Moodle is a free open-source software e-learning platform. It is designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalized learning environments.

Moodle is designed to scale and can accommodate extremely large user communities. The KEMP LoadMaster makes scaling Moodle simpler by load balancing user traffic and offloading the security overhead.

1.1Document Purpose

This document provides steps on how to configure the KEMP LoadMaster to load balance the Moodle platform. This document does not address the deployment of Moodle clusters and assumes a working knowledge of Moodle configuration editing and some basic LoadMaster skills. For further information on LoadMaster configuration in general, refer to the Documentation on the KEMP Support site:

1.2Intended Audience

This document is intended to be read by anyone who is interested in learning about how to load balance the Moodle platform using a KEMP LoadMaster.


There are some requirements that must be met before configuring the LoadMaster to load balance Moodle:

  • The Moodle server(s) must be set up and configured correctly. For more information, please refer to the Moodle documentation.
  • The Active Directory server must be set up and configured correctly. For more information, please refer to the Microsoft documentation.

2Deployment Options

A number of options are available to deploy a load balancer in a Moodle environment. These are described below:

  • SSL offload and load balancing: The LoadMaster terminates the SSL session and communicates with the appropriate server over HTTP. This approach ensures that all content is SSL encrypted.
  • SSL re-encrypt and load balancing: The LoadMaster decrypts incoming traffic and re-encrypts when forwarding balanced traffic to the Moodle servers.
  • Layer 4 SSL balancing: The LoadMaster balances SSL encrypted traffic between the Moodle servers. All SSL processing is performed by the Moodle servers.
  • Load balancing (without SSL offload): In some situations you may not want the LoadMaster to handle SSL offloading.

This document provides step-by-step instructions for the first and last options above. For further help on configuring the other methods, please contact KEMP Support.

3Recommended Configuration

Figure 3‑1: Example Moodle Topology

A one-arm or two-arm topology can be set up. It is also possible to have a High Availability (HA) setup which will provide redundancy. For more information on HA and how to configure it, refer to the High Availability (HA), Feature Description.

4Moodle Template

KEMP have developed a template containing our recommended settings for Moodle. This template can be installed on the LoadMaster and can be used when creating each of the Virtual Services. Using a template automatically populates the settings in the Virtual Services. This is quicker and easier than manually configuring each Virtual Service. If needed, changes can be made to any of the Virtual Service settings after using the template.

Released templates can be downloaded from the KEMP documentation page:

If you create another Virtual Service using the same template, ensure to change the Service Name to a unique name.

For more information and steps on how to import and use templates, refer to theVirtual Services and Templates, Feature Description.

For steps on how to manually add and configure each of the Virtual Services, refer to Section 5.

5Configure the LoadMaster

Either a HTTP or HTTPS service can be set up, depending on the requirements. Follow the instructions in the relevant section below to set up the relevant Virtual Service.

5.1Create a HTTP Virtual Service

In the main menu of the LoadMaster Web User Interface (WUI), follow the steps below:

  1. Select Virtual Services.
  2. Click Add New.

Figure 5‑1: Virtual Service Parameters

  1. Enter a valid Virtual Address.
  2. Enter 80 as the Port.
  3. Enter a recognizable name, for example HTTP_Moodle.
  4. Click Add this Virtual Service.
  5. Expand the Advanced Properties section.

Figure 2: Advanced Properties

  1. Select 302 Found as the Error Code.
  2. Enter https://%h%s and click Set Redirect URL.
  3. Expand the Standard Options section.

Figure 3: Standard Options

  1. Remove the tick from the Transparency check box.
  2. Expand the Real Servers section.
  3. Click Add New.

Figure 5‑4: Real Server Parameters

  1. Enter the IP address of the back-end servers in the Real ServerAddress text box.
  2. Enter 80 as the Port.
  3. Click Add this Real Server.
  4. Click OK.
  5. Repeat the last four steps to add the other Real Servers.

5.2Create a HTTPS Virtual Service

Figure 5‑5: SSL offload and load balancing

With this option, all client traffic is encrypted using SSL with the SSL being terminated on the LoadMaster. The LoadMaster balances the unencrypted traffic between the Moodle servers and re-encrypts the server replies to the client.

In the main menu of the LoadMaster WUI, follow the steps below:

  1. Select Virtual Services.
  2. Select Add New.

Figure 5‑6: Virtual Service Parameters

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.
  3. Enter a recognizable Service Name, such as HTTPS_Moodle.
  4. Click Add this Virtual Service.
  5. Expand the SSL Properties section.

Figure 5‑7: SSL Properties

  1. Select Enabled.
  2. Click OK.
  3. In the Certificates section, select the relevant certificate and click the right arrow to move it to the Assigned Certificates box.

The self-signed certificate should be replaced with a proper certificate/key pair before deployment into a production environment. A single certificate secures all communications regardless of the number of Moodle servers deployed.

