The Xampp documentation for Linux indicates that the platform is configured for "development" purposes and should not be used for "production". This is a confusing statement since Moodle distributes it with its packages and the individual components are the same software that can be downloaded from the respective contributors. Can anyone clarify this inconsistancy? Thanks in advance.
On the contrary, this is a declaratory statement. You think Moodle should be responsible for your production server configuration? :{
You are not making any sense and not advancing the conversation.
Did I say something wrong ? Ok then, I'll try once more.
The paragraph below is taken from XAMPP's website
-------
The philosophy behind XAMPP is to build an easy to install distribution for developers to get into the world of Apache. To make it convenient for developers XAMPP is configured with all features turned on.
The default configuration is not good from a securtiy point of view and it's not secure enough for a production environment - please don't use XAMPP in such environment.
Since LAMPP 0.9.5 you can make your XAMPP installation secure by calling »/opt/lampp/lampp security«.
--------
As you can see for yourself, it talks about CONFIGURATION and SECURITY, nothing more. XAMPP is just a packaging of popular and robust GNU software, convenient for developers. Its up to you to make the configuration of each (Apache, MySQL ...) suitable for your production environment. I don't see this paragraph saying or implying anything about deficiency thus making it non-suitable for production environments.
Even I'm not the right person to give you an official answer, the fact that there are Moodle distributions with XAMPP included is just for convenience as well, to help you get the whole suite of apps (web server, database server, scripting language etc) needed to install and run Moodle in one go. But if you want to ensure production robustness and security, you have to work with the configuration. And this is an issue you'd have to dealt with anyway, even if you installed the products separately.
Am I making any sense now?
Is Xampp/Moodle download suitable for a production server? No. It was never meant to be a production server.
It is my understanding that this package was developed primarily for Teachers to download and install in one easy process for their Windows PCs. This meant that Teachers could more easily develop things off-site, then upload them to their Moodles. It also meant that a stable and user friendly Moodle was easily accessible for people with a few technical skills. They can download and install to their own computers, then learn about Moodle, without a huge challenge of putting Apache, then PHP then MySQL then Moodle. Variations have since crept in, Xampp for Linux, MAMP and so on. To stick to the point, Moodle.org uses a Xampp-lite version of Xampp, not the full Xampp made by Apache Friends and that is what is labeled as unsuitable.
Why is it unsuitable for a production server? Simple, it is not the full version of Xampp. It is also resource hungry, which tends to compete with most PHP Apps as they too are resource hungry. As well, there are a number of security issues associated with Xampp-lite that are risky in the wild.
Specifically for Linux, most releases of Linux come with Apache, PHP and MySQL, or PostGres, as part of their standard package installations, so why bother with Xampp in Linux? Why re-invent the wheel? Why have a Xampp shell when you have the natives? If you want additional security, try a Drupal or Joomla shell, and I am sure there are others.
Xampp has a role to play in a lot of areas, it must, otherwise it would already be consigned to the scrap heap of old and long since dated programs. Personally, I do not use it any more, not even for my private Moodle. I have found that since dropping Xampp, both heavy duty and Xampp-lite, I have been able to happily slaughter my private Moodle repeatedly with dumb things people do to wreck my production site, and not have to worry about constantly replacing the whole site, just the Moodle, when I can't figure out how to fix it. Updates seem much easier, and I can update the PHP but have not been game enough to do the MySQL yet, but will have to soon, I expect. I have also been able to include a MediaWiki, Mahara, WordPress, and a couple of other PHP Apps using the same AMP configuration. I doubt I would have been able to do that in Xampp - at least not as easily. But my production site gets well and truly left alone.
Thanks for your indebth analysis of my question. I have some comments which are inline.
>Specifically for Linux, most releases of Linux come with Apache, PHP and MySQL, or PostGres, as part of their standard package installations, so why bother with Xampp in Linux? Why re-invent the wheel? Why have a Xampp shell when you have the natives? If you want additional security, try a Drupal or Joomla shell, and I am sure there are others.
[Gill] I can't speak for other users, but in my case it was just easier. I didn't want to deal with Ubuntu server addition since I am a "newbe" to Linux, so I went with the desktop version which had gnome. To use native applications one has to deal with the "apt-get install" process. But, there is a more fundamental reason here, the ".ini" files which are stripped bare in the native applications and not in Xampp.
