Moodle - IIS, Internet access problem

Moodle - IIS, Internet access problem

by Adam Karas -
Number of replies: 10

Hello,

I'm trying to deploy new Moodle at our school. Everything is installed on VM Windows Server 2012 R2 (IIS, PHP, MySQL, LetsEncrypt SSL), and it works fine in the intranet (access from "serverIP:port"). The problem is when I want to make it available from the Internet. I have a public IP, set the port forwarding on the router, so access will be on "publicIP:port" (I did not even try reverse proxy). I will overwrite the address in config.php to "publicIP:port". And there is a problem when I try to access from the Internet, it shows the "Too many redirects" error or it does not get it at all. What with this ? I have tried many solutions that I found  on the Internet.

Thank you for help.

Average of ratings: -
In reply to Adam Karas

Re: Moodle - IIS, Internet access problem

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

What you're describing sounds complicated. A Moodle site can only have a single address which is specified, as you've seen, in config.php. All access has to use that address, you can't have one address for intranet access and a different one for Internet access.

The issue may be related to the address(es) your site is bound to in IIS. Basically you can have a default site not bound to any specific address and port, then individual sites which IIS will respond to based on the domain name (or IP address) and port that the browser uses to connect. So any IIS binding must match the address used in config.php.

If you can post the details here, even if you want to change IP addresses or domain names to keep the details private, that would help. E.g. what are you typing into your browser, where is it redirecting to and with what HTTP status code (such as 302)? Your browser should be able to show the the redirects (e.g. for Firefox).

Average of ratings: -
In reply to Leon Stringer

Re: Moodle - IIS, Internet access problem

by Adam Karas -

1. IIS bindings

2. Config.php 


3. Router (Mikrotik RB) config


4. Router log (something happens, but timeouts now)




Average of ratings: -
In reply to Adam Karas

Re: Moodle - IIS, Internet access problem

by Ken Task -
Picture of Particularly helpful Moodlers

Not a Windows/IIS  person, but shouldn't wwwroot in config.php be a url:

http:// or https:// if you have a valid cert for the server .. then IP ... better if it were a FQDN .. wouldn't it?

'spirit of sharing', Ken


Average of ratings: -
In reply to Adam Karas

Re: Moodle - IIS, Internet access problem

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

To confirm what Ken says, wwwroot must be a URL with an http or https prefix for the page to load correctly. If you're connecting to the port 443 binding on IIS then this would be 'https://193.165.x.y:446'.

Even if wwwroot is incorrect you should still get a response (an error or an incorrectly formatted page). If your browser is getting a timeout you'll need to investigate what's going on between the browser, the firewall and IIS because the timeout isn't a Moodle problem

Average of ratings: -
In reply to Leon Stringer

Re: Moodle - IIS, Internet access problem

by Adam Karas -

Config.php - add https://...

Now, too many redirects error.

You can try it 

https://193.165.146.253:446


Average of ratings: -
In reply to Adam Karas

Re: Moodle - IIS, Internet access problem

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

What might be happening is that the browser request on port 446 is being changed to 443 by the NAT rule so IIS, and consequently Moodle, sees the request on that port with doesn't match the port in wwwroot and sends the redirect back to 446 as a result.

I think it's worth trying adding $CFG->reverseproxy = true; to config.php to see if that stops the redirects. You might get the error "Reverse proxy enabled, server can not be accessed directly, sorry". Let us know.

Average of ratings: Useful (1)
In reply to Leon Stringer

Re: Moodle - IIS, Internet access problem

by Adam Karas -

Yes.

Reverse proxy enabled, server can not be accessed directly, sorry.
Please contact server administrator.

Average of ratings: -
In reply to Adam Karas

Re: Moodle - IIS, Internet access problem

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

It looks like Moodle doesn't allow for this scenario, i.e. having a port specified in wwwroot (446) which doesn't match the port the server is being accessed on (443). I think there are two options:

1. Add an IIS binding for https on port 446 and reconfigure the NAT rule to access the IIS server on 446 instead of 443.

2. An alternative would be to edit lib/setuplib.php and find the lines below:

    // hopefully this will stop all those "clever" admins trying to set up moodle
    // with two different addresses in intranet and Internet
    if (!empty($CFG->reverseproxy) && $rurl['host'] === $wwwroot['host']) {
        print_error('reverseproxyabused', 'error');
    }

and change the if () statement to:

    if (!empty($CFG->reverseproxy) && $rurl['host'] === $wwwroot['host'] && $rurl['port'] === $wwwroot['port']) {

(This change comes from Tracker issue MDL-63770).

This second option would leave you with non-standard code which may get in the way of keeping your site up to date including important security updates.

Average of ratings: Useful (3)
In reply to Leon Stringer

Re: Moodle - IIS, Internet access problem

by Adam Karas -

Option 1 = timeout

Option 2 = works!

But how did you write about updates and security, what situations might happen, or how to prevent it ?

And if I do the reverse proxy server in the future, what changes will happen ? Just rewrite the address in config.php to "https://moodle.school.cz" ? Or do I need setup "setuplib" file as it was ?

Thank you so much. 


Average of ratings: -
In reply to Adam Karas

Re: Moodle - IIS, Internet access problem

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

Great news!

Updates and security: You should plan to periodically apply updates to your site's source code to ensure you have any bug fixes and security updates. If your site's source code has been modified then every time you update the source code you will need to make this additional modification. It's just something you need to be aware of. Hopefully MDL-63770 will get fixed in a future update and you'll no longer need to do this.

If you're going to change the site's address, I'd recommend doing that now before anyone starts adding links within the site using the old address (although you can change these). But you should just need to change wwwroot in config.php.

Average of ratings: Useful (1)