From a698319d738004c0c6c901f12c9dc3f112783ba6 Mon Sep 17 00:00:00 2001 From: stevensting Date: Mon, 1 Dec 2025 11:41:01 +0100 Subject: [PATCH 1/4] setup repo for moodle --- .drone.yml | 6 +-- .env.sample | 2 +- README.md | 66 +++++++----------------------- release/2.0.0+8.4.3-fpm-alpine3.20 | 3 -- 4 files changed, 18 insertions(+), 59 deletions(-) delete mode 100644 release/2.0.0+8.4.3-fpm-alpine3.20 diff --git a/.drone.yml b/.drone.yml index dcc3a38..c132282 100644 --- a/.drone.yml +++ b/.drone.yml @@ -6,7 +6,7 @@ steps: image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest settings: host: swarm-test.autonomic.zone - stack: custom-php + stack: moodle networks: - proxy generate_secrets: true @@ -14,8 +14,8 @@ steps: deploy_key: from_secret: drone_ssh_swarm_test environment: - DOMAIN: custom-php.swarm-test.autonomic.zone - STACK_NAME: custom-php + DOMAIN: moodle.swarm-test.autonomic.zone + STACK_NAME: moodle LETS_ENCRYPT_ENV: production SECRET_DB_PASSWORD_VERSION: v1 SECRET_DB_ROOT_PASSWORD_VERSION: v1 diff --git a/.env.sample b/.env.sample index fcbaed3..2ce0010 100644 --- a/.env.sample +++ b/.env.sample @@ -1,4 +1,4 @@ -TYPE=custom-php +TYPE=moodle DOMAIN=example.com ## Domain aliases diff --git a/README.md b/README.md index 61c68d2..3ce9591 100644 --- a/README.md +++ b/README.md @@ -1,64 +1,26 @@ -# custom-php +# moodle -Coöp Cloud + [PHP](https://php.org) + MariaDB (optional) + Nginx = 🥳 +Coöp Cloud + [moodle](https://moodle.org/) + [PHP](https://php.org) + MariaDB (optional) + Nginx = 🥳 -* **Category**: Development -* **Status**: 3, stable +* **Maintainer**: [@stevensting](https://git.coopcloud.tech/stevensting) +* **Category**: Learning +* **Status**: ..., development * **Image**: [`php`](https://hub.docker.com/_/php), 4, upstream -* **Healthcheck**: Yes -* **Backups**: Yes -* **Email**: 3 -* **Tests**: 2 -* **SSO**: No +* **Healthcheck**: ... +* **Backups**: ... +* **Email**: ... +* **Tests**: ... +* **SSO**: ... ## Basic usage -1. Set up Docker Swarm and [`abra`][abra] -2. Deploy [`coop-cloud/traefik`][cc-traefik] -3. `abra app new custom-php --secrets` (optionally with `--pass` if you'd like - to save secrets in `pass`) -4. `abra app config YOURAPPDOMAIN` - - be sure to change `$DOMAIN` to something that resolves to - your Docker swarm box - - if you need to enable the optional database, uncomment `COMPOSE_FILE="compose.yml:compose.mariadb.yml"` in which case configure your site to load the DB credentials from env: - - `getenv('DB_NAME');` - - `getenv('DB_HOST');` - - `getenv('DB_USER');` - - `@file_get_contents(getenv('DB_PASSWORD_FILE'));` -5. Deploy with `abra app deploy YOURAPPDOMAIN` -6. Copy your site files using something like: `abra app cp YOURAPPDOMAIN index.html app:/var/www/html/` or if you want to copy an entire directory: `tar -cf - -C my_site/path/here . | abra app cp YOURAPPDOMAIN - app:/var/www/html/` -7. Use [restore functionality](https://docs.coopcloud.tech/backup-restore/) to import a SQL file into the db -8. Open the configured domain in your browser to check all is good - - -## Extra - -Indicate extensions you need in the `PHP_EXTENSIONS` env var. The entrypoint script will install them on startup. The same for necessary packages with -`INSTALL_PACKAGES` -You can see what PHP extensions compiled into the image by checking the output of `abra app run YOURAPPDOMAIN app "php -m"` - -You can see the PHP config and environment by checking the output of `abra app run YOURAPPDOMAIN app "php -i"` - - -## Email - -There is a local or remote SMTP relay configuration available. - -* **local**: `COMPOSE_FILE=compose.yml:compose.mailrelay.yml` -* **remote**: `COMPOSE_FILE=compose.yml:compose.mailrelay.yml:compose.smtp.yml` - -Below are the instructions for the local relay. - -1. Deploy [`postfix-relay`][cc-postfix-relay] -2. `abra app config YOURAPPDOMAIN`, and uncomment the email lines; change - `MAIL_FROM` to make sure the domain is the same as `postfix-relay`'s - `$DOMAIN` or in its `$EXTRA_SENDER_DOMAINS` +1. `abra app new moodle --secrets` +2. `abra app config YOURAPPDOMAIN` + - be sure to change `$DOMAIN` to something that resolves to your Docker swarm box 3. `abra app deploy YOURAPPDOMAIN` -[abra]: https://git.autonomic.zone/autonomic-cooperative/abra -[cc-traefik]: https://git.autonomic.zone/coop-cloud/traefik -[cc-postfix-relay]: https://git.autonomic.zone/coop-cloud/traefik + diff --git a/release/2.0.0+8.4.3-fpm-alpine3.20 b/release/2.0.0+8.4.3-fpm-alpine3.20 deleted file mode 100644 index d50e0ee..0000000 --- a/release/2.0.0+8.4.3-fpm-alpine3.20 +++ /dev/null @@ -1,3 +0,0 @@ -This version adds optional HTTPD (apache) support, instead of the default Nginx. -This "should" be "fine", but please proceed with caution, taking a backup before -upgrade probably even more important than usual. -- 2.49.0 From 139f62e48e1559374fe648e92958607e1dde1443 Mon Sep 17 00:00:00 2001 From: stevensting Date: Mon, 1 Dec 2025 11:55:21 +0100 Subject: [PATCH 2/4] more switching to moodle --- .env.sample | 16 ++++++---------- compose.mariadb.yml | 11 +++++------ entrypoint.sh.tmpl | 6 +++--- 3 files changed, 14 insertions(+), 19 deletions(-) diff --git a/.env.sample b/.env.sample index 2ce0010..bd288ab 100644 --- a/.env.sample +++ b/.env.sample @@ -15,17 +15,13 @@ APP_ENV=prod #PHP_VERSION=7.4-fpm-alpine ## Extra extensions you need as a space separated list (run `abra app YOURAPPDOMAIN run app "php -m"` to see already active extensions) -PHP_EXTENSIONS="pdo_mysql" -## Uncomment to install more packages, space separated -#INSTALL_PACKAGES="libxslt-dev" +## Uncomment to install more PHP extensions or Linux packages +#PHP_EXTENSIONS="" +#INSTALL_PACKAGES="" -# Optional database -#COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml" -#SECRET_DB_ROOT_PASSWORD_VERSION=v1 -#SECRET_DB_PASSWORD_VERSION=v1 -# Optionally override database name and user -#DB_NAME=site -#DB_USER=site +COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml" +SECRET_DB_ROOT_PASSWORD_VERSION=v1 +SECRET_DB_PASSWORD_VERSION=v1 # Local SMTP relay #COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml" diff --git a/compose.mariadb.yml b/compose.mariadb.yml index 8a73d1e..0286959 100644 --- a/compose.mariadb.yml +++ b/compose.mariadb.yml @@ -3,24 +3,23 @@ services: app: environment: - DB_HOST=${STACK_NAME}_db - # - DB_HOST=db - - DB_USER=${DB_USER:-site} + - DB_USER=moodle - DB_PASSWORD_FILE=/run/secrets/db_password - - DB_NAME=${DB_NAME:-site} + - DB_NAME=moodle secrets: - db_password depends_on: - db db: - image: "mariadb:10.6" + image: "mariadb:12.1" volumes: - "mariadb:/var/lib/mysql" networks: - backend environment: - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password - - MYSQL_DATABASE=${DB_NAME:-site} - - MYSQL_USER=${DB_USER:-site} + - MYSQL_DATABASE=moodle + - MYSQL_USER=moodle - MYSQL_PASSWORD_FILE=/run/secrets/db_password secrets: - db_password diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl index 0b7e14a..6d9ad04 100644 --- a/entrypoint.sh.tmpl +++ b/entrypoint.sh.tmpl @@ -1,12 +1,12 @@ #!/bin/sh {{ if (env "INSTALL_PACKAGES") }} -apk add {{ env "INSTALL_PACKAGES" }} +apk add libzip-dev {{ env "INSTALL_PACKAGES" }} {{ end }} {{ if (env "PHP_EXTENSIONS") }} -echo Installing PHP extensions: {{ env "PHP_EXTENSIONS" }} -docker-php-ext-install {{ env "PHP_EXTENSIONS" }} +echo Installing PHP extensions: pdo_mysql zip {{ env "PHP_EXTENSIONS" }} +docker-php-ext-install pdo_mysql zip {{ env "PHP_EXTENSIONS" }} {{ end }} exec "$@" -- 2.49.0 From f6410f9239eadfd4a37e01ae6a84c2d4e75d00d6 Mon Sep 17 00:00:00 2001 From: stevensting Date: Mon, 1 Dec 2025 11:56:20 +0100 Subject: [PATCH 3/4] add maintenance information --- MAINTENANCE.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 MAINTENANCE.md diff --git a/MAINTENANCE.md b/MAINTENANCE.md new file mode 100644 index 0000000..bd54b37 --- /dev/null +++ b/MAINTENANCE.md @@ -0,0 +1,24 @@ +# Moodle Recipe Maintenance + +All contributions should be made via a pull request. This is to ensure a certain quality / consistency, that others can rely on. + + +## Maintainer Responsibilities + +A recipe maintainer has the following responsibilities: +- respond to pull requests / issues within a week +- make image security updates within a day +- make image patch / minor updates within a week +- make image major updates within a month + +In order to fullfill these responsibilities a recipe maintainer: +- has to watch the repository (to get notifications) +- needs to make sure renovate is configured properly + +## Merge rules + +A pull request can be merged if it is approved by at least one maintainer. For pull requests opened by a maintainer they need to be approved by another maintainer. + +## Becoming a maintainer + +Everyone can apply to be a recipe maintainer. Simply add your self to the list in the [README.md](./README.md) and open a new pull request with the change. -- 2.49.0 From ea9e9162c905ed31fe869baddec6243b861ede84 Mon Sep 17 00:00:00 2001 From: stevensting Date: Thu, 4 Dec 2025 13:50:34 +0100 Subject: [PATCH 4/4] setting up moodle continued. now it is able to start up --- .env.sample | 21 +- README.md | 17 +- abra.sh | 11 +- compose.httpd.yml | 42 -- compose.version.yml | 6 - compose.yml | 38 +- config-dist.php.tmpl | 1347 ++++++++++++++++++++++++++++++++++++++++++ entrypoint.httpd.sh | 10 - entrypoint.sh.tmpl | 44 +- httpd-vhosts.conf | 17 - nginx.conf | 51 +- php.ini | 17 + uploads.ini | 5 - 13 files changed, 1495 insertions(+), 131 deletions(-) delete mode 100644 compose.httpd.yml delete mode 100644 compose.version.yml create mode 100644 config-dist.php.tmpl delete mode 100644 entrypoint.httpd.sh delete mode 100644 httpd-vhosts.conf create mode 100644 php.ini delete mode 100644 uploads.ini diff --git a/.env.sample b/.env.sample index bd288ab..2c3031e 100644 --- a/.env.sample +++ b/.env.sample @@ -6,13 +6,17 @@ DOMAIN=example.com LETS_ENCRYPT_ENV=production COMPOSE_FILE=compose.yml -ROOT_PATH=/var/www/html -# environment (needed for PHP frameworks like laravel/symphony) -APP_ENV=prod - -## Optional: Specify alternative PHP version -#COMPOSE_FILE=$COMPOSE_FILE:compose.version.yml -#PHP_VERSION=7.4-fpm-alpine +# moodle settings, set to override defaults +#MOODLE_VERSION=stable501/moodle-latest-501 +#MOODLE_LANGUAGE=en +#MOODLE_TIMEZONE=Europe/Berlin +#MOODLE_FULLNAME=Moodle site +#MOODLE_SHORTNAME=MS +#MOODLE_ADMINNAME=admin +#MOODLE_ADMINMAIL=mail@example.com +#MOODLE_SUMMARY=site description... +#MOODLE_SUPPORTMAIL=support@example.com +SECRET_ADMIN_PASSWORD_VERSION=v1 ## Extra extensions you need as a space separated list (run `abra app YOURAPPDOMAIN run app "php -m"` to see already active extensions) ## Uncomment to install more PHP extensions or Linux packages @@ -36,6 +40,3 @@ SECRET_DB_PASSWORD_VERSION=v1 #SMTP_AUTH=on #SMTP_TLS=on #SECRET_SMTP_PASSWORD_VERSION=v1 - -# Use httpd instead of nginx -#COMPOSE_FILE="$COMPOSE_FILE:compose.httpd.yml" diff --git a/README.md b/README.md index 3ce9591..d0aa833 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,18 @@ -# moodle +# Moodle -Coöp Cloud + [moodle](https://moodle.org/) + [PHP](https://php.org) + MariaDB (optional) + Nginx = 🥳 +Learning Management System (LMS) * **Maintainer**: [@stevensting](https://git.coopcloud.tech/stevensting) * **Category**: Learning -* **Status**: ..., development +* **Status**: 0, development * **Image**: [`php`](https://hub.docker.com/_/php), 4, upstream -* **Healthcheck**: ... -* **Backups**: ... -* **Email**: ... -* **Tests**: ... -* **SSO**: ... +* **Healthcheck**: no +* **Backups**: no +* **Email**: no +* **Tests**: no +* **SSO**: no @@ -22,5 +22,6 @@ Coöp Cloud + [moodle](https://moodle.org/) + [PHP](https://php.org) + MariaDB ( 2. