Moodle

2 Introduction

Moodle is a free open-source software e-learning platform. It is designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalized learning environments.

Moodle is designed to scale and can accommodate extremely large user communities. The KEMP LoadMaster makes scaling Moodle simpler by load balancing user traffic and offloading the security overhead.

2.1 Document Purpose

This document provides steps on how to configure the KEMP LoadMaster to load balance the Moodle platform. This document does not address the deployment of Moodle clusters and assumes a working knowledge of Moodle configuration editing and some basic LoadMaster skills. For further information on LoadMaster configuration in general, refer to the Documentation on the KEMP Support site: https://support.kemptechnologies.com.

2.2 Intended Audience

This document is intended to be read by anyone who is interested in learning about how to load balance the Moodle platform using a KEMP LoadMaster.

2.3 Prerequisites

There are some requirements that must be met before configuring the LoadMaster to load balance Moodle:

The Moodle server(s) must be set up and configured correctly. For more information, please refer to the Moodle documentation.

The Active Directory server must be set up and configured correctly. For more information, please refer to the Microsoft documentation.

3 Deployment Options

A number of options are available to deploy a load balancer in a Moodle environment. These are described below:

SSL offload and load balancing: The LoadMaster terminates the SSL session and communicates with the appropriate server over HTTP. This approach ensures that all content is SSL encrypted.

SSL re-encrypt and load balancing: The LoadMaster decrypts incoming traffic and re-encrypts when forwarding balanced traffic to the Moodle servers.

Layer 4 SSL balancing: The LoadMaster balances SSL encrypted traffic between the Moodle servers. All SSL processing is performed by the Moodle servers.

Load balancing (without SSL offload): In some situations you may not want the LoadMaster to handle SSL offloading.

This document provides step-by-step instructions for the first and last options above. For further help on configuring the other methods, please contact KEMP Support.

4 Recommended Configuration

Recommended Configuration.png

A one-arm or two-arm topology can be set up. It is also possible to have a High Availability (HA) setup which will provide redundancy. For more information on HA and how to configure it, refer to the High Availability (HA), Feature Description.

5 Moodle Template

KEMP have developed a template containing our recommended settings for Moodle. This template can be installed on the LoadMaster and can be used when creating each of the Virtual Services. Using a template automatically populates the settings in the Virtual Services. This is quicker and easier than manually configuring each Virtual Service. If needed, changes can be made to any of the Virtual Service settings after using the template.

Released templates can be downloaded from the KEMP documentation page: http://kemptechnologies.com/documentation.

If you create another Virtual Service using the same template, ensure to change the Service Name to a unique name.

For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description.

For steps on how to manually add and configure each of the Virtual Services, refer to the Configure the LoadMaster section.

6 Configure the LoadMaster

Either a HTTP or HTTPS service can be set up, depending on the requirements. Follow the instructions in the relevant section below to set up the relevant Virtual Service.

6.1 Create a HTTP Virtual Service

In the main menu of the LoadMaster Web User Interface (WUI), follow the steps below:

1. Select Virtual Services.

2. Click Add New.

Create a HTTP Virtual Service.png

3. Enter a valid Virtual Address.

4. Enter 80 as the Port.

5. Enter a recognizable name, for example HTTP_Moodle.

6. Click Add this Virtual Service.

7. Expand the Advanced Properties section.

VSVSAP022.png

8. Select 302 Found as the Error Code.

9. Enter https://%h%s and click Set Redirect URL.

10. Expand the Standard Options section.

Create a HTTP Virtual Service_2.png

11. Remove the tick from the Transparency check box.

12. Expand the Real Servers section.

13. Click Add New.

Create a HTTP Virtual Service_3.png

14. Enter the IP address of the back-end servers in the Real Server Address text box.

15. Enter 80 as the Port.

16. Click Add this Real Server.

17. Click OK.

18. Repeat the last four steps to add the other Real Servers.

6.2 Create a HTTPS Virtual Service

Create a HTTPS Virtual Service.png

With this option, all client traffic is encrypted using SSL with the SSL being terminated on the LoadMaster. The LoadMaster balances the unencrypted traffic between the Moodle servers and re-encrypts the server replies to the client.

In the main menu of the LoadMaster WUI, follow the steps below:

1. Select Virtual Services.

2. Select Add New.

Create a HTTPS Virtual Service_1.png

3. Enter a valid Virtual Address.

4. Enter 443 as the Port.

5. Enter a recognizable Service Name, such as HTTPS_Moodle.

6. Click Add this Virtual Service.

7. Expand the SSL Properties section.

Create a HTTPS Virtual Service_2.png

8. Select Enabled.

9. Click OK.

10. In the Certificates section, select the relevant certificate and click the right arrow to move it to the Assigned Certificates box.

The self-signed certificate should be replaced with a proper certificate/key pair before deployment into a production environment. A single certificate secures all communications regardless of the number of Moodle servers deployed.

If there are no certificates listed, one will need to be uploaded. For further information on certificates, including steps on how to import and generate one, refer to the SSL Accelerated Services, Feature Description.

