Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
KeenWiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Securing Moodle on Linux
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Special pages
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
These steps are essential for a production server containing student passwords and data. == https encryption == === Certbot and virtual host === === File permissions ==== * Reset the permissions on /var/www/html/moodle directories to read, write and execute for the webserver, read and execute for group and others * Reset the permissions on /var/www/html/moodle files to read, write for the webserver, read only for group and other == Secure database and set the root == Run the mariadb-secure-installation script to strengthen security by setting a root password, removing anonymous users, disabling remote root login, deleting the test database, and reloading privileges. sudo mariadb-secure-installation === Configure and enable firewall === Allow SSH (port 22) for remote access Enable the UFW firewall with confirmation Set default policy to deny all incoming connections Set default policy to allow all outgoing connections Allow HTTP traffic on port 80 Allow full access for Apache (HTTP and HTTPS) sudo ufw allow 22/tcp sudo ufw --force enable sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow www sudo ufw allow 'Apache Full' == Use SSH authentication keys == SSH keys are cryptographically stronger than passwords and resist brute-force attacks. The private key remains on the client machine, reducing the risk of interception or theft during transmission. SSH keys allow passwordless login, eliminating the need to remember or type passwords repeatedly. sudo find /var/www/html/moodle -type d -exec chmod 755 {} \; sudo find /var/www/html/moodle -type f -exec chmod 644 {} \;
Summary:
Please note that all contributions to KeenWiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
KeenWiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