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to your Docker swarm box 3. `abra app deploy YOURAPPDOMAIN` + - attention: installing all packages and php extensions necessary can take a couple of minutes. check logs for progress diff --git a/abra.sh b/abra.sh index 2a8ab60..7e055f5 100644 --- a/abra.sh +++ b/abra.sh @@ -1,11 +1,10 @@ # export PHP_VERSION=7.4 -export NGINX_DEFAULT_CONF_VERSION=v7 -export PHP_UPLOADS_CONF_VERSION=v4 -export ENTRYPOINT_CONF_VERSION=v2 +export NGINX_DEFAULT_CONF_VERSION=v1 +export PHP_CONF_VERSION=v1 +export ENTRYPOINT_CONF_VERSION=v1 export ENTRYPOINT_MAILRELAY_CONF_VERSION=v1 -export ENTRYPOINT_HTTPD_CONF_VERSION=v1 -export HTTPD_VHOSTS_CONF_VERSION=v1 -export MSMTP_CONF_VERSION=v3 +export MSMTP_CONF_VERSION=v1 +export MOODLE_CONF_VERSION=v1 abra_backup_app() { _abra_backup_dir "app:/var/www/html/" diff --git a/compose.httpd.yml b/compose.httpd.yml deleted file mode 100644 index 9f26f81..0000000 --- a/compose.httpd.yml +++ /dev/null @@ -1,42 +0,0 @@ -version: "3.8" -services: - frontend: - image: httpd:2.4.62 - networks: - - proxy - depends_on: - - app - deploy: - restart_policy: - condition: on-failure - labels: - - "traefik.enable=true" - - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - # Redirect from EXTRA_DOMAINS to DOMAIN - - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - - coop-cloud.${STACK_NAME}.frontend.version=1.20-c628b67d - volumes: - - site_content:/var/www/html/ - entrypoint: "/docker-entrypoint.sh" - - configs: - - source: entrypoint_httpd_conf - target: /docker-entrypoint.sh - mode: 0555 - - source: httpd_vhosts_conf - target: /usr/local/apache2/conf/extra/httpd-vhosts.conf - - -configs: - entrypoint_httpd_conf: - name: ${STACK_NAME}_entrypoint_httpd_conf_${ENTRYPOINT_HTTPD_CONF_VERSION} - file: entrypoint.httpd.sh - httpd_vhosts_conf: - name: ${STACK_NAME}_httpd_vhosts_conf_${HTTPD_VHOSTS_CONF_VERSION} - file: httpd-vhosts.conf - template_driver: golang diff --git a/compose.version.yml b/compose.version.yml deleted file mode 100644 index 6cf379f..0000000 --- a/compose.version.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -version: "3.8" - -services: - app: - image: php:${PHP_VERSION} diff --git a/compose.yml b/compose.yml index f90953b..6268fb7 100644 --- a/compose.yml +++ b/compose.yml @@ -1,32 +1,46 @@ version: "3.8" services: app: - image: php:8.4.3-fpm-alpine3.20 + image: php:8.4-fpm-alpine3.22 volumes: - - "site_content:/var/www/html/" + - site_content:/var/www/html/ + - moodledata:/var/www/moodledata networks: - backend - proxy environment: - PHP_EXTENSIONS - APP_ENV + - MOODLE_LANGUAGE=${MOODLE_LANGUAGE:-en} + - MOODLE_TIMEZONE=${MOODLE_TIMEZONE:-Europe/Berlin} + - MOODLE_VERSION=${MOODLE_VERSION:-stable501/moodle-latest-501} + - MOODLE_FULLNAME + - MOODLE_SHORTNAME + - MOODLE_ADMINNAME=${MOODLE_ADMINNAME:-admin} + - MOODLE_ADMIN_PASSWORD_FILE=/run/secrets/admin_password + - MOODLE_ADMINMAIL + - MOODLE_SUMMARY + - MOODLE_SUPPORTMAIL configs: - - source: php_uploads_conf - target: /usr/local/etc/php/conf.d/uploads.ini + - source: php_conf + target: /usr/local/etc/php/conf.d/php.ini - source: entrypoint_conf target: /docker-entrypoint.sh mode: 0555 + - source: moodle_conf + target: /var/www/html/config.php entrypoint: /docker-entrypoint.sh deploy: update_config: failure_action: rollback order: start-first labels: - - coop-cloud.${STACK_NAME}.app.version=2.0.0+8.4.3-fpm-alpine3.20 + - coop-cloud.${STACK_NAME}.app.version=0.0.1 frontend: image: nginx:1.20-alpine networks: - proxy + - backend depends_on: - app deploy: @@ -50,7 +64,7 @@ services: target: /etc/nginx/conf.d/default.conf environment: - STACK_NAME - - ROOT_PATH + - ROOT_PATH=/var/www/html/public - DOMAIN # healthcheck: # test: ["CMD", "curl", "-f", "http://localhost"] @@ -60,11 +74,11 @@ services: # start_period: 1m networks: backend: - # internal: true proxy: external: true volumes: site_content: + moodledata: configs: entrypoint_conf: name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION} @@ -74,6 +88,10 @@ configs: name: ${STACK_NAME}_nginx_default_conf_${NGINX_DEFAULT_CONF_VERSION} file: nginx.conf template_driver: golang - php_uploads_conf: - name: ${STACK_NAME}_php_uploads_conf_${PHP_UPLOADS_CONF_VERSION} - file: uploads.ini + php_conf: + name: ${STACK_NAME}_php_conf_${PHP_CONF_VERSION} + file: php.ini + moodle_conf: + name: ${STACK_NAME}_moodle_conf_${MOODLE_CONF_VERSION} + file: config-dist.php.tmpl + template_driver: golang diff --git a/config-dist.php.tmpl b/config-dist.php.tmpl new file mode 100644 index 0000000..a6a6b4d --- /dev/null +++ b/config-dist.php.tmpl @@ -0,0 +1,1347 @@ +dbtype = 'mariadb'; // 'pgsql', 'mariadb', 'mysqli', 'auroramysql', or 'sqlsrv' +$CFG->dblibrary = 'native'; // 'native' only at the moment +$CFG->dbhost = getenv('DB_HOST'); // eg 'localhost' or 'db.isp.com' or IP +$CFG->dbname = getenv('DB_NAME'); // database name, eg moodle +$CFG->dbuser = getenv('DB_USER'); // your database username +$CFG->dbpass = @file_get_contents(getenv('DB_PASSWORD_FILE')); // your database password +$CFG->prefix = 'mdl_'; // prefix to use for all table names +$CFG->dboptions = [ + 'dbpersist' => false, // Should persistent database connections be + // used? Set to 'false' for the most stable + // setting, 'true' can improve performance + // sometimes + 'dbsocket' => false, // Should connection via UNIX socket be used? + // if you set it to 'true' or custom path + // here set dbhost to 'localhost', + // (please note mysql is always using socket + // if dbhost is 'localhost' - if you need + // local port connection use '127.0.0.1') + 'dbport' => '', // The TCP port number to use when connecting + // to the server. Keep empty string for the + // default port + 'dbhandlesoptions' => false, // On PostgreSQL poolers like pgbouncer don't + // support advanced options on connection. + // If you set those in the database then + // the advanced settings will not be sent. + 'dbcollation' => 'utf8mb4_unicode_ci', // MySQL has partial and full UTF-8 + // support. If you wish to use partial UTF-8 + // (three bytes) then set this option to + // 'utf8_unicode_ci'. If using the recommended + // settings with full UTF-8 support this should + // be set to 'utf8mb4_unicode_ci'. This option + // should be removed for all other databases. + // 'dbschema' => '', // On PostgreSQL this sets the database schema to use + // for the connection. + // 'dbtransactions' => null // Set this to true to explicitly enable database transactions + // for MySQL. By default only the following storage engines are + // configured to use transactions: InnoDB, INNOBASE, BDB, XtraDB, + // Aria, Falcon. + // 'versionfromdb' => false, // On MySQL and MariaDB, this can force + // the DB version to be evaluated using + // the VERSION function instead of the version + // provided by the PHP client which could be + // wrong based on the DB server infrastructure, + // e.g. PaaS on Azure. Default is false/unset. + // Uncomment and set to true to force MySQL and + // MariaDB to use 'SELECT VERSION();'. + // 'extrainfo' => [], // Extra information for the DB driver, e.g. SQL Server, + // has additional configuration according to its environment, + // which the administrator can specify to alter and + // override any connection options. + // 'ssl' => '', // A connection mode string from the list below. + // Not supported by all drivers. + // prefer Use SSL if available - postgres default Postgres only + // disable Force non secure connection Postgres only + // require Force SSL Postgres and MySQL + // verify-full Force SSL and verify root CA Postgres and MySQL + // All mode names are adopted from Postgres + // and other databases align where possible: + // Postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNECT-SSLMODE + // MySQL: https://www.php.net/manual/en/mysqli.real-connect.php + // It is worth noting that for MySQL require and verify-full are the same - in both cases + // verification will take place if you specify hostname as a name, + // and it will be omitted if you put an IP address. + // 'fetchbuffersize' => 100000, // On PostgreSQL, this option sets a limit + // on the number of rows that are fetched into + // memory when doing a large recordset query + // (e.g. search indexing). Default is 100000. + // Uncomment and set to a value to change it, + // or zero to turn off the limit. You need to + // set to zero if you are using pg_bouncer in + // 'transaction' mode (it is fine in 'session' + // mode). + // 'clientcompress' => true // Use compression protocol to communicate with the database server. + // Decreases traffic from the database server. + // Not needed if the databse is on the same host. + // Currently supported only with mysqli, mariadb, and aurora drivers. + // 'connecttimeout' => null, // Set connect timeout in seconds. Not all drivers support it. + // 'logall' => false, // Log all queries to the database. They are stored in the table log_queries. + // 'logslow' => 0, // Log slow queries to the database. They are stored in the table log_queries. + // This parameter controls the threshold in milliseconds and requires an integer, + // not a string! + // 'logerror' => false, // Log erroneous queries to the database. They are stored in the table log_queries. + // 'bulkinsertsize' => null, // Set the bulk insert size for database operations. MySQL has a relatively small + // query length limit by default, make sure 'max_allowed_packet' in my.cnf is + // high enough if you set this setting. + // 'readonly' => [ // Set to read-only replica details, to get safe reads + // from there instead of the primary node. Optional. + // Currently supported by pgsql and mysqli variety classes. + // If not supported silently ignored. + // 'instance' => [ // Readonly replica connection parameters + // [ + // 'dbhost' => 'replica.dbhost', + // 'dbport' => '', // Defaults to primary port + // 'dbuser' => '', // Defaults to primary user + // 'dbpass' => '', // Defaults to primary password + // ], + // [...], + // ], + /* + Instance(s) can alternatively be specified as: + 'instance' => 'replica.dbhost', + 'instance' => ['replica.dbhost1', 'replica.dbhost2'], + 'instance' => ['dbhost' => 'replica.dbhost', 'dbport' => '', 'dbuser' => '', 'dbpass' => ''], + + 