If there are no certificates listed, one will need to be uploaded. For further information on certificates, including steps on how to import and generate one, refer to the SSL Accelerated Services, Feature Description.

  1. Click Set Certificates.
  2. Expand the Standard Options section.

Figure 5‑8: Standard Options

  1. Select Super HTTP as the Persistence Mode.
  2. Expand the Real Servers section.

Figure 5‑9: Real Servers Section

  1. Click Add New.

Figure 5‑10: Real Server Parameters

  1. Enter the IP address of the Moodle server in the Real Server Address text box.
  2. Enter 80 as the Port.
  3. Click Add This Real Server.
  4. Click OK.
  5. Repeat steps 16 to 19 to add other Real Servers as needed.

5.3Other Virtual Service Configuration Options

There are other Virtual Service configuration options to consider, such as transparency and session persistence which are referred to in the sections below.

5.3.1Transparency and Non-Transparency

A LoadMaster can be deployed in transparent or non-transparent mode. Transparent mode provides detailed client IP address information in the logs but it requires more configuration than non-transparent mode. Non-transparent mode requires no changes on the Moodle servers, but the Moodle logs will show all traffic as coming from the LoadMaster. The table below outlines some differences between transparent and non-transparent mode.



The Moodle server sees the client IP address as the source of a HTTP request.

The Moodle server sees all requests as coming from the LoadMaster.

The Moodle server must route all responses to the client IP address using the LoadMaster. This requires a routing change on the Moodle Server to either:

  • Set the default route (gateway) to be the LoadMaster, or;
  • Create static routes for each client subnet

In practice, setting the default route to be the LoadMaster is the easiest option.

The Moodle server replies directly back to the LoadMaster without any routing changes.

The Moodle logs contain the source IP address of the client.

The Moodle logs show all traffic as coming from the LoadMaster.

Figure 5‑11: Standard Options

Transparency can be enabled/disabled in the Standard Options section of the Virtual Service modify screen.

5.3.2Session Persistence

Depending on the configuration of the Moodle cluster, it may be desirable for a user to be continually served from the same Moodle server. By default, the LoadMaster will not use any persistence mechanism and a client request may be serviced by any of the Moodle servers in the cluster. Setting the Persistence Mode to Super HTTP will ensure that a client is serviced by the same server until the timeout period is reached. When using persistence, the Persistence Timeout value must match the inactivity timeout set in Moodle.

5.4Moodle Server Configuration

Please ensure you have a restorable backup of any configuration before making these changes.


If using transparent mode in the LoadMaster, each Moodle server needs a routing update to provide a route back to the client via the LoadMaster. This can be implemented as a default route that points to the LoadMaster IP address or routes for the client subnet(s).

If using non-transparent mode on the LoadMaster, no routing changes are required.

5.4.2Moodle SSL Configuration

The Moodle environment needs to be configured to support SSL proxies and to ensure that all URLs are HTTPS rather than HTTP. This configuration is stored in config.php which is located in the moodle/htdocs directory. Two changes are required to this file, as follows:

  1. Configure Moodle to not do any SSL processing because that is being performed by the LoadMaster.

$CFG->sslproxy = 1;

  1. Tell Moodle to rewrite all URLs with HTTPS (as this is not done in the LoadMaster in a Moodle configuration). The config.php file usually selects the reply protocol based on the client request protocol. Update the code to ensure that all replies are HTTPS.


if ($_SERVER['HTTPS'] == 'on') {

$CFG->wwwroot = 'https://' . $_SERVER['HTTP_HOST'] . '/moodle';

} else {

$CFG->wwwroot = 'http://' . $_SERVER['HTTP_HOST'] . '/moodle';




if ($_SERVER['HTTPS'] == 'on') {

$CFG->wwwroot = 'https://' . $_SERVER['HTTP_HOST'] . '/moodle';

} else {

$CFG->wwwroot = 'https://' . $_SERVER['HTTP_HOST'] . '/moodle';


The only change in the code is to add an s to the end of http in the else part of the if statement. Changing the http:// to https:// ensures that all URLs are prefixed by the correct protocol.


Unless otherwise specified, the following documents can be found at

High Availability (HA), Feature Description SSL Accelerated Services, Feature Description Virtual Services and Templates, Feature Description Web User Interface (WUI), Configuration Guide

Document History



Reason for Change



Nov 2014

Initial draft

First draft of document



April 2015

Updates made

Updated to reflect new template



Oct 2015

Release updates

Updates for 7.1-30 release



Dec 2015

Release updates

Updates for 7.1-32 release



Jan 2016

Minor change




Mar 2016

Release updates

Updates for 7.1-34 release



Jan 2017

Minor change

Enhancements made



Was this article helpful?

0 out of 0 found this helpful