Https issue

Https issue

by felipe jareta -
Number of replies: 11

Hi everybody!

I have an enviromment that runs moodle in docker container. I tried to add a let's encrypt certificate in the moodle's page but an issue ocors and broke the page. I cannot to log on page also when the certificate is active.

I did try modify the data config.php at line  $CFG->wwwroot   = 'https://  but not solved. 

I did follow others tutorials, any forms, ways, and nothing solved.


My config.php default is this:


<?php  // Moodle configuration file


unset($CFG);

global $CFG;

$CFG = new stdClass();


$CFG->dbtype    = 'mariadb';

$CFG->dblibrary = 'native';

$CFG->dbhost    = 'localhost';

$CFG->dbname    = 'bitnami_moodle';

$CFG->dbuser    = 'bn_moodle';

$CFG->dbpass    = 'password';

$CFG->prefix    = 'mdl_';

$CFG->dboptions = array (

  'dbpersist' => 0,

  'dbport' => 3306,

  'dbsocket' => '',

  'dbcollation' => 'utf8mb4_general_ci',

);


if (empty($_SERVER['HTTP_HOST'])) {

 $_SERVER['HTTP_HOST'] = '127.0.0.1:80';

    }


    if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {

 $CFG->wwwroot   = 'https://' . $_SERVER['HTTP_HOST'];

    } else {

 $CFG->wwwroot   = 'http://' . $_SERVER['HTTP_HOST'];

    };

$CFG->dataroot  = '/bitnami/moodle/moodledata';

$CFG->admin     = 'admin';


$CFG->directorypermissions = 02775;


require_once('/opt/bitnami/moodle' . '/lib/setup.php');


// There is no php closing tag in this file,

// it is intentional because it prevents trailing whitespace problems!


If someone can a help me, i thank so much.

Average of ratings: -
In reply to felipe jareta

Re: Https issue

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
There's some stuff in there that isn't "standard" Moodle. We have no idea why it was done that way...
Average of ratings: -
In reply to felipe jareta

Re: Https issue

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

Could you describe what's happening when the problem occurs? A screenshot might help.

Average of ratings: -
In reply to felipe jareta

Re: Https issue

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers
What exactly do you mean by "broke the page"? Did you run the replace tool to update the database?
Average of ratings: -
In reply to Emma Richardson

Re: Https issue

by felipe jareta -
Hi Emma.

The print is attachmented.
It's ocorrs when the ssl are active. Also i cannot to log on page.

I tried modify the config.php adding https on $CFG->wwwroot, also tried to add the certificate manually in apache but don't work.

Attachment Sem título.jpg
Average of ratings: -
In reply to felipe jareta

Re: Https issue

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers
What happens when you try to log in? You have not run the replace tool - you need to update your database to switch out all instances of your url with https:// - I also suggest clearing caches after you do that?
Average of ratings: -
In reply to felipe jareta

Re: Https issue

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

Well regardless of what you think $CFG->wwwroot is being set to the effective setting is HTTP. The main page is being loaded over HTTPS but the browser blocks the site's other files, which are HTTP due to $CFG->wwwroot, so CSS and JavaScript aren't loaded.

So if you've set this to HTTPS presumably some of stuff that isn't standard Moodle that Howard mentioned changes this. You'll need to find out what added this code, what it's supposed to be doing and why it's not working. In the sample config.php there's no use of $_SERVER[].

Possibly the web server inside the container is not seeing the connection as HTTPS, i.e. $_SERVER['HTTPS'] isn't true within the container.

You could try setting $CFG->wwwroot = 'https://…' after all that code. You might need $CFG->sslproxy = true too.

Average of ratings: -
In reply to felipe jareta

Re: Https issue

by Ken Task -
Picture of Particularly helpful Moodlers

Have you consulted BitNami docs?

Please see:

https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/

Also review/check:

https://docs.moodle.org/38/en/Nginx

https://docs.bitnami.com/aws/apps/moodle/administration/generate-configure-certificate-letsencrypt/ - where it says:

'IMPORTANT: The Bitnami HTTPS Configuration Tool does not support configuring NGINX web servers yet. If you use NGINX, please follow the alternative approach section."

Alt approach section link.

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/#alternative-approach

'SoS', Ken

Average of ratings: -
In reply to Ken Task

Re: Https issue

by felipe jareta -
Hi Ken!
Oh it's explained... I have a Nginx Server...
I did create a vhost to moodle and so i execute the Certbot to Let's Encrypt to add the SSL certificate.

I Followed that Tutorial:

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/#alternative-approach

When i try execute this from Moodle Container "/opt/bitnami/bncert-tool" and tappying my domain, appear an error saying...

"Warning: The domain 'escolavirtual.qa.tce.sc.gov.br' resolves to a different IP
address than the one detected for this machine, which is '(my internal DNS IP)'. Please
fix its DNS entries or remove it. For more info see:"

This Domain has register into my on-premise enviromment and on Cloud. My Question is....

Is that DNS should be registrated only in external enviromment?

Thank you for your Help!
Attachment Sem título.jpg
Average of ratings: -
In reply to felipe jareta

Re: Https issue

by Ken Task -
Picture of Particularly helpful Moodlers

Bitnami ... then the best resource for issues with a Bitnami Moodle is Bitnami forums.

https://community.bitnami.com/c/moodle

As far as DNS ... click on whatever it said to click on cause we can't! smile

IF it will help here's what a dig shows to one of my servers:

 dig escolavirtual.qa.tce.sc.gov.br

;; ANSWER SECTION:

escolavirtual.qa.tce.sc.gov.br.    43200 IN A    200.19.192.9

and a reverse lookup shows:

dig -x 200.19.192.9

;; QUESTION SECTION:
;9.192.19.200.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:
9.192.19.200.in-addr.arpa. 86400 IN    CNAME    9.0-26.192.19.200.in-addr.arpa.
9.0-26.192.19.200.in-addr.arpa.    86400 IN PTR    vm81.tce.sc.gov.br.

note CNAME (an alias) to the last line ... which is a range of ip's 9.from 0. to 26 ...

all going to vm81.tce.sc.gov.br .... maybe that's why LetsEncrypt is complaining ... don't know.

'SoS', Ken


Average of ratings: -
In reply to Ken Task

Re: Https issue

by Ken Task -
Picture of Particularly helpful Moodlers

In addition, when nginx or apache starts it likes to know it's name ... FQDN.

DNS resolutions on linux boxen use /etc/resolv.conf

There one would fine DNS servers ... IF .... IF .. your server is really on a private network ... it's real ip address is a 10. or some other private IP (.gov systems would be likely candidates for networks as such), your /etc/resolv.conf might be pointed to an internal DNS server whose DNS map might be to a private IP.

Letsencrypt can only talk to the outside IP's/DNS systems.

There's also references to host name in /etc/hosts file.

On systems that lacked internal DNS servers I have used the free Google resolvers before .. 8.8.8.8 and 8.8.4.4

'SoS', ,Ken


Average of ratings: -