'connecttimeout' => 2, // Set read-only replica connect timeout in seconds. See above. + 'latency' => 0.5, // Set read-only replica sync latency in seconds. + // When 'latency' seconds have lapsed after an update to a table + // it is deemed safe to use readonly replica for reading from the table. + // It is optional, defaults to 1 second. If you want once written to a table + // to always use primary handle for reading set it to something ridiculosly big, + // eg 10. + // Lower values increase the performance, but setting it too low means + // missing the primary-replica sync. + 'exclude_tables' => [ // Tables to exclude from read-only replica feature. + 'table1', // Should not be used, unless in rare cases when some area of the system + 'table2', // is malfunctioning and you still want to use readonly feature. + ], // Then one can exclude offending tables while investigating. + + More info available in lib/dml/moodle_read_replica_trait.php where the feature is implemented. + ] + */ +]; + + +//========================================================================= +// 2. WEB SITE LOCATION +//========================================================================= +// Now you need to tell Moodle where it is located. Specify the full +// web address to where moodle has been installed. If your web site +// is accessible via multiple URLs then choose the most natural one +// that your students would use. Do not include a trailing slash +// +// If you need both intranet and Internet access please read +// http://docs.moodle.org/en/masquerading + +$CFG->wwwroot = 'https://{{ env "DOMAIN" }}'; + +// Generally it is not advisable to use a wwwroot that ends in 'public'. +// This is because the 'public' directory is used to serve web-accessible content. +// Moodle looks for any URL which ends in 'public' and assumes that it is a misconfiguration. +// In the event that there is a need to have a wwwroot that ends in 'public', the +// following setting can be used to override this check. +$CFG->wwwrootendsinpublic = false; + +//========================================================================= +// 3. DATA FILES LOCATION +//========================================================================= +// Now you need a place where Moodle can save uploaded files. This +// directory should be readable AND WRITEABLE by the web server user +// (usually 'nobody' or 'apache'), but it should not be accessible +// directly via the web. +// +// - On hosting systems you might need to make sure that your "group" has +// no permissions at all, but that "others" have full permissions. +// +// - On Windows systems you might specify something like 'c:\moodledata' + +$CFG->dataroot = '/var/www/moodledata'; + +// Whether the Moodle router is fully configured. +// +// From Moodle 4.5 this is set to false. +// The default value will change in a future release. +// +// When not configured on the web server it must be accessed via https://example.com/moodle/r.php +// When configured the on the web server the 'r.php' may be removed. +$CFG->routerconfigured = true; + +//========================================================================= +// 4. DATA FILES PERMISSIONS +//========================================================================= +// The following parameter sets the permissions of new directories +// created by Moodle within the data directory. The format is in +// octal format (as used by the Unix utility chmod, for example). +// The default is usually OK, but you may want to change it to 0750 +// if you are concerned about world-access to the files (you will need +// to make sure the web server process (eg Apache) can access the files. +// NOTE: the prefixed 0 is important, and don't use quotes. + +$CFG->directorypermissions = 02777; + + +//========================================================================= +// 5. ADMIN DIRECTORY LOCATION (deprecated) +//========================================================================= +// Please note: Support from this feature has been deprecated and it will be +// removed after Moodle 4.2. +// +// A very few webhosts use /admin as a special URL for you to access a +// control panel or something. Unfortunately this conflicts with the +// standard location for the Moodle admin pages. You can work around this +// by renaming the admin directory in your installation, and putting that +// new name here. eg "moodleadmin". This should fix all admin links in Moodle. +// After any change you need to visit your new admin directory +// and purge all caches. + +$CFG->admin = 'admin'; + + +//========================================================================= +// 6. OTHER MISCELLANEOUS SETTINGS (ignore these for new installations) +//========================================================================= +// +// These are additional tweaks for which no GUI exists in Moodle yet. +// +// Starting in PHP 5.3 administrators should specify default timezone +// in PHP.ini, you can also specify it here if needed. +// See details at: http://php.net/manual/en/function.date-default-timezone-set.php +// List of time zones at: http://php.net/manual/en/timezones.php + date_default_timezone_set(getenv('MOODLE_TIMEZONE')); +// +// Change the key pair lifetime for Moodle Networking +// The default is 28 days. You would only want to change this if the key +// was not getting regenerated for any reason. You would probably want +// make it much longer. Note that you'll need to delete and manually update +// any existing key. +// $CFG->mnetkeylifetime = 28; +// +// Not recommended: Set the following to true to allow the use +// off non-Moodle standard characters in usernames. +// $CFG->extendedusernamechars = true; +// +// Allow user passwords to be included in backup files. Very dangerous +// setting as far as it publishes password hashes that can be unencrypted +// if the backup file is publicy available. Use it only if you can guarantee +// that all your backup files remain only privacy available and are never +// shared out from your site/institution! +// $CFG->includeuserpasswordsinbackup = true; +// +// Completely disable user creation when restoring a course, bypassing any +// permissions granted via roles and capabilities. Enabling this setting +// results in the restore process stopping when a user attempts to restore a +// course requiring users to be created. +// $CFG->disableusercreationonrestore = true; +// +// Keep the temporary directories used by backup and restore without being +// deleted at the end of the process. Use it if you want to debug / view +// all the information stored there after the process has ended. Note that +// those directories may be deleted (after some ttl) both by cron and / or +// by new backup / restore invocations. +// $CFG->keeptempdirectoriesonbackup = true; +// +// Modify the restore process in order to force the "user checks" to assume +// that the backup originated from a different site, so detection of matching +// users is performed with different (more "relaxed") rules. Note that this is +// only useful if the backup file has been created using Moodle < 1.9.4 and the +// site has been rebuilt from scratch using backup files (not the best way btw). +// If you obtain user conflicts on restore, rather than enabling this setting +// permanently, try restoring the backup on a different site, back it up again +// and then restore on the target server. +// $CFG->forcedifferentsitecheckingusersonrestore = true; +// +// Force the backup system to continue to create backups in the legacy zip +// format instead of the new tgz format. Does not affect restore, which +// auto-detects the underlying file format. +// $CFG->usezipbackups = true; +// +// Prevent stats processing and hide the GUI +// $CFG->disablestatsprocessing = true; +// +// Setting this to true will enable admins to edit any post at any time +// $CFG->admineditalways = true; +// +// These variables define DEFAULT block variables for new courses +// If this one is set it overrides all others and is the only one used. +// $CFG->defaultblocks_override = 'activity_modules,search_forums,course_list:news_items,calendar_upcoming,recent_activity'; +// +// These variables define the specific settings for defined course formats. +// They override any settings defined in the formats own config file. +// $CFG->defaultblocks_site = 'site_main_menu,course_list:course_summary,calendar_month'; +// $CFG->defaultblocks_social = 'search_forums,calendar_month,calendar_upcoming,social_activities,recent_activity,course_list'; +// $CFG->defaultblocks_topics = 'activity_modules,search_forums,course_list:news_items,calendar_upcoming,recent_activity'; +// $CFG->defaultblocks_weeks = 'activity_modules,search_forums,course_list:news_items,calendar_upcoming,recent_activity'; +// +// These blocks are used when no other default setting is found. +// $CFG->defaultblocks = 'activity_modules,search_forums,course_list:news_items,calendar_upcoming,recent_activity'; +// +// You can specify a different class to be created for the $PAGE global, and to +// compute which blocks appear on each page. However, I cannot think of any good +// reason why you would need to change that. It just felt wrong to hard-code the +// the class name. You are strongly advised not to use these to settings unless +// you are absolutely sure you know what you are doing. +// $CFG->moodlepageclass = 'moodle_page'; +// $CFG->moodlepageclassfile = "$CFG->dirroot/local/myplugin/mypageclass.php"; +// $CFG->blockmanagerclass = 'block_manager'; +// $CFG->blockmanagerclassfile = "$CFG->dirroot/local/myplugin/myblockamanagerclass.php"; +// +// Seconds for files to remain in caches. Decrease this if you are worried +// about students being served outdated versions of uploaded files. +// $CFG->filelifetime = 60*60*6; +// +// Some web servers can offload the file serving from PHP process, +// comment out one the following options to enable it in Moodle: +// $CFG->xsendfile = 'X-Sendfile'; // Apache {@see https://tn123.org/mod_xsendfile/} +// $CFG->xsendfile = 'X-LIGHTTPD-send-file'; // Lighttpd {@see http://redmine.lighttpd.net/projects/lighttpd/wiki/X-LIGHTTPD-send-file} + $CFG->xsendfile = 'X-Accel-Redirect'; // Nginx {@see http://wiki.nginx.org/XSendfile} +// If your X-Sendfile implementation (usually Nginx) uses directory aliases specify them +// in the following array setting: + $CFG->xsendfilealiases = array( + '/dataroot/' => $CFG->dataroot, +// '/cachedir/' => '/var/www/moodle/cache', // for custom $CFG->cachedir locations +// '/localcachedir/' => '/var/local/cache', // for custom $CFG->localcachedir locations +// '/tempdir/' => '/var/www/moodle/temp', // for custom $CFG->tempdir locations +// '/filedir' => '/var/www/moodle/filedir', // for custom $CFG->filedir locations + ); +// Please note: It is *not* possible to use X-Sendfile with the per-request directory. +// The directory is highly likely to have been deleted by the time the web server sends the file. +// +// YUI caching may be sometimes improved by slasharguments: +// $CFG->yuislasharguments = 1; +// Some servers may need a special rewrite rule to work around internal path length limitations: +// RewriteRule (^.