the outside world. utf8
and collation set to utf8_general_ci
. It is recommended to have a special user for accessing this database with limited permissions. In case of credentials theft, a malicious user could only operate on data from one database, minimizing the potential damage. That database user account will need permissions for creating, altering, and deleting the tables, creating/dropping the indexes and reading/writing the data. Here is what you need to execute in your MySQL console for creating a database and user:CREATE DATABASE moodle CHARSET 'utf8' COLLATION 'utf8_general_ci'; CREATE USER 'moodle'@'localhost' IDENTIFIED BY 'somepass'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON loomdb.* TO loom@localhost IDENTIFIED BY 'somepass'; FLUSH PRIVILEGES;
config.php
. It is important to make this file read-only after installation for security reasons. In case Moodle cannot save config.php
it will offer to download or copy content of the file and manually place it in the appropriate location on the server. See the following screenshot:
Field name |
Description |
Recommended action |
---|---|---|
Username |
Defines user name inside the Moodle. By default it is admin. |
We recommend leaving the default value unchanged. |
New password |
Defines user logon password. |
Must supply valid password. |
First name |
Defines name of the admin. |
Must supply valid name. |
Surname |
Defines surname of the admin. |
Must supply valid name. |
E-mail address |
Defines user e-mail address. |
Must supply valid e-mail. |
E-mail display |
Define the visibility of your e-mail address within the platform. |
We recommend leaving it as is (visible to all). |
E-mail active |
Defines whether e-mail is activated or not. |
Set it to enable. |
City/Town |
Defines name of the city where you live. |
Moodle requires this value. |
Select Country |
Name of your country. |
Set it to your country name. |
Timezone |
Sets your time zone so that server can display time calculated for your location in some reports. |
If not sure what your time zone is, leave it as is. |
Preferred language |
Choose the platform language. |
By default, Moodle comes only with support for English language. If you want to add more languages visit http://download.moodle.org/lang16/ and download and install the appropriate files. |
3.21.248.162