Your site configuration might not be secure

Your site configuration might not be secure

by David Bruere -
Number of replies: 6

Hi,

I just installed Moodle on Siteground using their one-click installer.

According to the server environment, I am running 3.11 (Build: 20210517)

After logging in there are notifications that saying:

(1) Your site configuration might not be secure. Please make sure that your dataroot directory (/home/customer/www/lms.breakthroughmathematics.org/public_html/wqfxasxo/moodledata) is not directly accessible via web.

(2) Enabling the PHP setting display_errors is not recommended on production sites because some error messages may reveal sensitive information about your server.

(3) The admin/cli/cron.php script has not been run for 18 hours 41 mins and should run every 1 min.

Any guidence on how to resovle these (or pointing me to the correct documentation) would be greatly apprciated.

Thanks in advance!

David.


Average of ratings: -
In reply to David Bruere

Re: Your site configuration might not be secure

by Ken Task -
Picture of Particularly helpful Moodlers

Ugh!  'one click installer' ... evidently it didn't follow moodle's official docs for installing!

See: https://docs.moodle.org/311/en/Installing_Moodle

https://docs.moodle.org/311/en/Installing_Moodle#Create_the_.28moodledata.29_data_directory

Guess ...

SiteGround actually has their infrastructure on Google.
SG also has it's own panel, but ... is the one click installer
called Softaculous?

Questions ... because you shared paths in the errors you have seen we know it's Linux ... but that OS?   Got ssh into your server?   If so, ssh and issue: uname -an

If you are running apache server, one could put an .htaccess file
in your moodledata that contains:

deny from all
AllowOverride None
Note: this file is broken intentionally, we do not want anybody to undo it in subdirectory!

nginx doesn't use .htaccess files.

Suggestion/guess:

lms.breakthroughmathematics.org/public_html/*moodle codegoes here  moodledata could be in lms.breakthroughmathematics.org/ at the same level as public_html

The config.php file in moodle code has to have the path to moodledata.   Edit it using SG's panel/file browser ... select config.php and click edit button.    Am assuming they have one! smile


2. has to do with debugging ... and what it says is true.  But to see what issues there are for the install, debugging is the only way to actually know (better than my guesses).    Once solved you can turn off debugging.

3. is cron job ... have to use whatever you have in SG's panel to setup a cron job for:
/path/to/php-cli/ /path/to/moodlecode/admin/cli/cron.php to run once every minute.

https://docs.moodle.org/311/en/Cron

If SG's one click installer didn't follow Moodle Doc's, suggest taking it up with SG support and ask why! :|

BTW, I host a moodle on GCE (Google) use Moodle's official installing docs just fine ... no issues.

'SoS', Ken


Average of ratings: Useful (2)
In reply to Ken Task

Re: Your site configuration might not be secure

by David Bruere -
Hi Ken,

Thanks so much for your detailed response!

I have been googling and reading through siteground's documentation to help form a worthwhile response to your questions.

I could not see any information about what installer Siteground uses in the control panel nor in their documentation.

It seems like I should be able to use SSH because I have been able to generate an SSH key (but I'm not sure what to do with it).

I can't see an htaccess file in the file browser for the Moodle installation but I do have an htaccess file on my wordpress installation. So maybe htaccess is possible?

Before going on, though, would I be better off starting again and installing manually? Or even setting up a VPS where I can configure the server to exact specifications that work best for Moodle?

If so, is it safe to use my current siteground Moodle installation to just play around for now?

Thanks in advance for any advice you can give me.

David.
Average of ratings: -
In reply to David Bruere

Re: Your site configuration might not be secure

by Ken Task -
Picture of Particularly helpful Moodlers

Like I said ... don't have a SG account ... just have been into one trying to help someone else resolve issues.   Will say, and this video says same thing, I found SG's panel to be lacking ... nothing like cPanel nor other panels.   You may have already discovered one ... setup ssh keys but no docs on how to use them (that's kinda brain dead isn't it? :\)

Like most hosting sites, WordPresses are easy ... they don't have any special setups and after install WP's can be updated from within the WP admin interface.   Moodle ... not so .. it has special requirements for things like location of moodledata directory.   As I've already shared, moodledata is to be outside of 'document root' which is an domain/apache setting ... in your account (public_html).  The video says there aren't any 'subdomains' in their system.

In your case, am guessing you have WP at your document root and you attempted one click installer that put moodle inside a word press?   What url do you use to hit the WP?   The one you show for moodle is lms.blah.

Best advice I can give you is just like the video said ... find, if you can, all tutorials and videos for SG.  I've not found one for setting up a moodle on SiteGround using their panel.

Sent you a PM.   Please reply there!

'SoS', Ken



Average of ratings: Useful (1)
In reply to Ken Task

Re: Your site configuration might not be secure

by David Bruere -
Yikes!

With the cost of VPSs now, maybe I should just set one up instead of using Siteground?
Average of ratings: -
In reply to David Bruere

Re: Your site configuration might not be secure

by Ken Task -
Picture of Particularly helpful Moodlers

From the looks of SG's panel, they are all about WordPress! :|

From config.php file:

$CFG->dataroot = (__DIR__ . '/wqfxasxo/moodledata');

It's installer is trying to comply ... the wqfxasxo ... but it's in public_html and moodle doesn't like that.

Typical path is full path ... like
/var/www/moodledata

Your setup trying to use the php (_DIR_ concactated (the dot) with
./wq..../moodledata')

Before you move, contact SG support and inquire.

IF, they say 'no can do', then either live with complaint or host else where - more moodle friendly.

The acid test:

https://yoursite/wqfxasxo/moodledata/

can you see folders/files without logging on?

Also ... seen in SG's panel:

1 GB storage
Inode limit ... 96840 - number of files and folders.
Both above might bite ya once you begin to develop the moodle site.

moodle310 code: 28965

moodledata for above

8702    ./moodle310data

But that's a tinker site ... not really full blown moodle with 1000's of users.

'SoS', Ken

Average of ratings: Useful (1)
In reply to David Bruere

Re: Your site configuration might not be secure

by Visvanath Ratnaweera -
Picture of Particularly helpful Moodlers Picture of Translators
Quoting the video tour:
"The new SiteGround Control Panel as of August 2019 ... The site tech changes all the time..."

I wonder how much changed in controlling a LAMP through the command line changed during its whole life time, which is nearing 30 years https://linuxfoundation.org/linux30th.
wink
Average of ratings: -