*/theme/yui_combo\.php)(/.*) $1?file=$2 +// +// +// Following settings may be used to select session driver, uncomment only one of the handlers. +// Database session handler: +// $CFG->session_handler_class = '\core\session\database'; +// $CFG->session_database_acquire_lock_timeout = 120; +// +// File session handler (file system locking required): +// $CFG->session_handler_class = '\core\session\file'; +// $CFG->session_file_save_path = $CFG->dataroot.'/sessions'; +// +// Memcached session handler (requires memcached server and extension): +// $CFG->session_handler_class = '\core\session\memcached'; +// $CFG->session_memcached_save_path = '127.0.0.1:11211'; +// $CFG->session_memcached_prefix = 'memc.sess.key.'; +// $CFG->session_memcached_acquire_lock_timeout = 120; +// $CFG->session_memcached_lock_expire = 7200; // Ignored if PECL memcached is below version 2.2.0 +// $CFG->session_memcached_lock_retry_sleep = 150; // Spin-lock retry sleeptime (msec). Only effective +// // for tuning php-memcached 3.0.x (PHP 7) +// +// Redis session handler (requires redis server and redis extension): +// $CFG->session_handler_class = '\core\session\redis'; +// $CFG->session_redis_host = '127.0.0.1'; or... // If there is only one host, use the single Redis connection. +// $CFG->session_redis_host = '127.0.0.1:7000,127.0.0.1:7001'; // If there are multiple hosts (separated by a comma), +// // use the Redis cluster connection. +// Use TLS to connect to Redis. An array of SSL context options. Usually: +// $CFG->session_redis_encrypt = ['cafile' => '/path/to/ca.crt']; or... +// $CFG->session_redis_encrypt = ['verify_peer' => false, 'verify_peer_name' => false]; +// $CFG->session_redis_port = 6379; // Optional. +// $CFG->session_redis_database = 0; // Optional, default is db 0. +// $CFG->session_redis_auth = ''; // Optional, default is don't set one. +// $CFG->session_redis_prefix = ''; // Optional, default is don't set one. +// $CFG->session_redis_acquire_lock_timeout = 120; // Default is 2 minutes. +// $CFG->session_redis_acquire_lock_warn = 0; // If set logs early warning if a lock has not been acquried. +// $CFG->session_redis_lock_expire = 7200; // Optional, defaults to session timeout. +// $CFG->session_redis_lock_retry = 100; // Optional wait between lock attempts in ms, default is 100. +// // After 5 seconds it will throttle down to once per second. +// $CFG->session_redis_connection_timeout = 3; // Optional, default is 3. +// $CFG->session_redis_maxretries = 3; // Optional, default is 3. +// +// Use the igbinary serializer instead of the php default one. Note that phpredis must be compiled with +// igbinary support to make the setting to work. Also, if you change the serializer you have to flush the database! +// $CFG->session_redis_serializer_use_igbinary = false; // Optional, default is PHP builtin serializer. +// $CFG->session_redis_compressor = 'none'; // Optional, possible values are: +// // 'gzip' - PHP GZip compression +// // 'zstd' - PHP Zstandard compression +// +// Please be aware that when selecting Memcached for sessions that it is advised to use a dedicated +// memcache server. The memcached extension does not provide isolated environments for individual uses. +// Using the same server for other purposes (MUC for example) can lead to sessions being prematurely removed should +// the other uses of the server purge the cache. +// +// Following setting allows you to alter how frequently is timemodified updated in sessions table. +// $CFG->session_update_timemodified_frequency = 20; // In seconds. +// +// If this setting is set to true, then Moodle will track the IP of the +// current user to make sure it hasn't changed during a session. This +// will prevent the possibility of sessions being hijacked via XSS, but it +// may break things for users coming using proxies that change all the time, +// like AOL. +// $CFG->tracksessionip = true; +// +// The following lines are for handling email bounces. +// $CFG->handlebounces = true; +// $CFG->minbounces = 10; +// $CFG->bounceratio = .20; +// The next lines are needed both for bounce handling and any other email to module processing. +// mailprefix must be EXACTLY four characters. +// Uncomment and customise this block for Postfix +// $CFG->mailprefix = 'mdl+'; // + is the separator for Exim and Postfix. +// $CFG->mailprefix = 'mdl-'; // - is the separator for qmail +// $CFG->maildomain = 'youremaildomain.com'; +// +// Enable when setting up advanced reverse proxy load balancing configurations, +// it may be also necessary to enable this when using port forwarding. +// $CFG->reverseproxy = true; +// +// Enable when using external SSL appliance for performance reasons. +// Please note that site may be accessible via http: or https:, but not both! + $CFG->sslproxy = true; +// +// This setting will cause the userdate() function not to fix %d in +// date strings, and just let them show with a zero prefix. +// $CFG->nofixday = true; +// +// This setting will make some graphs (eg user logs) use lines instead of bars +// $CFG->preferlinegraphs = true; +// +// This setting allows you to specify a class to rewrite outgoing urls +// enabling 'clean urls' in conjunction with an apache / nginx handler. +// The handler must implement \core\output\url_rewriter. +// $CFG->urlrewriteclass = '\local_cleanurls\url_rewriter'; +// +// Enabling this will allow custom scripts to replace existing moodle scripts. +// For example: if $CFG->customscripts/course/view.php exists then +// it will be used instead of $CFG->wwwroot/course/view.php +// At present this will only work for files that include config.php and are called +// as part of the url (index.php is implied). +// Some examples are: +// http://my.moodle.site/course/view.php +// http://my.moodle.site/index.php +// http://my.moodle.site/admin (index.php implied) +// Custom scripts should not include config.php +// Warning: Replacing standard moodle scripts may pose security risks and/or may not +// be compatible with upgrades. Use this option only if you are aware of the risks +// involved. +// Specify the full directory path to the custom scripts +// $CFG->customscripts = '/home/example/customscripts'; +// +// Performance profiling +// +// If you set Debug to "Yes" in the Configuration->Variables page some +// performance profiling data will show up on your footer (in default theme). +// With these settings you get more granular control over the capture +// and printout of the data +// +// Capture performance profiling data +// define('MDL_PERF' , true); +// +// Print to log (for passive profiling of production servers) +// define('MDL_PERFTOLOG' , true); +// +// Print to footer (works with the default theme) +// define('MDL_PERFTOFOOT', true); +// +// Print additional data to log of included files +// define('MDL_PERFINC', true); +// +// Enable earlier profiling that causes more code to be covered +// on every request (db connections, config load, other inits...). +// Requires extra configuration to be defined in config.php like: +// profilingincluded, profilingexcluded, profilingautofrec, +// profilingallowme, profilingallowall, profilinglifetime +// $CFG->earlyprofilingenabled = true; +// +// Disable database storage for profile data. +// When using an exernal plugin to store profiling data it is often +// desirable to not store the data in the database. +// +// $CFG->disableprofilingtodatabase = true; +// +// Force displayed usernames +// A little hack to anonymise user names for all students. If you set these +// then all non-teachers will always see these for every person. +// $CFG->forcefirstname = 'Bruce'; +// $CFG->forcelastname = 'Simpson'; +// +// The following setting will turn on username logging into Apache log. For full details regarding setting +// up of this function please refer to the install section of the document. +// $CFG->apacheloguser = 0; // Turn this feature off. Default value. +// $CFG->apacheloguser = 1; // Log user id. +// $CFG->apacheloguser = 2; // Log full name in cleaned format. ie, Darth Vader will be displayed as darth_vader. +// $CFG->apacheloguser = 3; // Log username. +// To get the values logged in Apache's log, add to your httpd.conf +// the following statements. In the General part put: +// LogFormat "%h %l %{MOODLEUSER}n %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\"" moodleformat +// And in the part specific to your Moodle install / virtualhost: +// CustomLog "/your/path/to/log" moodleformat +// +// Alternatively for other webservers such as nginx, you can instead have the username sent via a http header +// 'X-MOODLEUSER' which can be saved in the logfile and then stripped out before being sent to the browser: +// $CFG->headerloguser = 0; // Turn this feature off. Default value. +// $CFG->headerloguser = 1; // Log user id. +// $CFG->headerloguser = 2; // Log full name in cleaned format. ie, Darth Vader will be displayed as darth_vader. +// $CFG->headerloguser = 3; // Log username. +// +// CAUTION: Use of this option will expose usernames in the Apache / nginx log, +// If you are going to publish your log, or the output of your web stats analyzer +// this will weaken the security of your website. +// +// Email database connection errors to someone. If Moodle cannot connect to the +// database, then email this address with a notice. +// +// $CFG->emailconnectionerrorsto = 'your@emailaddress.com'; +// +// Set the priority of themes from highest to lowest. This is useful (for +// example) in sites where the user theme should override all other theme +// settings for accessibility reasons. You can also disable types of themes +// (other than site) by removing them from the array. The default setting is: +// +// $CFG->themeorder = array('course', 'category', 'session', 'user', 'cohort', 'site'); +// +// NOTE: course, category, session, user, cohort themes still require the +// respective settings to be enabled +// +// It is possible to add extra themes directory stored outside of $CFG->dirroot. +// This local directory does not have to be accessible from internet. +// +// $CFG->themedir = '/location/of/extra/themes'; +// +// It is possible to specify different cache and temp directories, use local fast filesystem +// for normal web servers. Server clusters MUST use shared filesystem for cachedir! +// Localcachedir is intended for server clusters, it does not have to be shared by cluster nodes. +// The directories must not be accessible via web. +// +// $CFG->tempdir = '/var/www/moodle/temp'; // Directory MUST BE SHARED by all cluster nodes. +// $CFG->cachedir = '/var/www/moodle/cache'; // Directory MUST BE SHARED by all cluster nodes, locking required. +// $CFG->localcachedir = '/var/local/cache'; // Intended for local node caching. +// $CFG->localrequestdir = '/tmp'; // Intended for local only temporary files. The defaults uses sys_get_temp_dir(). +// +// It is possible to specify a different backup temp directory, use local fast filesystem +// for normal web servers. Server clusters MUST use shared filesystem for backuptempdir! +// The directory must not be accessible via web. +// +// $CFG->backuptempdir = '/var/www/moodle/backuptemp'; // Directory MUST BE SHARED by all cluster nodes. +// +// Some filesystems such as NFS may not support file locking operations. +// Locking resolves race conditions and is strongly recommended for production servers. +// $CFG->preventfilelocking = false; +// +// Site default language can be set via standard administration interface. If you +// want to have initial error messages for eventual database connection problems +// localized too, you have to set your language code here. +// + $CFG->lang = '{{ env "MOODLE_LANGUAGE" }}'; // for example 'cs' +// +// When Moodle is about to perform an intensive operation it raises PHP's memory +// limit. The following setting should be used on large sites to set the raised +// memory limit to something higher. +// The value for the settings should be a valid PHP memory value. e.g. 512M, 1G +// +// $CFG->extramemorylimit = '1024M'; +// +// Moodle 2.4 introduced a new cache API. +// The cache API stores a configuration file within the Moodle data directory and +// uses that rather than the database in order to function in a stand-alone manner. +// Using altcacheconfigpath you can change the location where this config file is +// looked for. +// It can either be a directory in which to store the file, or the full path to the +// file if you want to take full control. Either way it must be writable by the +// webserver. +// +// $CFG->altcacheconfigpath = '/var/www/shared/moodle.cache.config.php +// +// Use the following flag to completely disable the Available update notifications +// feature and hide it from the server administration UI. +// +// $CFG->disableupdatenotifications = true; +// +// Use the following flag to completely disable the installation of plugins +// (new plugins, available updates and missing dependencies) and related +// features (such as cancelling the plugin installation or upgrade) via the +// server administration web interface. +// +// $CFG->disableupdateautodeploy = true; +// +// Use the following flag to disable the warning on the system notifications page +// about present development libraries. This flag will not disable the warning within +// the security overview report. Use this flag only if you really have prohibited web +// access to the development libraries in your webserver configuration. +// +// $CFG->disabledevlibdirscheck = true; +// +// Use the following flag to disable modifications to scheduled tasks +// whilst still showing the state of tasks. +// +// $CFG->preventscheduledtaskchanges = true; +// +// Some administration options allow setting the path to executable files. This can +// potentially cause a security risk. Set this option to true to disable editing +// those config settings via the web. They will need to be set explicitly in the +// config.php file +// $CFG->preventexecpath = true; +// +// Use the following flag to set userid for noreply user. If not set then moodle will +// create dummy user and use -ve value as user id. +// $CFG->noreplyuserid = -10; +// +// As of version 2.6 Moodle supports admin to set support user. If not set, all mails +// will be sent to supportemail. +// $CFG->supportuserid = -20; +// +// Moodle 2.7 introduces a locking api for critical tasks (e.g. cron). +// The default locking system to use is DB locking for Postgres, MySQL, MariaDB and +// file locking for SQLServer. If $CFG->preventfilelocking is set, then the +// default will always be DB locking. It can be manually set to one of the lock +// factory classes listed below, or one of your own custom classes implementing the +// \core\lock\lock_factory interface. +// +// $CFG->lock_factory = "auto"; +// +// The list of available lock factories is: +// +// "\\core\\lock\\file_lock_factory" - File locking +// Uses lock files stored by default in the dataroot. Whether this +// works on clusters depends on the file system used for the dataroot. +// +// "\\core\\lock\\db_record_lock_factory" - DB locking based on table rows. +// +// "\\core\\lock\\mysql_lock_factory" - DB locking based on MySQL / MariaDB locks. +// +// "\\core\\lock\\postgres_lock_factory" - DB locking based on postgres advisory locks. +// +// Settings used by the lock factories +// +// Location for lock files used by the File locking factory. This must exist +// on a shared file system that supports locking. +// $CFG->file_lock_root = $CFG->dataroot . '/lock'; +// +// +// Alternative task logging. +// Since Moodle 3.7 the output of al scheduled and adhoc tasks is stored in the database and it is possible to use an +// alternative task logging mechanism. +// To set the alternative task logging mechanism in config.php you can use the following settings, providing the +// alternative class name that will be auto-loaded. +// +// $CFG->task_log_class = '\\local_mytasklogger\\logger'; +// +// Moodle 2.9 allows administrators to customise the list of supported file types. +// To add a new filetype or override the definition of an existing one, set the +// customfiletypes variable like this: +// +// $CFG->customfiletypes = array( +// (object)array( +// 'extension' => 'frog', +// 'icon' => 'archive', +// 'type' => 'application/frog', +// 'customdescription' => 'Amphibian-related file archive' +// ) +// ); +// +// The extension, icon, and type fields are required. The icon field can refer to +// any icon inside the pix/f folder. You can also set the customdescription field +// (shown above) and (for advanced use) the groups, string, and defaulticon fields. +// +// Upgrade key +// +// If the upgrade key is defined here, then the value must be provided every time +// the site is being upgraded though the web interface, regardless of whether the +// administrator is logged in or not. This prevents anonymous access to the upgrade +// screens where the real authentication and authorization mechanisms can not be +// relied on. +// +// It is strongly recommended to use a value different from your real account +// password. +// +// $CFG->upgradekey = 'put_some_password-like_value_here'; +// +// Font used in exported PDF files. When generating a PDF, Moodle embeds a subset of +// the font in the PDF file so it will be readable on the widest range of devices. +// The default font is 'freesans' which is part of the GNU FreeFont collection. +// The font used to export can be set per-course - a drop down list in the course +// settings shows all the options specified in the array here. The key must be the +// font name (e.g., "kozminproregular") and the value is a friendly name, (e.g., +// "Kozmin Pro Regular"). +// +// $CFG->pdfexportfont = ['freesans' => 'FreeSans']; +// +// Use the following flag to enable messagingallusers and set the default preference +// value for existing users to allow them to be contacted by other site users. +// +// $CFG->keepmessagingallusersenabled = true; +// +// Disable login token validation for login pages. Login token validation is enabled +// by default unless $CFG->alternateloginurl is set. +// +// $CFG->disablelogintoken = true; +// +// Moodle 3.7+ checks that cron is running frequently. If the time between cron runs +// is greater than this value (in seconds), you get a warning on the admin page. (This +// setting only controls whether or not the warning appears, it has no other effect.) +// +// $CFG->expectedcronfrequency = 200; +// +// Moodle 3.9+ checks how old tasks are in the ad hoc queue and warns at 10 minutes +// and errors at 4 hours. Set these to override these limits: +// +// $CFG->adhoctaskagewarn = 10 * 60; +// $CFG->adhoctaskageerror = 4 * 60 * 60; +// +// Moodle 4.2+ checks how long tasks have been running for at warns at 12 hours +// and errors at 24 hours. Set these to override these limits: +// +// $CFG->taskruntimewarn = 12 * 60 * 60; +// $CFG->taskruntimeerror = 24 * 60 * 60; +// +// This is not to be confused with $CFG->task_adhoc_max_runtime which is how long the +// php process should be allowed to run for, not each specific task. +// +// Session lock warning threshold. Long running pages should release the session using \core\session\manager::write_close(). +// Set this threshold to any value greater than 0 to add developer warnings when a page locks the session for too long. +// The session should rarely be locked for more than 1 second. The input should be in seconds and may be a float. +// +// $CFG->debugsessionlock = 5; +// +// There are times when a session lock is not required during a request. For a page/service to opt-in whether or not a +// session lock is required this setting must first be set to 'true'. +// The session store can not be in the session, please see https://docs.moodle.org/en/Session_handling#Read_only_sessions. +// +// $CFG->enable_read_only_sessions = true; +// +// To help expose all the edge cases bugs a debug mode is available which shows the same +// runtime write during readonly errors without actually turning on the readonly sessions: +// +// $CFG->enable_read_only_sessions_debug = true; +// +// Uninstall plugins from CLI only. This stops admins from uninstalling plugins from the graphical admin +// user interface, and forces plugins to be uninstalled from the Command Line tool only, found at +// admin/cli/uninstall_plugins.php. +// +// $CFG->uninstallclionly = true; +// +// Course and category sorting +// +// If the number of courses in a category exceeds $CFG->maxcoursesincategory (10000 by default), it may lead to duplicate +// sort orders of courses in separated categories. For example: +// - Category A has the sort order of 10000, and has 10000 courses. The last course will have the sort order of 20000. +// - Category B has the sort order of 20000, and has a course with the sort order of 20001. +// - If we add another course in category A, it will have a sort order of 20001, +// which is the same as the course in category B +// The duplicate will cause sorting issue and hence we need to increase $CFG->maxcoursesincategory +// to fix the duplicate sort order +// Please also make sure $CFG->maxcoursesincategory * MAX_COURSE_CATEGORIES less than max integer. +// +// $CFG->maxcoursesincategory = 10000; +// +// Admin setting encryption +// +// $CFG->secretdataroot = '/var/www/my_secret_folder'; +// +// Location to store encryption keys. By default this is $CFG->dataroot/secret; set this if +// you want to use a different location for increased security (e.g. if too many people have access +// to the main dataroot, or if you want to avoid using shared storage). Your web server user needs +// read access