Moodle
Contents
2 Introduction
Moodle is a free open-source software e-learning platform. It is designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalized learning environments.
Moodle is designed to scale and can accommodate extremely large user communities. The Kemp LoadMaster makes scaling Moodle simpler by load balancing user traffic and offloading the security overhead.
2.1 Document Purpose
This document provides steps on how to configure the Kemp LoadMaster to load balance the Moodle platform. This document does not address the deployment of Moodle clusters and assumes a working knowledge of Moodle configuration editing and some basic LoadMaster skills. For further information on LoadMaster configuration in general, refer to the Documentation on the Kemp Support site: https://support.kemptechnologies.com.
2.2 Intended Audience
This document is intended to be read by anyone who is interested in learning about how to load balance the Moodle platform using a Kemp LoadMaster.
2.3 Prerequisites
There are some requirements that must be met before configuring the LoadMaster to load balance Moodle:
The Moodle server(s) must be set up and configured correctly. For more information, please refer to the Moodle documentation.
The Active Directory server must be set up and configured correctly. For more information, please refer to the Microsoft documentation.
3 Deployment Options
A number of options are available to deploy a load balancer in a Moodle environment. These are described below:
SSL offload and load balancing: The LoadMaster terminates the SSL session and communicates with the appropriate server over HTTP. This approach ensures that all content is SSL encrypted.
SSL re-encrypt and load balancing: The LoadMaster decrypts incoming traffic and re-encrypts when forwarding balanced traffic to the Moodle servers.
Layer 4 SSL balancing: The LoadMaster balances SSL encrypted traffic between the Moodle servers. All SSL processing is performed by the Moodle servers.
Load balancing (without SSL offload): In some situations you may not want the LoadMaster to handle SSL offloading.
This document provides step-by-step instructions for the first and last options above. For further help on configuring the other methods, please contact Kemp Support.
4 Recommended Configuration
A one-arm or two-arm topology can be set up. It is also possible to have a High Availability (HA) setup which will provide redundancy. For more information on HA and how to configure it, refer to the High Availability (HA), Feature Description.
5 Moodle Template
Kemp have developed a template containing our recommended settings for Moodle. This template can be installed on the LoadMaster and can be used when creating each of the Virtual Services. Using a template automatically populates the settings in the Virtual Services. This is quicker and easier than manually configuring each Virtual Service. If needed, changes can be made to any of the Virtual Service settings after using the template.
Released templates can be downloaded from the Kemp documentation page: http://kemptechnologies.com/documentation.
If you create another Virtual Service using the same template, ensure to change the Service Name to a unique name.
For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description.
For steps on how to manually add and configure each of the Virtual Services, refer to the Configure the LoadMaster section.
6 Configure the LoadMaster
Either a HTTP or HTTPS service can be set up, depending on the requirements. Follow the instructions in the relevant section below to set up the relevant Virtual Service.
6.1 Create a HTTP Virtual Service
In the main menu of the LoadMaster Web User Interface (WUI), follow the steps below:
1. Select Virtual Services.
2. Click Add New.
3. Enter a valid Virtual Address.
4. Enter 80 as the Port.
5. Enter a recognizable name, for example HTTP_Moodle.
6. Click Add this Virtual Service.
7. Configure the settings as recommended in the following table:
|
Section |
Option |
Value |
|
|---|---|---|---|
|
Advanced Properties |
Error Code |
302 Found |
|
|
|
Redirect URL |
https://%h%s |
Click Set Redirect URL |
|
Standard Options |
Transparency |
Disabled |
8. Add the Real Servers:
a) Expand the Real Servers section.
b) Click Add New.
c) Enter the IP address of the back-end servers in the Real Server Address text box.
d) Enter 80 as the Port.
e) Click Add this Real Server.
f) Click OK.
g) Repeat the last four steps to add the other Real Servers.
6.2 Create a HTTPS Virtual Service
With this option, all client traffic is encrypted using SSL with the SSL being terminated on the LoadMaster. The LoadMaster balances the unencrypted traffic between the Moodle servers and re-encrypts the server replies to the client.
In the main menu of the LoadMaster WUI, follow the steps below:
1. Select Virtual Services.
2. Select Add New.
3. Enter a valid Virtual Address.
4. Enter 443 as the Port.
5. Enter a recognizable Service Name, such as HTTPS_Moodle.
6. Click Add this Virtual Service.
7. Configure the settings as recommended in the following table:
|
Section |
Option |
Value |
Comment |
|---|---|---|---|
|
SSL Properties |
SSL Acceleration |
Enabled |
Click OK. |
|
|
Certificates |
|
Select the relevant certificate and click the right arrow to move it to the Assigned Certificates box.* Click Set Certificates |
|
Standard Options |
Persistence Mode |
Super HTTP |
|
|
Real Servers |
Checked Port |
389 |
|
*The self-signed certificate should be replaced with a proper certificate/key pair before deployment into a production environment. A single certificate secures all communications regardless of the number of Moodle servers deployed.