11. Click Set Certificates.

12. Expand the Standard Options section.

Create a HTTPS Virtual Service_3.png

13. Select Super HTTP as the Persistence Mode.

14. Expand the Real Servers section.

Create a HTTPS Virtual Service_4.png

15. Click Add New.

Create a HTTPS Virtual Service_5.png

16. Enter the IP address of the Moodle server in the Real Server Address text box.

17. Enter 80 as the Port.

18. Click Add This Real Server.

19. Click OK.

20. Repeat steps 16 to 19 to add other Real Servers as needed.

6.3 Other Virtual Service Configuration Options

There are other Virtual Service configuration options to consider, such as transparency and session persistence which are referred to in the sections below.

6.3.1 Transparency and Non-Transparency

A LoadMaster can be deployed in transparent or non-transparent mode. Transparent mode provides detailed client IP address information in the logs but it requires more configuration than non-transparent mode. Non-transparent mode requires no changes on the Moodle servers, but the Moodle logs will show all traffic as coming from the LoadMaster. The table below outlines some differences between transparent and non-transparent mode.

Transparent Non-Transparent

The Moodle server sees the client IP address as the source of a HTTP request.

The Moodle server sees all requests as coming from the LoadMaster.

The Moodle server must route all responses to the client IP address using the LoadMaster. This requires a routing change on the Moodle Server to either:

Set the default route (gateway) to be the LoadMaster, or;

Create static routes for each client subnet

In practice, setting the default route to be the LoadMaster is the easiest option.

The Moodle server replies directly back to the LoadMaster without any routing changes.

The Moodle logs contain the source IP address of the client.

The Moodle logs show all traffic as coming from the LoadMaster.

Transparency and Non Transparency.png

Transparency can be enabled/disabled in the Standard Options section of the Virtual Service modify screen.

6.3.2 Session Persistence

Depending on the configuration of the Moodle cluster, it may be desirable for a user to be continually served from the same Moodle server. By default, the LoadMaster will not use any persistence mechanism and a client request may be serviced by any of the Moodle servers in the cluster. Setting the Persistence Mode to Super HTTP will ensure that a client is serviced by the same server until the timeout period is reached. When using persistence, the Persistence Timeout value must match the inactivity timeout set in Moodle.

6.4 Moodle Server Configuration

Please ensure you have a restorable backup of any configuration before making these changes.

6.4.1 Routing

If using transparent mode in the LoadMaster, each Moodle server needs a routing update to provide a route back to the client via the LoadMaster. This can be implemented as a default route that points to the LoadMaster IP address or routes for the client subnet(s).

If using non-transparent mode on the LoadMaster, no routing changes are required.

6.4.2 Moodle SSL Configuration

The Moodle environment needs to be configured to support SSL proxies and to ensure that all URLs are HTTPS rather than HTTP. This configuration is stored in config.php which is located in the moodle/htdocs directory. Two changes are required to this file, as follows:

1. Configure Moodle to not do any SSL processing because that is being performed by the LoadMaster.

$CFG->sslproxy = 1;

2. Tell Moodle to rewrite all URLs with HTTPS (as this is not done in the LoadMaster in a Moodle configuration). The config.php file usually selects the reply protocol based on the client request protocol. Update the code to ensure that all replies are HTTPS.

3. Before:

if ($_SERVER['HTTPS'] == 'on') {    $CFG->wwwroot   = 'https://' . $_SERVER['HTTP_HOST'] . '/moodle';} else {    $CFG->wwwroot   = 'http://' . $_SERVER['HTTP_HOST'] . '/moodle';};

After:

if ($_SERVER['HTTPS'] == 'on') {    $CFG->wwwroot   = 'https://' . $_SERVER['HTTP_HOST'] . '/moodle';} else {    $CFG->wwwroot   = 'https://' . $_SERVER['HTTP_HOST'] . '/moodle';};

The only change in the code is to add an s to the end of http in the else part of the if statement. Changing the http:// to https:// ensures that all URLs are prefixed by the correct protocol.

References

Unless otherwise specified, the following documents can be found at http://kemptechnologies.com/documentation.

High Availability (HA), Feature Description

SSL Accelerated Services, Feature Description

Virtual Services and Templates, Feature Description

Web User Interface (WUI), Configuration Guide

Document History

Date Change Reason for Change Version Resp.

Nov 2014

Initial draft

First draft of document

1.0

LB

April 2015

Updates made

Updated to reflect new template

1.1

LB

Oct 2015

Release updates

Updates for 7.1-30 release

3.0

LB

Dec 2015

Release updates

Updates for 7.1-32 release

4.0

LB

Jan 2016

Minor change

Updated Copyright Notices

5.0

LB

Mar 2016

Release updates

Updates for 7.1-34 release

6.0

LB

Jan 2017

Minor change

Enhancements made

7.0

LB

July 2017 Release updates Updates for 7.2.39 release 8.0 CMC

 

Was this article helpful?

0 out of 0 found this helpful

Comments