to this location, and write access unless you manually create the keys. +// +// $CFG->nokeygeneration = false; +// +// If you change this to true then the server will give an error if keys don't exist, instead of +// automatically generating them. This is only needed if you want to ensure that keys are consistent +// across a cluster when not using shared storage. If you stop the server generating keys, you will +// need to manually generate them by running 'php admin/cli/generate_key.php'. +// +// H5P crossorigin +// +// $CFG->h5pcrossorigin = 'anonymous'; +// +// Settings this to anonymous will enable CORS requests for media elements to have the credentials +// flag set to 'same-origin'. This may be needed when using tool_objectfs as an alternative file +// system with CloudFront configured. +// +// Enrolments sync interval +// +// The minimum time in seconds between re-synchronization of enrollment via enrol_check_plugins which is +// a potentially expensive operation and otherwise happens every time a user is authenticated. This only +// applies to web requests without a session such as webservice calls, tokenpluginfile.php and rss links +// where the user is re-authenticated on every request. Set it to 0 to force enrollment checking constantly +// and increase this number to improve performance at the cost of adding a latency for enrollment updates. +// Defaults to 60 minutes. +// +// $CFG->enrolments_sync_interval = 3600 +// +// Stored progress polling interval +// +// Stored progress bars which can be polled for updates via AJAX can be controlled by the +// `progresspollinterval` config setting, to determine the interval (in seconds) at which the +// polling should be done and latest update retrieved. +// If no value is set, then it will default to 5 seconds. +// +// $CFG->progresspollinterval = 5; +// +// Default question bank module +// +// $CFG->corequestion_defaultqbankmod = 'qbank' +// +// Question banks are only stored at activity module context and this setting defines which module type will +// be used for creating question banks by default. This is in circumstances such as quiz backup & restores when +// no target context can be found and the system needs to create a question bank to store the categories and questions. +// +// Set limit for grade items that can be shown on a single page of the grader +// report. Browsers struggle when the number of grade items is very large and +// one tries to view all students. +// +// $CFG->maxgradesperpage = 200000; +// +// +//========================================================================= +// 7. SETTINGS FOR DEVELOPMENT SERVERS - not intended for production use!!! +//========================================================================= +// +// Force a debugging mode regardless the settings in the site administration +// @error_reporting(E_ALL); // NOT FOR PRODUCTION SERVERS! +// @ini_set('display_errors', '1'); // NOT FOR PRODUCTION SERVERS! +// $CFG->debug = (E_ALL); // === DEBUG_DEVELOPER - NOT FOR PRODUCTION SERVERS! +// $CFG->debugdisplay = 1; // NOT FOR PRODUCTION SERVERS! +// +// Display exceptions using the 'pretty' Whoops! utility. +// This is only used when the following conditions are met: +// - Composer dependencies are installed +// - $CFG->debug and $CFG->debugdisplay are set +// - the request is not a CLI, or AJAX request +// +// To further control this, the debug_developer_use_pretty_exceptions setting can be set to false. +// $CFG->debug_developer_use_pretty_exceptions = true; +// +// In many development situations it is desirable to have debugging() calls treated as errors rather than +// as exceptions. +// If this property is not specified then it will be true if pretty exceptions are usable. +// $CFG->debug_developer_debugging_as_error = true; +// +// The Whoops! UI can also provide a link to open files in your preferred editor. +// You can set your preferred editor by setting: +// $CFG->debug_developer_editor = 'vscode'; +// +// See https://github.com/filp/whoops/blob/master/docs/Open%20Files%20In%20An%20Editor.md for more information on +// supported editors. +// If your editor is not listed you can provide a callback as documented. +// +// You can specify a comma separated list of user ids that that always see +// debug messages, this overrides the debug flag in $CFG->debug and $CFG->debugdisplay +// for these users only. +// $CFG->debugusers = '2'; +// +// Prevent theme caching +// $CFG->themedesignermode = true; // NOT FOR PRODUCTION SERVERS! +// +// Enable verbose debug information during fetching of email messages from IMAP server. +// $CFG->debugimap = true; +// +// Enable verbose debug information during sending of email messages to SMTP server. +// Note: also requires $CFG->debug set to DEBUG_DEVELOPER. +// $CFG->debugsmtp = true; +// +// Prevent JS caching +// $CFG->cachejs = false; // NOT FOR PRODUCTION SERVERS! +// +// Prevent Template caching +// $CFG->cachetemplates = false; // NOT FOR PRODUCTION SERVERS! +// +// Restrict which YUI logging statements are shown in the browser console. +// For details see the upstream documentation: +// http://yuilibrary.com/yui/docs/api/classes/config.html#property_logInclude +// http://yuilibrary.com/yui/docs/api/classes/config.html#property_logExclude +// $CFG->yuiloginclude = array( +// 'moodle-course-categoryexpander' => true, +// ); +// $CFG->yuilogexclude = array( +// 'moodle-core-notification' => true, +// ); +// +// Set the minimum log level for YUI logging statements. +// For details see the upstream documentation: +// http://yuilibrary.com/yui/docs/api/classes/config.html#property_logLevel +// $CFG->yuiloglevel = 'debug'; +// +// Prevent core_string_manager application caching +// $CFG->langstringcache = false; // NOT FOR PRODUCTION SERVERS! +// +// When working with production data on test servers, no emails or other messages +// should ever be sent to real users +// $CFG->noemailever = true; // NOT FOR PRODUCTION SERVERS! +// +// To stop sending SMS to users in test servers +// $CFG->nosmsever = true; // NOT FOR PRODUCTION SERVERS! +// +// Divert all outgoing emails to this address to test and debug emailing features +// $CFG->divertallemailsto = 'root@localhost.local'; // NOT FOR PRODUCTION SERVERS! +// +// Except for certain email addresses you want to let through for testing. Accepts +// a comma separated list of regexes. +// $CFG->divertallemailsexcept = 'tester@dev.com, fred(\+.*)?@example.com'; // NOT FOR PRODUCTION SERVERS! +// +// Uncomment if you want to allow empty comments when modifying install.xml files. +// $CFG->xmldbdisablecommentchecking = true; // NOT FOR PRODUCTION SERVERS! +// +// Since 2.0 sql queries are not shown during upgrade by default. +// Please note that this setting may produce very long upgrade page on large sites. +// $CFG->upgradeshowsql = true; // NOT FOR PRODUCTION SERVERS! +// +// Add SQL queries to the output of cron, just before their execution +// $CFG->showcronsql = true; +// +// Force developer level debug and add debug info to the output of cron +// $CFG->showcrondebugging = true; +// +// Force result of checks used to determine whether a site is considered "public" or not (such as for site registration). +// $CFG->site_is_public = false; +// +// The mod_subsection feature has been added in 4.5 but is disabled by default. For new 5.0 sites, however, it will be enabled +// by default. When upgrading from an earlier version to 5.0 or later, mod_subsection will also be enabled unless the +// 'keepsubsectiondisabled' setting is set to true. In that case, the status of mod_subsection will remain unchanged during the +// upgrade process. +// This setting applies only to upgrades from version 4.5 where subsections already exist. It does not affect other upgrades or +// new installations. +// Note that the 'keepsubsectiondisabled' setting will be removed in version 6.0. (MDL-83791) +// $CFG->keepsubsectiondisabled = false; +// +//========================================================================= +// 8. FORCED SETTINGS +//========================================================================= +// It is possible to specify normal admin settings here, the point is that +// they can not be changed through the standard admin settings pages any more. +// +// Core settings are specified directly via assignment to $CFG variable. +// Example: +// $CFG->somecoresetting = 'value'; +// +// Plugin settings have to be put into a special array. +// Example: +// $CFG->forced_plugin_settings = array('pluginname' => array('settingname' => 'value', 'secondsetting' => 'othervalue'), +// 'otherplugin' => array('mysetting' => 'myvalue', 'thesetting' => 'thevalue')); +// Module default settings with advanced/locked checkboxes can be set too. To do this, add +// an extra config with '_adv' or '_locked' as a suffix and set the value to true or false. +// Example: +// $CFG->forced_plugin_settings = array('pluginname' => array('settingname' => 'value', 'settingname_locked' => true, 'settingname_adv' => true)); +// +//========================================================================= +// 9. PHPUNIT SUPPORT +//========================================================================= +// $CFG->phpunit_prefix = 'phpu_'; +// $CFG->phpunit_dataroot = '/home/example/phpu_moodledata'; +// $CFG->phpunit_directorypermissions = 02777; // optional +// $CFG->phpunit_profilingenabled = true; // optional to profile PHPUnit runs. +// +// +//========================================================================= +// 10. SECRET PASSWORD SALT +//========================================================================= +// A site-wide password salt is no longer used in new installations. +// If upgrading from 2.6 or older, keep all existing salts in config.php file. +// +// $CFG->passwordsaltmain = 'a_very_long_random_string_of_characters#@6&*1'; +// +// You may also have some alternative salts to allow migration from previously +// used salts. +// +// $CFG->passwordsaltalt1 = ''; +// $CFG->passwordsaltalt2 = ''; +// $CFG->passwordsaltalt3 = ''; +// .... +// $CFG->passwordsaltalt19 = ''; +// $CFG->passwordsaltalt20 = ''; +// +// +//========================================================================= +// 11. BEHAT SUPPORT +//========================================================================= +// Behat test site needs a unique www root, data directory and database prefix: +// +// $CFG->behat_wwwroot = 'http://127.0.0.1/moodle'; +// $CFG->behat_prefix = 'bht_'; +// $CFG->behat_dataroot = '/home/example/bht_moodledata'; +// $CFG->behat_dbname = 'behat'; // optional +// $CFG->behat_dbuser = 'username'; // optional +// $CFG->behat_dbpass = 'password'; // optional +// $CFG->behat_dbhost = 'localhost'; // optional +// +// You can override default Moodle configuration for Behat and add your own +// params; here you can add more profiles, use different Mink drivers than Selenium... +// These params would be merged