post-configuration.md 8.4 KB
% Post configuration du serveur chiffré
Sécurité
Installation des mises à jour de sécurité automatiques
sudo apt-get install unattended-upgrades
Installation de fail2ban
sudo apt install fail2ban
Docker
Procédure
Voir cette page: Install Docker Engine on Debian | Docker Documentation
Installation Moodle
Préparation
Voir Tutorial - Moodle installation on Nginx - Step by step
sudo apt-get install nginx graphviz aspell ghostscript clamav git mlocate mariadb-server mariadb-client php-fpm php-cli php-mysql php-mbstring php-xmlrpc php-zip php-gd php-xml php-bcmath php-ldap php-pspell php-curl php-intl php-soap
sudo updatedb
locate php.ini
sudo nano /etc/php/7.4/fpm/php.ini
sudo cp /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/www.conf.original
sudo nano /etc/php/7.4/fpm/pool.d/www.conf
Lets Encrypt
sudo apt install certbot python3-certbot-nginx
sudo ufw allow http
sudo ufw allow https
sudo certbot certonly --nginx -d moodle.aezi.fr
MariaDB
sudo mysql -u root -p
CREATE DATABASE moodle DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'moodle'@'localhost' IDENTIFIED BY 'GESTIONNAIRE_MDP';
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,CREATE TEMPORARY TABLES,DROP,INDEX,ALTER ON moodle.* TO moodle@localhost;
quit;
Installation Moodle
Après la dernière phase d'installation ça bloque
Erreur
Ce site est en phase de mise à jour. Veuillez réessayer plus tard
Je lance donc depuis le répertoire /var/www/moodle/moodle la commande suivante (source: Moodle en français: Ce site est en phase de mise à jour. Veuillez essayer plus tard. ):
sudo -u www-data php admin/cli/upgrade.php --non-interactive
Fichier /etc/php/7.4/fpm/php.ini
[PHP]
engine = On
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = -1
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
disable_classes =
zend.enable_gc = On
zend.exception_ignore_args = On
expose_php = Off
max_execution_time = 300
max_input_time = 300
max_input_vars = 5000
memory_limit = 256M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 32M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
date.timezone =Europe/Paris
[Pdo_mysql]
pdo_mysql.default_socket=
[Phar]
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.cookie_samesite =
session.serialize_handler = php
session.gc_probability = 0
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.sid_length = 26
session.trans_sid_tags = "a=href,area=href,frame=src,form="
session.sid_bits_per_character = 5
[Assertion]
zend.assertions = -1
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[ldap]
ldap.max_links = -1
---aoff
sudo nano /etc/php/7.4/fpm/php.ini
sudo cp /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/www.conf.original
sudo nano /etc/php/7.4/fpm/pool.d/www.conf
less /etc/nginx/sites-enabled/default
sudo certbot
sudo apt search certbot
sudo apt install certbot
ping moodle.aezi.fr
sudo systemctl status nginx
less /etc/nginx/sites-enabled/default
sudo nginx -s reload
less /etc/nginx/sites-enabled/default
ll /var/www/html
sudo ufw
sudo iptables -L
sudo su -
sudo ufw allow http
sudo ufw allow https
sudo ufw status
sudo certbot-auto certonly --nginx -d www.aezi.fr
sudo certbot certonly --nginx -d www.aezi.fr
sudo apt install certbot-nginx
sudo apt search certbot
sudo apt install python3-certbot-nginx
sudo certbot certonly --nginx -d www.aezi.fr
sudo certbot certonly --nginx -d moodle.aezi.fr
history
sudo nano /etc/nginx/sites-available/moodle.aezi.fr
sudo mkdir -p /var/www/moodle/ /var/www/moodle/data/
cd /var/www/moodle/
cd -
ll
tar xzf moodle-latest-400.tgz -C /var/www/moodle/4.0.4+
sudo mkdir /var/www/moodle/4.0.4+
sudo tar xzf moodle-latest-400.tgz -C /var/www/moodle/4.0.4+
sudo tar xf moodle-latest-400.tgz -C /var/www/moodle/4.0.4+
file moodle-latest-400.tgz
sudo apt search file
sudo apt install file
file moodle-latest-400.tgz
rm moodle-latest-400.tgz
wget https://download.moodle.org/stable400/moodle-latest-400.tgz
sudo tar xf moodle-latest-400.tgz -C /var/www/moodle/4.0.4+
cd /var/www/moodle/
ll
sudo ln -s 4.0.4+/ site
sudo nano /etc/nginx/sites-available/moodle.aezi.fr
ll /etc/letsencrypt/live/aezi.fr/fullchain.pem;
sudo ls -ll /etc/letsencrypt/live/aezi.fr/fullchain.pem;
sudo ls -ll /etc/letsencrypt/live/
ll /etc/letsencrypt/live/moodle.aezi.fr/fullchain.pem;
sudo ls -ll /etc/letsencrypt/live/moodle.aezi.fr/fullchain.pem;
sudo nano /etc/nginx/sites-available/moodle.aezi.fr
sudo nginx -t
cd /etc/nginx/sites-enabled/
sudo ln -s ../sites-available/moodle.aezi.fr
sudo nginx -t
cd
sudo systemctl status
sudo systemctl php-fpm restart
sudo systemctl restart php-fpm
sudo service php-fpm restart
sudo service php7.4-fpm restart
sudo nginx -s reload
sudo systemctl restart nginx
sudo apt install acl
sudo setfacl -R -m u:www-data:rwX /var/www/moodle/
sudo setfacl -d -R -m u:www-data:rwX /var/www/moodle/
getfacl /var/www/moodle
sudo chown www-data:www-data -R /var/www/moodle/
ll /var/www/moodle/
sudo mysql -u root -p
sudo nano /etc/nginx/sites-available/moodle.aezi.fr
ll /var/www/moodle/site/
ll /var/www/moodle/site/moodle
sudo nano /etc/nginx/sites-available/moodle.aezi.fr
sudo nginx -s reload
cd /var/www/moodle/
ll
rm site
sudo rm site
sudo mv data moodledata
sudo rm site
ll
sudo mv 4.0.4+/ site
sudo mv site/moodle/ .
ll
ll site
rmdir site
sudo rmdir site
sudo nano /etc/nginx/sites-available/moodle.aezi.fr
ll
sudo nano /etc/nginx/sites-available/moodle.aezi.fr
sudo nginx -s reload
sudo nano /etc/php/7.4/fpm/php.ini
sudo service php-fpm restart
sudo service php7.4-fpm restart
top
less /var/log/nginx/access.log
sudo less /var/log/nginx/access.log
sudo less /var/log/nginx/error.log.log
sudo less /var/log/nginx/error.log
sudo nano /etc/php/7.4/fpm/php.ini
top
sudo -u www-data php admin/cli/upgrade.php --non-interactive
cd moodle
ll
sudo -u www-data php admin/cli/upgrade.php --non-interactive
top
sudo -u www-data php admin/cli/upgrade.php --non-interactive
top
history | awk '{$1=""; print}'