>Xampp has a role to play in a lot of areas, it must, otherwise it would already be consigned to the scrap heap of old and long since dated programs.
[Gill] Something I didn't know was that there were two different flavors of XAMPP. I dounloaded directly from their site and presumable got the heavy duty flavor.
Gill,
Can you be more explicit about what you mean when you say "the ".ini" files which are stripped bare in the native applications and not in Xampp."?
I have never found any issue using either Ubuntu Server or Desktop edtion; and to be far installing the LAMP stack in Ubuntu (either edition) is just a matter of three or four lines in the terminal...
If you have installed Ubuntu Desktop, then you can follow the Ubuntu Server docs install guide and it will work exactly the same... Manual_installation_on_Ubuntu
Jon
>Can you be more explicit about what you mean when you say "the ".ini" files which are stripped bare in the native applications and not in Xampp."?
[Gill] When I installed each seperate component I found that the ".ini" file in Apache was very, very bare bones. I didn't bother to check the PHP file. When I installed XAMPP for Linux directly downloaded from the friends site, I was off and running.
>I have never found any issue using either Ubuntu Server or Desktop edtion; and to be far installing the LAMP stack in Ubuntu (either edition) is just a matter of three or four lines in the terminal...
[Gill] What I was referring to was the ease of getting around the Linux box. As you know, there is no gnome desktop on the server until one installs XWin and gnome itself. This difference can be daunting for someone not fully grounded in Linux like me.
>If you have installed Ubuntu Desktop, then you can follow the Ubuntu Server docs install guide and it will work exactly the same... Manual_installation_on_Ubuntu
[Gill] The issue was configuring Apache, nothing else.
Jon
Apache? ini file? You sure? I just did a search on my private server, which also has 4 or 5 other PHP applications as well as Moodle, 2 versions of Moodle 2.0 and 1 Moodle 1.9.8 and 1 Moodle 1.9.9 and the only ini file I found was in the HTMLPurifier folder of each Moodle, not in Apache. I would suggest these ini files are probably in the Xampp shell, but I cannot be sure, I no longer have a Xampp on my computer so I cannot check.
The file that Apache uses to configure iteself is the conf\httpd.conf file. The only configuration settings in Apache that you seriously need worry about is the location of the ServerRoot and the DocumentRoot.
After that is the lesser items, lesser as in less frequently visited, not importance, like Listen your.ip.address.here:80 or that might be just Listen 80 being the port Apache listens on, a standard setting so make sure that no other device is using the same port, like Skype, or a quietly on system start started existing Apache Server.
Another is the Directory Index, which should look something like:
<IfModule dir_module>
DirectoryIndex index.php index.php4 index.php3 index.cgi index.pl index.html index.htm index.shtml index.phtml
# DirectoryIndex index.html index.htm index.shtml
</IfModule>
Perhaps another setting you might want to think about is the Dynamic Shared Object (DSO) Support setting. This tells Apache to load these modules, which allows the whole thing to work as it should. I have found that the manual construction of a Moodle does, if you are not careful, leave out this line:
LoadModule php5_module "G:/php/php5apache2_2.dll"
Which means that php will not be accessed or used by Apache if you do not enable it. These are the only settings I have ever played around with, and I have had my current Apache/PHP/MySQL server running now for well over a year without issue.
If you downloaded the Xampp from the Apache Friends site, then it would be the full version, in which case a lot of these settings may be invalid, or preset or non-existing.
Let me try and be clear. You should not use xampp for a production Moodle.
I can't think of a nice way to put this so you must excuse my bluntness - if you don't have the skills to create a Moodle site using 'standard' web server software then you probably don't have the skills to properly secure the site and perform backups etc.. None of this is rocket science and there are plenty of resources that can help you but you will need to learn a bit about being a server admin.
Yes, using a one click solution is easier and so is using a desktop Linux rather than a server edition but for a production site it isn't suitable.
I can't think of a nice way to put this so you must excuse my bluntness - if you don't have the skills to create a Moodle site using 'standard' web server software then you probably don't have the skills to properly secure the site and perform backups etc.. None of this is rocket science and there are plenty of resources that can help you but you will need to learn a bit about being a server admin.
Yes, using a one click solution is easier and so is using a desktop Linux rather than a server edition but for a production site it isn't suitable.