with the default Moodle behat.yml, giving priority +// to the ones specified here. The array format is YAML, following the Behat +// params hierarchy. More info: http://docs.behat.org/guides/7.config.html +// Example: +// $CFG->behat_config = array( +// 'Mac-Firefox' => array( +// 'suites' => array ( +// 'default' => array( +// 'filters' => array( +// 'tags' => '~@_file_upload' +// ), +// ), +// ), +// 'extensions' => array( +// 'Behat\MinkExtension' => array( +// 'webddriver' => array( +// 'browser' => 'firefox', +// 'capabilities' => array( +// 'platform' => 'OS X 10.6', +// 'version' => 20 +// ) +// ) +// ) +// ) +// ), +// 'Mac-Safari' => array( +// 'extensions' => array( +// 'Behat\MinkExtension' => array( +// 'webddriver' => array( +// 'browser' => 'safari', +// 'capabilities' => array( +// 'platform' => 'OS X 10.8', +// 'version' => 6 +// ) +// ) +// ) +// ) +// ) +// ); +// You can also use the following config to override default Moodle configuration for Behat. +// This config is limited to default suite and will be supported in later versions. +// It will have precedence over $CFG->behat_config. +// $CFG->behat_profiles = array( +// 'phantomjs' => array( +// 'browser' => 'phantomjs', +// 'tags' => '~@_file_upload&&~@_alert&&~@_bug_phantomjs', +// 'wd_host' => 'http://127.0.0.1:4443/wd/hub', +// 'capabilities' => array( +// 'platform' => 'Linux', +// 'version' => 2.1 +// ) +// ), +// ); +// +// All this page's extra Moodle settings are compared against a white list of allowed settings +// (the basic and behat_* ones) to avoid problems with production environments. This setting can be +// used to expand the default white list with an array of extra settings. +// Example: +// $CFG->behat_extraallowedsettings = array('somecoresetting', ...); +// +// You should explicitly allow the usage of the deprecated behat steps, otherwise an exception will +// be thrown when using them. The setting is disabled by default. +// Example: +// $CFG->behat_usedeprecated = true; +// +// If you are using a slow machine, it may help to increase the timeouts that Behat uses. The +// following example will increase timeouts by a factor of 3 (using 30 seconds instead of 10 +// seconds, for instance). +// Example: +// $CFG->behat_increasetimeout = 3; +// +// Yon can specify a window size modifier for Behat, which is applied to any window szie changes. +// For example, if a window size of 640x768 is specified, with a modifier of 2, then the final size is 1280x1536. +// This is particularly useful for behat reruns to eliminate issues with window sizing. +// Example: +// $CFG->behat_window_size_modifier = 1; +// +// Including feature files from directories outside the dirroot is possible if required. The setting +// requires that the running user has executable permissions on all parent directories in the paths. +// Example: +// $CFG->behat_additionalfeatures = array('/home/developer/code/wipfeatures'); +// +// You can make behat save several dumps when a scenario fails. The dumps currently saved are: +// * a dump of the DOM in it's state at the time of failure; and +// * a screenshot (JavaScript is required for the screenshot functionality, so not all browsers support this option) +// Example: +// $CFG->behat_faildump_path = '/my/path/to/save/failure/dumps'; +// +// You can make behat pause upon failure to help you diagnose and debug problems with your tests. +// +// $CFG->behat_pause_on_fail = true; +// +// You can specify db, selenium wd_host etc. for behat parallel run by setting following variable. +// Example: +// $CFG->behat_parallel_run = array ( +// array ( +// 'dbtype' => 'mysqli', +// 'dblibrary' => 'native', +// 'dbhost' => 'localhost', +// 'dbname' => 'moodletest', +// 'dbuser' => 'moodle', +// 'dbpass' => 'moodle', +// 'behat_prefix' => 'mdl_', +// 'wd_host' => 'http://127.0.0.1:4444/wd/hub', +// 'behat_wwwroot' => 'http://127.0.0.1/moodle', +// 'behat_dataroot' => '/home/example/bht_moodledata' +// ), +// ); +// +// To change name of behat parallel run site, define BEHAT_PARALLEL_SITE_NAME and parallel run sites will be suffixed +// with this value +// Example: +// define('BEHAT_PARALLEL_SITE_NAME', 'behatparallelsite'); +// +// Command line output for parallel behat install is limited to 80 chars, if you are installing more then 4 sites and +// want to expand output to more then 80 chars, then define BEHAT_MAX_CMD_LINE_OUTPUT +// Example: +// define('BEHAT_MAX_CMD_LINE_OUTPUT', 120); +// +// Behat feature files will be distributed randomly between the processes by default. If you have timing file or want +// to create timing file then define BEHAT_FEATURE_TIMING_FILE with path to timing file. It will be updated for each +// run with latest time taken to execute feature. +// Example: +// define('BEHAT_FEATURE_TIMING_FILE', '/PATH_TO_TIMING_FILE/timing.json'); +// +// If you don't have timing file and want some stable distribution of features, then you can use step counts to +// distribute the features. You can generate step file by executing php admin/tool/behat/cli/util.php --updatesteps +// this will update step file which is defined by BEHAT_FEATURE_STEP_FILE. +// Example: +// define('BEHAT_FEATURE_STEP_FILE', '/PATH_TO_FEATURE_STEP_COUNT_FILE/stepcount.json'); +// +// Feature distribution for each process is displayed as histogram. you can disable it by setting +// BEHAT_DISABLE_HISTOGRAM +// Example: +// define('BEHAT_DISABLE_HISTOGRAM', true); +// +// Mobile app Behat testing requires this option, pointing to the url where the Ionic application is served: +// $CFG->behat_ionic_wwwroot = 'http://localhost:8100'; +// +//========================================================================= +// 12. DEVELOPER DATA GENERATOR +//========================================================================= +// +// The developer data generator tool is intended to be used only in development or testing sites and +// it's usage in production environments is not recommended; if it is used to create JMeter test plans +// is even less recommended as JMeter needs to log in as site course users. JMeter needs to know the +// users passwords but would be dangerous to have a default password as everybody would know it, which would +// be specially dangerouse if somebody uses this tool in a production site, so in order to prevent unintended +// uses of the tool and undesired accesses as well, is compulsory to set a password for the users +// generated by this tool, but only in case you want to generate a JMeter test. The value should be a string. +// Example: +// $CFG->tool_generator_users_password = 'examplepassword'; +// +//========================================================================= +// 13. SYSTEM PATHS (You need to set following, depending on your system) +//========================================================================= +// Ghostscript path. +// On most Linux installs, this can be left as '/usr/bin/gs'. +// On Windows it will be something like 'c:\gs\bin\gswin32c.exe' (make sure +// there are no spaces in the path - if necessary copy the files 'gswin32c.exe' +// and 'gsdll32.dll' to a new folder without a space in the path) +// $CFG->pathtogs = '/usr/bin/gs'; +// +// Path to PHP CLI. +// Probably something like /usr/bin/php. If you enter this, cron scripts can be +// executed from admin web interface. +// $CFG->pathtophp = ''; +// +// Path to du. +// Probably something like /usr/bin/du. If you enter this, pages that display +// directory contents will run much faster for directories with a lot of files. +// $CFG->pathtodu = ''; +// +// Path to aspell. +// To use spell-checking within the editor, you MUST have aspell 0.50 or later +// installed on your server, and you must specify the correct path to access the +// aspell binary. On Unix/Linux systems, this path is usually /usr/bin/aspell, +// but it might be something else. +// $CFG->aspellpath = ''; +// +// Path to dot. +// Probably something like /usr/bin/dot. To be able to generate graphics from +// DOT files, you must have installed the dot executable and point to it here. +// Note that, for now, this only used by the profiling features +// (Development->Profiling) built into Moodle. +// $CFG->pathtodot = ''; +// +// Path to unoconv. +// Probably something like /usr/bin/unoconv. Used as a fallback to convert between document formats. +// Unoconv is used convert between file formats supported by LibreOffice. +// Use a recent version of unoconv ( >= 0.7 ), older versions have trouble running from a webserver. +// $CFG->pathtounoconv = ''; +// +//========================================================================= +// 14. ALTERNATIVE FILE SYSTEM SETTINGS +//========================================================================= +// +// Alternative file system. +// Since 3.3 it is possible to override file_storage and file_system API and use alternative storage systems (e.g. S3, +// Rackspace Cloud Files, Google Cloud Storage, Azure Storage, etc.). +// To set the alternative file storage system in config.php you can use the following setting, providing the +// alternative system class name that will be auto-loaded by file_storage API. +// +// $CFG->alternative_file_system_class = '\\local_myfilestorage\\file_system'; +// +//========================================================================= +// 15. CAMPAIGN CONTENT +//========================================================================= +// +// We have added a campaign content to the notifications page, in case you want to hide that from your site you just +// need to set showcampaigncontent setting to false. +// +// $CFG->showcampaigncontent = true; +// +//========================================================================= +// 16. ALTERNATIVE CACHE CONFIG SETTINGS +//========================================================================= +// +// Alternative cache config. +// Since 3.10 it is possible to override the cache_factory class with an alternative caching factory. +// This overridden factory can provide alternative classes for caching such as cache_config, +// cache_config_writer and core_cache\local\administration_display_helper. +// The autoloaded factory class name can be specified to use. +// +// $CFG->alternative_cache_factory_class = 'tool_alternativecache_cache_factory'; +// +//========================================================================= +// 17. SCHEDULED TASK OVERRIDES +//========================================================================= +// +// It is now possible to define scheduled tasks directly within config. +// The overridden value will take precedence over the values that have been set VIA the UI from the +// next time the task is run. +// +// Tasks are configured as an array of tasks that can override a task's schedule, as well as setting +// the task as disabled. I.e: +// +// $CFG->scheduled_tasks = [ +// '\local_plugin\task\my_task' => [ +// 'schedule' => '*/15 0 0 0 0', +// 'disabled' => 