Step 2 - Configurations

Network config

Add this file:

nano /etc/sysctl.d/90-socket-tuning.conf

Insert the following line in the file:

#
# Socket tuning
#
 
# Recieve and Send Socket Mem Buffer Sizes
net.core.rmem_max=4194304
net.core.wmem_max=4194304
 
# Sockets (default 128)
net.core.somaxconn = 4096
 
# Increase the number of outstanding syn requests allowed.
# c.f. The use of syncookies.
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_syncookies = 1
 
# Widen local portrange
net.ipv4.ip_local_port_range = 2051 64512

Configure MariaDB

Open ilias.cnf file:

nano /etc/mysql/conf.d/ilias.cnf

Add the lines below in the file.

[Service]
LimitMEMLOCK=infinity
LimitNOFILE=524288
TimeoutStartSec=600
ExecStartPre=/bin/sync
ExecStartPre=/sbin/sysctl -q -w vm.drop_caches=3
 
innodb_strict_mode=OFF
log_error = /var/log/mysql/error.log
slow_query_log_file    = /var/log/mysql/mariadb-slow.log
long_query_time        = 0.5
log_slow_rate_limit    = 1000
log_slow_verbosity     = query_plan,explain
default_storage_engine  = InnoDB
sql_mode = ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

Restart the Apache and MariaDB

service apache2 restart

service mariadb restart

General PHP configuration

To change the settings of PHP, edit the php.ini file:

nano /etc/php/7.4/apache2/php.ini

Search with ctrl+w for these parameters and change the values like this (add missing lines):

• max_execution_time = 600
• max_input_vars = 10000
• memory_limit = 512M

Set these two parameters accordingly to your needs:

• post_max_size = 512M
• upload_max_filesize = 512M

This setting for error-reporting is essential. Please do not try other values because copying may not work in ILIAS:

• error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_NOTICE
• display_errors = On

Session handling:

• session.gc_probability = 1
• session.gc_divisor = 100
• session.gc_maxlifetime = 14400
• session.hash_function = 0
• session.cookie_httponly = On
• session.save_handler = files
• session.cookie_secure = On

For chat

• allow_url_fopen = On

OPCache Settings:

• opcache.enable=1
• opcache.enable_cli=1
• opcache.interned_strings_buffer=8
• opcache.max_accelerated_files=10000
• opcache.memory_consumption=128
• opcache.save_comments=1
• opcache.revalidate_freq=1

Add this lines at the bottom for APC-Cache support:

• apc.enabled=1
• pc.shm_size=256M
• apc.ttl=7200
• apc.enable_cli=1
• apc.gc_ttl=3600
• apc.entries_hint=4096
• apc.slam_defense=1
• apc.serializer=igbinary

Restart Apache

systemctl restart apache2

Configure vhosts

General server settings to activate SSL

For this tutorial, we will assume that our ILIAS installation will run on iliastutorials.com. You should adjust and use your domain in the configuration files.

• Check which sites are running under https:

ls /etc/apache2/sites-enabled

• Disable all SSL-confs (recommended). Example:

a2dissite 000-default.conf

• Check again if the folder is empty. Otherwise, delete the content:

rm /etc/apache2/sites-enabled/*

• Now we create all vhost-files that we need. In this case:

cd /etc/apache2/sites-available

• For the whole site:

touch 000-www-ilias.conf

• For Etherpad:

touch pad.ilias.conf

• For ILIAS-Chat-System:

touch chat.ilias.conf

• If you don`t use similar vhost files already, you can choose these examples. Just edit some lines so they will fit your installation:

nano 000-www-ilias.conf

• Copy the code below and change the first ten lines accordingly to your needs:

<VirtualHost iliastutorials.com:80>
        ServerAdmin admin@iliastutorials.com
        ServerName www.iliastutorials.com
        ServerAlias www.iliastutorials.com
        ErrorLog /var/log/apache2/error.log
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
        KeepAlive off
        HostNameLookups off
        Protocols h2 http/1.1
 
 
 
    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
    </IfModule>
 
        DocumentRoot /var/www/html
        #Or its this path?
        #DocumentRoot /var/www
 
        XSendFilePath /var/www/html
        XSendFilePath /opt
 
 
<Directory /var/www/html/>
        <IfModule mod_php7.c>
                php_flag register_globals off
        </IfModule>
 
        Options -Indexes +FollowSymlinks
 
        DirectoryIndex index.php
        DirectoryIndex index.html
        DirectoryIndex index.htm
 
        AllowOverride All
        Require all granted
 
</Directory>
 
</VirtualHost>

To edit the pad.ilias.conf run the following command:

nano pad.ilias.conf

• Copy the code below and change the first line and line 20, if necessary

<VirtualHost pad.iliastutorials.com:80>
  LoadModule  proxy_module         /usr/lib/apache2/modules/mod_proxy.so
  LoadModule  proxy_http_module    /usr/lib/apache2/modules/mod_proxy_http.so
  LoadModule  headers_module       /usr/lib/apache2/modules/mod_headers.so
  LoadModule  deflate_module       /usr/lib/apache2/modules/mod_deflate.so
 
  ProxyVia On
  ProxyRequests Off
  ProxyPass / http://localhost:9001/
  ProxyPassReverse / http://localhost:9001/
  ProxyPreserveHost on
  <Proxy *>
    Options FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
  </Proxy>
 
</VirtualHost>

To edit the chat.ilias.conf file run the following command

nano chat.ilias.conf

• Copy the code below and change the first line and line 21, if necessary.

<VirtualHost chat.iliastutorials.com:80>
        LoadModule  proxy_module         /usr/lib/apache2/modules/mod_proxy.so
        LoadModule  proxy_http_module    /usr/lib/apache2/modules/mod_proxy_http.so
        LoadModule  headers_module       /usr/lib/apache2/modules/mod_headers.so
        LoadModule  deflate_module       /usr/lib/apache2/modules/mod_deflate.so
 
        ProxyVia On
        ProxyRequests Off
        ProxyPass / http://127.0.0.1:8080/
        ProxyPassReverse / http://127.0.0.1:8080/
        ProxyPreserveHost on
 
        <Proxy *>
                Options FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Proxy>
 
</VirtualHost>

Activate the files and restart Apache

a2ensite 000-www-ilias.conf

a2ensite pad.ilias.conf

a2ensite chat.ilias.conf

systemctl restart apache2

Install the SSL Certificate with Certbot

To install the certificate, we will use the instructions here:

Certbot Instructions

Tagline

EFF

Here are the steps:

apt install certbot python3-certbot-apache

certbot --apache

• After the prompt "which names would you like to activate HTTPS for?", choose the names, like 1 2 3 4, give your e-mail, and so on.
• Recommended: Choose 2: "Secure - Make all requests redirect to secure HTTPS access."

After all, there should appear something like this:

• "Congratulations! You have successfully enabled https://iliastutorials.com, https://chat.iliastutorials.com, https://pad.iliastutorials.com, https://www.iliastutorials.com.
• Check if everything works like expected: https://www.iliastutorials.com ("It works!" should appear))