Fedora Workstation 26 をインストールする機会があったので、Nginx + SELinux + MariaDB 下で Moodle 3.3.1 をセットアップするまでの一連の流れを記録してみました。
- Fedora Workstation 26 のインストール
- Fedora Workstation 26 の初期設定
- 関連ソフトウェアのインストールと設定
- Moodle のインストール
- Moodle の調整
- Let's Encrypt 無料サーバー証明書
Fedora Workstation 26 をインストールする機会があったので、Nginx + SELinux + MariaDB 下で Moodle 3.3.1 をセットアップするまでの一連の流れを記録してみました。
9. インストール先のマシンを電源を入れて素早くディスクを差し込む。
10. これ以降は、以下参照。
https://www.hiroom2.com/2017/07/12/fedora-26-ja/
最初はローカル端末で、
1. ssh が開いていることの確認
# firewall-cmd --list-services --zone=public
ssh mdns dhcpv6-client
2. sshd の常駐化
# systemctl enable sshd
# systemctl start sshd
以降はリモート端末で(お好みでどこらかでも)、
3. 接続許可の設定(任意)
# cd /etc
# vi hosts.deny
sshd: all
mysqld: all
# vi hosts.allow
sshd: 192.168.3.9 192.168.3.10
mysqld: 192.168.3.11
# systemctl restart sshd
4. デフォルトゾーンの確認(任意)
# firewall-cmd --get-default-zone
FedoraWorkstation
5. デフォルトゾーンを public に変更
# firewall-cmd --set-default-zone=public
6. 忘れないうちにポートを開放しておく
# firewall-cmd --permanent --add-service=http --zone=public
# firewall-cmd --permanent --add-service=https --zone=public
# firewall-cmd --reload
# firewall-cmd --list-services --zone=public
7. SELinux の状態確認
# getenforce
Enforcing
8. Apache が動いていないことの確認
# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
9. 検索エンジンロボットの巡回を拒否する(任意)
# vi /var/www/html/robots.txt
User-Agent: *
Disallow: /
Moodle ではアンチウィルスプラグインとして ClamAV が第一選択となっている。
# dnf install clamav clamav-update
ウイルス定義ファイルの更新
# freshclam
3時間おきに定義ファイルの更新が行われるよう /etc/cron.d/clamav-update で設定してある。
試しにスキャンしてみる
# clamscan --infected --remove --recursive /home
お試し無害ウィルスをダウンロードして試す
# cd /tmp
# wget http://www.eicar.org/download/eicar.com
# clamscan --infected --remove --recursive ./
# dnf install mariadb-server
# dnf install nginx php-fpm mod_xsendfile
# cd /etc/php-fpm.d
# cp -a www.conf www.conf.org
# vi www.conf
user = nginx
group = nginx
# cd /var/www/html
# ln -s /usr/share/nginx/html/* .
# cd /usr/share/nginx/html
# vi phpinfo.php
<?php
phpinfo();
?>
# systemctl start php-fpm
# systemctl enable php-fpm
# systemctl start nginx
ここでブラウザでアクセスして動作確認を行う。
1. http://192.168.3.7/ で「Welcome to nginx on Fedora!」が現れるか。
2. http://192.168.3.7/phpinfo.php が正しく表示されるか。
ここから moodle 用の設定
# cd /etc
# cp -a php.ini php.ini.org
# vi php.ini
max_execution_time = 90(任意)
memory_limit = -1(無制限)
post_max_size = 0(無制限)
cgi.fix_pathinfo=1
upload_max_filesize = 1024M(任意)
date.timezone = Asia/Tokyo
mbstring.language = Japanese
とりあえず、自己サーバー証明書作成
# cd /etc/nginx
# openssl genrsa 2048 > server.key
# openssl req -new -key server.key > server.csr
# openssl x509 -days 3650 -req -signkey server.key < server.csr > server.crt
# cp -a nginx.conf nginx.conf.org
# vi nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
index index.php index.html index.htm;
root /var/www/html;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
location / {
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:/run/php-fpm/www.sock;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 60m;
}
location /dataroot/ {
internal;
alias /var/www/moodledata/; # ensure the path ends with /
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
ssl_certificate "serverr.crt";
ssl_certificate_key "server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:/run/php-fpm/www.sock;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 60m;
}
location /dataroot/ {
internal;
alias /var/www/moodledata/; # ensure the path ends with /
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
# nginx -t
ブラウザでの確認
XyMTeX を使わないのなら、TeX のインストールは不要かも。
# dnf install texlive-scheme-full -y & 1.3 GB もあるので、バックグラウンドで流す。
# dnf install texlive-latex-bin-bin texlive-cm texlive-bxcjkjatype texlive-ipaex-type1 texlive-xymtex ImageMagick
# mktexlsr
訂正です。
# dnf install texlive-latex-bin-bin texlive-cm texlive-bxcjkjatype texlive-ipaex-type1 texlive-xymtex ImageMagick
texlive-scheme-full に含まれているので。
# vi test.tex (chemfig の追加)
\documentclass{article}
\usepackage{amsmath}
\usepackage[whole]{bxcjkjatype}
\usepackage{xymtexpdf}
\usepackage{chemfig}
\RequirePackage{amsmath,amssymb,latexsym}
\begin{document}
$\text{\XyMTeX}\\$
$\sixheterov[bdf]{3s==\tetramethylenei{2==O;4==CH$_3$}{1==(yl);3D==O}}{2==CO$_2$}[]\\\\$
$\text{ChemFig}\\$
$\chemfig{[:0]*6(=-(-O([:30]-([2]=O)([:-30]-CH_3)))=(-CO_2)-=-)}\\\\\\$
$\text{\bf数式}\\$
$\displaystyle\int_0^{10}\left(\dfrac{9}{\
17\ }x+13\right){\rm d}x$
\end{document}
/filter/tex/latex.php に倣い、
1. 教師にもメアドを見せないようにする。(任意)
無料なので、Let's Encrypt サーバー証明書を利用してみる。
Certbot doesn’t know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run “certbot certonly” to do so. You’ll need to manually configure your web server to use the resulting certificate.
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):<自分のメールアドレス>
-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A
------------------------------------------------------------------------------- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: <任意>
Select the webroot for 192.168.3.7: ------------------------------------------------------------------------------- 1: Enter a new webroot ------------------------------------------------------------------------------- Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
次に webroot の入力を求められるので、/var/www/html と入力すると、
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/192.168.3.7/fullchain.pem. Your cert will expire on 2017-11-10. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
自己サーバー証明書に関する記述と置き換える。
# vi /etc/nginx/nginx.conf
ssl_certificate "/etc/letsencrypt/192.168.3.7/cert.pem";
ssl_certificate_key "/etc/letsencrypt/live/192.168.3.7/privkey.pem";
# nginx -t
# nginx -s reload
# crontab -e
0 3 * * * /usr/bin/certbot renew