centos7 + nginx + moodle4安装配置

一、安装PHP7.4 on CentOS7

yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install https://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum -y install yum-utils
yum-config-manager --enable remi-php74
yum update
yum install php php-cli php-fpm php-mysqlnd php-zip php-devel php-gd php-mcrypt \
 php-mbstring php-curl php-xml php-pear php-bcmath php-json  \
 php-mysqlnd php-xml php-xmlrpc php-pdo  php-pecl-zip php-intl php-common

安装opcache

Opcache 最初被称为 Zend Optimizer+，Opcache（在推出PHP 5.5.0以后）是被作为内置扩展以提高性 PHP 的性能。通过 PECL 它也可以用于 5.2，5.3和5.4 版本的 PHP。它的工作原理是将预编译的脚本字节码存储在共享内存中，从而 PHP 无需为每个请求加载和解析脚本。

# yum install php-opcache
# vim /etc/php.d/10-opcache.ini
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=60
opcache.fast_shutdown=1

二、安装 MariaDB 10 in CentOS7

最新版本是10.9.1，这里向下移几个小版本，保证稳定性

// configuration yum repo
# vi /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.5/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

// install the mariadb and configuration for safe
# yum install MariaDB-server MariaDB-client -y
# systemctl start mariadb
# systemctl enable mariadb
# systemctl status mariadb
# mysql_secure_installation
# mysql -V
# mysqld --print-defaults
# mysql -u root -p

配置数据库my.cnf

# cat /etc/my.cnf|grep -v ^#
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
innodb_file_format = Barracuda
innodb_file_per_table = 1
innodb_large_prefix = true

character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
skip-character-set-client-handshake

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

!includedir /etc/my.cnf.d


[client]
default-character-set = utf8mb4

[mysql]
default-character-set = utf8mb4

SQL

创建用户

CREATE DATABASE moodle DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,CREATE TEMPORARY TABLES,DROP,INDEX,ALTER ON moodle.* TO 'moodleuser'@'localhost' IDENTIFIED BY 'yourpassword';

SQL

三、安装moodle

yum -y install nginx
wget https://download.moodle.org/stable400/moodle-4.0.1.zip
unzip moodle-4.0.1.zip
mv moodle /var/www/html/
chown -R nginx:nginx /var/www/html/moodle
mkdir -p /var/www/html/moodledata/
chown nginx:nginx /var/www/html/moodle

配置nginx:

server {
    listen       80;
    listen       [::]:80;
    server_name  _;
    #root         /usr/share/nginx/html;
    index  index.php index.html index.htm;
    root         /var/www/html/moodle;

    location / {
    try_files $uri $uri/ =404;
    }

    location /dataroot/ {
    internal;
    alias /var/www/html/moodledata/;
    }

    location ~ ^(.+\.php)(.*)$ {
        root /var/www/html/moodle/;
        fastcgi_split_path_info  ^(.+\.php)(.*)$;
        fastcgi_index            index.php;
        fastcgi_pass             127.0.0.1:9000;
        include /etc/nginx/mime.types;
        include                  fastcgi_params;
        fastcgi_param   PATH_INFO       $fastcgi_path_info;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    # Hiding internal files
    location ~ /\.(?!well-known).* {
        return 404;
    }

    # This should be after the php fpm rule and very close to the last nginx ruleset.
    # Don't allow direct access to various internal files. See MDL-69333
    location ~ (/vendor/|/node_modules/|composer\.json|/readme|/README|readme\.txt|/upgrade\.txt|db/install\.xml|/fixtures/|/behat/|phpunit\.xml|\.lock|environment\.xml) {
        deny all;
        return 404;
    }

    error_page 404 /error/index.php;
    error_page 403 =404 /error/index.php;

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }
}

YAML

####　修改php.ini文件

file_uploads = On
allow_url_fopen = On
memory_limit = 256M
upload_max_filesize = 64M
max_execution_time = 360
cgi.fix_pathinfo = 0
date.timezone = Asia/Shanghai

Ini

启用xsendfile

Enable xsendfile for Nginx in Moodles config.php, this is documented in the config-dist.php, a minimal configuration look like this

$CFG->xsendfile = 'X-Accel-Redirect';
$CFG->xsendfilealiases = array(
    '/dataroot/' => $CFG->dataroot
);

PHP

php-fpm的安全配置，限定只能运行php结尾的文件：

# cat /etc/php*/fpm/pool.d/www.conf
security.limit_extensions = .php

四、其他

如何禁用https

In config.php, adding the following line should prevent https from being forced:

$CFG->overridetossl = false;

PHP

一键安装

php admin/cli/install.php --lang=en --chmod=2775 --wwwroot=http://localhost:8080 --dataroot=/var/www/html/moodledata/ --adminuser=user --adminpass=adminpass --adminemail=user@example.com --fullname="New Site" --shortname="New Site" --non-interactive --allow-unstable --agree-license --dbtype=mariadb --dbhost=localhost --dbport=3306 --dbname=moodle --dbuser=root --dbpass=mypassword

PHP

上面的步骤执行完成后，最好再通过chown -R nginx:nginx /var/www/html/moodle/ /var/www/html/moodledata/指令确保nginx对所属的文件有相应的权限。

cron清理配置：

* * * * *    /usr/bin/php /path/to/moodle/admin/cli/cron.php >/dev/null

参考文档：

https://docs.moodle.org/400/en/Nginx

https://docs.moodle.org/400/en/Installation_quick_guide

https://docs.moodle.org/400/en/Caching