If there are no certificates listed, one must be uploaded. For further information on certificates, including steps on how to import and generate one, refer to the SSL Accelerated Services, Feature Description.
8. Add the Real Servers.
a) Click Add New.
b) Enter the IP address of the Moodle server in the Real Server Address text box.
c) Enter the IP address of the Moodle server in the Real Server Address text box.
d) Enter 80 as the Port.
e) Click Add This Real Server.
f) Click OK.
g) Repeat steps b to f to add other Real Servers as needed.
6.3 Other Virtual Service Configuration Options
There are other Virtual Service configuration options to consider, such as transparency and session persistence which are referred to in the sections below.
6.3.1 Transparency and Non-Transparency
A LoadMaster can be deployed in transparent or non-transparent mode. Transparent mode provides detailed client IP address information in the logs but it requires more configuration than non-transparent mode. Non-transparent mode requires no changes on the Moodle servers, but the Moodle logs will show all traffic as coming from the LoadMaster. The table below outlines some differences between transparent and non-transparent mode.
| Transparent | Non-Transparent |
|---|---|
|
The Moodle server sees the client IP address as the source of a HTTP request. |
The Moodle server sees all requests as coming from the LoadMaster. |
|
The Moodle server must route all responses to the client IP address using the LoadMaster. This requires a routing change on the Moodle Server to either: Set the default route (gateway) to be the LoadMaster, or; Create static routes for each client subnet In practice, setting the default route to be the LoadMaster is the easiest option. |
The Moodle server replies directly back to the LoadMaster without any routing changes. |
|
The Moodle logs contain the source IP address of the client. |
The Moodle logs show all traffic as coming from the LoadMaster. |
Transparency can be enabled/disabled in the Standard Options section of the Virtual Service modify screen.
6.3.2 Session Persistence
Depending on the configuration of the Moodle cluster, it may be desirable for a user to be continually served from the same Moodle server. By default, the LoadMaster will not use any persistence mechanism and a client request may be serviced by any of the Moodle servers in the cluster. Setting the Persistence Mode to Super HTTP will ensure that a client is serviced by the same server until the timeout period is reached. When using persistence, the Persistence Timeout value must match the inactivity timeout set in Moodle.
6.4 Moodle Server Configuration
Please ensure you have a restorable backup of any configuration before making these changes.
6.4.1 Routing
If using transparent mode in the LoadMaster, each Moodle server needs a routing update to provide a route back to the client via the LoadMaster. This can be implemented as a default route that points to the LoadMaster IP address or routes for the client subnet(s).
If using non-transparent mode on the LoadMaster, no routing changes are required.
6.4.2 Moodle SSL Configuration
The Moodle environment needs to be configured to support SSL proxies and to ensure that all URLs are HTTPS rather than HTTP. This configuration is stored in config.php which is located in the moodle/htdocs directory. Two changes are required to this file, as follows:
1. Configure Moodle to not do any SSL processing because that is being performed by the LoadMaster.
$CFG->sslproxy = 1;2. Tell Moodle to rewrite all URLs with HTTPS (as this is not done in the LoadMaster in a Moodle configuration). The config.php file usually selects the reply protocol based on the client request protocol. Update the code to ensure that all replies are HTTPS.
3. Before:
if ($_SERVER['HTTPS'] == 'on') { $CFG->wwwroot = 'https://' . $_SERVER['HTTP_HOST'] . '/moodle';} else { $CFG->wwwroot = 'http://' . $_SERVER['HTTP_HOST'] . '/moodle';};After:
if ($_SERVER['HTTPS'] == 'on') { $CFG->wwwroot = 'https://' . $_SERVER['HTTP_HOST'] . '/moodle';} else { $CFG->wwwroot = 'https://' . $_SERVER['HTTP_HOST'] . '/moodle';};The only change in the code is to add an s to the end of http in the else part of the if statement. Changing the http:// to https:// ensures that all URLs are prefixed by the correct protocol.
Unless otherwise specified, the following documents can be found at http://kemptechnologies.com/documentation.
High Availability (HA), Feature Description
SSL Accelerated Services, Feature Description
Virtual Services and Templates, Feature Description
Web User Interface (WUI), Configuration Guide
Last Updated Date
This document was last updated on 22 March 2022.