0, +// ], +// ]; +// +// The format for the schedule definition is: '{minute} {hour} {day} {month} {dayofweek}'. +// +// The classname of the task also supports wildcards: +// +// $CFG->scheduled_tasks = [ +// '\local_plugin\*' => [ +// 'schedule' => '*/15 0 0 0 0', +// 'disabled' => 0, +// ], +// '*' => [ +// 'schedule' => '0 0 0 0 0', +// 'disabled' => 0, +// ], +// ]; +// +// In this example, any task classnames matching '\local_plugin\*' would match the first rule and +// use that schedule the next time the task runs. Note that even though the 'local_plugin' tasks match +// the second rule as well, the highest rule takes precedence. Therefore, the second rule would be +// applied to all tasks, except for tasks within '\local_plugin\'. +// +// When the full classname is used, this rule always takes priority over any wildcard rules. +// +//========================================================================= +// 18. SITE ADMIN PRESETS +//========================================================================= +// +// The site admin presets plugin has been integrated in Moodle LMS. You can use a setting in case you +// want to apply a preset during the installation: +// +// $CFG->setsitepresetduringinstall = 'starter'; +// +// This setting accepts the following values: +// - One of the core preset names (i.e "starter" or "full"). +// - The path of a valid XML preset file, that will be imported and applied. Absolute paths are recommended, to +// guarantee the file is found: i.e."MOODLEPATH/admin/presets/tests/fixtures/import_settings_plugins.xml". +// +// This setting is only used during the installation process. So once the Moodle site is installed, it is ignored. +// +//========================================================================= +// 19. SERVICES AND SUPPORT CONTENT +//========================================================================= +// +// We have added services and support content to the notifications page, in case you want to hide that from your site +// you just need to set showservicesandsupportcontent setting to false. +// +// $CFG->showservicesandsupportcontent = false; +// +//========================================================================= +// 20. NON HTTP ONLY COOKIES +//========================================================================= +// +// Cookies in Moodle now default to HTTP only cookies. This means that they cannot be accessed by JavaScript. +// Upgraded sites will keep the behaviour they had before the upgrade. New sites will have HTTP only cookies enabled. +// To enable HTTP only cookies set the following: +// +// $CFG->cookiehttponly = true; +// +// To disable HTTP only cookies set the following: +// +// $CFG->cookiehttponly = false; +// +// 21. SECRET PASSWORD PEPPER +//========================================================================= +// A pepper is a component of the salt, but stored separately. +// By splitting them it means that if the db is compromised the partial hashes are useless. +// Unlike a salt, the pepper is not unique and is shared for all users, and MUST be kept secret. +// +// A pepper needs to have at least 112 bits of entropy, +// so the pepper itself cannot be easily brute forced if you have a known password + hash combo. +// +// Once a pepper is set, existing passwords will be updated on next user login. +// Once set there is no going back without resetting all user passwords. +// To set peppers for your site, the following setting must be set in config.php: +// +// $CFG->passwordpeppers = [ +// 1 => '#GV]NLie|x$H9[$rW%94bXZvJHa%z' +// ]; +// +// The 'passwordpeppers' array must be numerically indexed with a positive number. +// New peppers can be added by adding a new element to the array with a higher numerical index. +// Upon next login a users password will be rehashed with the new pepper: +// +// $CFG->passwordpeppers = [ +// 1 => '#GV]NLie|x$H9[$rW%94bXZvJHa%z', +// 2 => '#GV]NLie|x$H9[$rW%94bXZvJHa%$' +// ]; +// +// Peppers can be progressively removed by setting the latest pepper to an empty string: +// +// $CFG->passwordpeppers = [ +// 1 => '#GV]NLie|x$H9[$rW%94bXZvJHa%z', +// 2 => '#GV]NLie|x$H9[$rW%94bXZvJHa%$', +// 3 => '' +// ]; +// +//========================================================================= +// ALL DONE! To continue installation, visit your main page with a browser +//========================================================================= + +require_once(__DIR__ . '/lib/setup.php'); // Do not edit + +// There is no php closing tag in this file, +// it is intentional because it prevents trailing whitespace problems! diff --git a/entrypoint.httpd.sh b/entrypoint.httpd.sh deleted file mode 100644 index ec34a50..0000000 --- a/entrypoint.httpd.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -sed -i 's,#Include conf/extra/httpd-vhosts.conf,Include conf/extra/httpd-vhosts.conf,g' /usr/local/apache2/conf/httpd.conf - -sed -i '/LoadModule rewrite_module/s/^#//g' /usr/local/apache2/conf/httpd.conf && \ - sed -i 's#AllowOverride [Nn]one#AllowOverride All#' /usr/local/apache2/conf/httpd.conf && \ - sed -i '/LoadModule proxy_module/s/^#//g' /usr/local/apache2/conf/httpd.conf - sed -i '/LoadModule proxy_fcgi_module/s/^#//g' /usr/local/apache2/conf/httpd.conf - -httpd-foreground diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl index 6d9ad04..f23284d 100644 --- a/entrypoint.sh.tmpl +++ b/entrypoint.sh.tmpl @@ -1,13 +1,47 @@ #!/bin/sh +echo Installing necessary packages... +apk update +apk add libzip-dev zip libpng-dev libxml2-dev icu-dev alpine-conf sudo {{ if (env "INSTALL_PACKAGES") }} -apk add libzip-dev {{ env "INSTALL_PACKAGES" }} +apk add {{ env "INSTALL_PACKAGES" }} +{{ end }} +# opcache is only available in the alpine community repo +setup-apkrepos -c1 +apk add php84-opcache + +echo Installing PHP extensions... +docker-php-ext-install zip +docker-php-ext-install pdo_mysql +docker-php-ext-install mysqli +docker-php-ext-install gd +docker-php-ext-install intl +docker-php-ext-install soap +docker-php-ext-install exif +docker-php-ext-install unicode +{{ if (env "PHP_EXTENSIONS") }} +docker-php-ext-install {{ env "PHP_EXTENSIONS" }} {{ end }} -{{ if (env "PHP_EXTENSIONS") }} -echo Installing PHP extensions: pdo_mysql zip {{ env "PHP_EXTENSIONS" }} -docker-php-ext-install pdo_mysql zip {{ env "PHP_EXTENSIONS" }} -{{ end }} +# todo: check if already installed +echo "Installing..." +cd /var/www +curl "https://download.moodle.org/download.php/direct/{{ env "MOODLE_VERSION" }}.tgz" -L -o moodle.tgz +tar xzf moodle.tgz --strip-components=1 -C /var/www/html +chown -R root /var/www/html +chmod -R 0755 /var/www/html +mkdir moodledata +chmod 0777 /var/www/moodledata + +# run database installer with www user +chown www-data /var/www/html/ +cd /var/www/html/admin/cli +sudo -E -u www-data php install_database.php --agree-license --fullname="{{ env "MOODLE_FULLNAME" }}" \ + --shortname="{{ env "MOODLE_SHORTNAME" }}" --adminuser="{{ env "MOODLE_ADMINNAME" }}" --adminpass=$(cat /run/secrets/admin_password) --adminemail="{{ env "MOODLE_ADMINMAIL" }}" --summary="{{ env "MOODLE_SUMMARY" }}" --supportemail="{{ env "MOODLE_SUPPORTMAIL" }}" +chown -R root /var/www/html/ + +echo "Installation finished..." +#fi exec "$@" diff --git a/httpd-vhosts.conf b/httpd-vhosts.conf deleted file mode 100644 index e2db04c..0000000 --- a/httpd-vhosts.conf +++ /dev/null @@ -1,17 +0,0 @@ - - DocumentRoot /var/www/html/ - ServerName {{ env "DOMAIN" }} - ErrorLog logs/{{ env "DOMAIN" }}-error_log - CustomLog logs/{{ env "DOMAIN" }}-access_log common - - - AllowOverride All - DirectoryIndex index.php index.php - Options -Indexes - Require all granted - - - - SetHandler "proxy:fcgi://{{ env "STACK_NAME" }}_app:9000" - - diff --git a/nginx.conf b/nginx.conf index 8525cf9..e5fe777 100644 --- a/nginx.conf +++ b/nginx.conf @@ -12,7 +12,7 @@ server { location / { index index.html index.htm index.php; gzip_static on; - try_files $uri $uri/ $uri.html $uri.php index.php?$query_string /index.php?$query_string; + try_files $uri $uri/ /r.php$is_args$args; } #error_page 404 /404.html; @@ -32,18 +32,45 @@ server { # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # - location ~ \.php$ { - # try_files $uri /index.php =404; - fastcgi_pass {{ env "STACK_NAME" }}_app:9000; - fastcgi_index index.php; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_param REQUEST_URI $request_uri; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_read_timeout 600; - fastcgi_buffers 16 16k; - fastcgi_buffer_size 32k; + location ~ \.php(/|$) { + # Split the path info based on URI. + fastcgi_split_path_info ^(.+\.php)(/.*)$; + + # Note: Store the original path_info. It will be wiped out in a moment by try_files. + set $path_info $fastcgi_path_info; + + # Look for the php file, trying a trailing slash for directories if required. + # Finally, send the request to the router - r.php - as a fallback. + try_files $fastcgi_script_name $fastcgi_script_name/ /r.php$is_args$args; + + # File was found - pass to fastcgi. + fastcgi_pass {{ env "STACK_NAME" }}_app:9000; + # Alternately, pass to unix socket (depends on pool listen configuration) + # fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; + include fastcgi_params; + + # Re-apply the path_info after including fastcgi_params. + fastcgi_param PATH_INFO $path_info; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + } + + location /dataroot/ { + internal; + alias /var/www/moodledata/; # ensure the path ends with / + } + + # Hide all dot files but allow "Well-Known URIs" as per RFC 5785 + location ~ /\.(?!well-known).* { + return 404; + } + + # This should be after the php fpm rule and very close to the last nginx ruleset. + # Don't allow direct access to various internal files. See MDL-69333 + location ~ (/vendor/|/node_modules/|composer\.json|/readme|/README|readme\.txt|/upgrade\.txt|/UPGRADING\.md|db/install\.xml|/fixtures/|/behat/|phpunit\.xml|\.lock|environment\.xml) { + deny all; + return 404; } # deny access to .htaccess files, if Apache's document root diff --git a/php.ini b/php.ini new file mode 100644 index 0000000..57c002b --- /dev/null +++ b/php.ini @@ -0,0 +1,17 @@ +; This is a subset of the php.ini-production template file: https://github.com/php/php-src/blob/master/php.ini-production +; Extend as needed + +; upload settings +file_uploads = On +upload_max_filesize = 256M +post_max_size = 256M +log_errors = On +error_log = /dev/stderr + +; opcache, configured according to https://docs.moodle.org/501/en/OPcache +opcache.enable = 1 +opcache.revalidate_freq = 60 +opcache.enable_cli = 1 + +zend.exception_ignore_args = On +max_input_vars = 5000 \ No newline at end of file diff --git a/uploads.ini b/uploads.ini deleted file mode 100644 index 532057b..0000000 --- a/uploads.ini +++ /dev/null @@ -1,5 +0,0 @@ -file_uploads = On -upload_max_filesize = 256M -post_max_size = 256M -log_errors = On -error_log = /dev/stderr \ No newline at end of file -- 2.49.0