Step 2 - Configurations
Network config
Add this file:
nano /etc/sysctl.d/90-socket-tuning.conf
Insert the following line in the file:
#
# Socket tuning
#
# Recieve and Send Socket Mem Buffer Sizes
net.core.rmem_max=4194304
net.core.wmem_max=4194304
# Sockets (default 128)
net.core.somaxconn = 4096
# Increase the number of outstanding syn requests allowed.
# c.f. The use of syncookies.
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_syncookies = 1
# Widen local portrange
net.ipv4.ip_local_port_range = 2051 64512
Configure MariaDB
Open ilias.cnf file:
nano /etc/mysql/conf.d/ilias.cnf
Add the lines below in the file.
[Service]
LimitMEMLOCK=infinity
LimitNOFILE=524288
TimeoutStartSec=600
ExecStartPre=/bin/sync
ExecStartPre=/sbin/sysctl -q -w vm.drop_caches=3
innodb_strict_mode=OFF
log_error = /var/log/mysql/error.log
slow_query_log_file = /var/log/mysql/mariadb-slow.log
long_query_time = 0.5
log_slow_rate_limit = 1000
log_slow_verbosity = query_plan,explain
default_storage_engine = InnoDB
sql_mode = ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
Restart the Apache and MariaDB
service apache2 restart
service mariadb restart
General PHP configuration
To change the settings of PHP, edit the php.ini file:
nano /etc/php/7.4/apache2/php.ini
Search with ctrl+w for these parameters and change the values like this (add missing lines):
- max_execution_time = 600
- max_input_vars = 10000
- memory_limit = 512M
Set these two parameters accordingly to your needs:
- post_max_size = 512M
- upload_max_filesize = 512M
This setting for error-reporting is essential. Please do not try other values because copying may not work in ILIAS:
- error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_NOTICE
- display_errors = On
Session handling:
- session.gc_probability = 1
- session.gc_divisor = 100
- session.gc_maxlifetime = 14400
- session.hash_function = 0
- session.cookie_httponly = On
- session.save_handler = files
- session.cookie_secure = On
For chat
- allow_url_fopen = On
OPCache Settings:
- opcache.enable=1
- opcache.enable_cli=1
- opcache.interned_strings_buffer=8
- opcache.max_accelerated_files=10000
- opcache.memory_consumption=128
- opcache.save_comments=1
- opcache.revalidate_freq=1
Add this lines at the bottom for APC-Cache support:
- apc.enabled=1
- pc.shm_size=256M
- apc.ttl=7200
- apc.enable_cli=1
- apc.gc_ttl=3600
- apc.entries_hint=4096
- apc.slam_defense=1
- apc.serializer=igbinary
Restart Apache
systemctl restart apache2
Configure vhosts
General server settings to activate SSL
For this tutorial, we will assume that our ILIAS installation will run on iliastutorials.com. You should adjust and use your domain in the configuration files.
- Check which sites are running under https:
ls /etc/apache2/sites-enabled
- Disable all SSL-confs (recommended). Example:
a2dissite 000-default.conf
- Check again if the folder is empty. Otherwise, delete the content:
rm /etc/apache2/sites-enabled/*
- Now we create all vhost-files that we need. In this case:
cd /etc/apache2/sites-available
- For the whole site:
touch 000-www-ilias.conf
- For Etherpad:
touch pad.ilias.conf
- For ILIAS-Chat-System:
touch chat.ilias.conf
- If you don`t use similar vhost files already, you can choose these examples. Just edit some lines so they will fit your installation:
nano 000-www-ilias.conf
- Copy the code below and change the first ten lines accordingly to your needs:
<VirtualHost iliastutorials.com:80>
ServerAdmin admin@iliastutorials.com
ServerName www.iliastutorials.com
ServerAlias www.iliastutorials.com
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
KeepAlive off
HostNameLookups off
Protocols h2 http/1.1
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
DocumentRoot /var/www/html
#Or its this path?
#DocumentRoot /var/www
XSendFilePath /var/www/html
XSendFilePath /opt
<Directory /var/www/html/>
<IfModule mod_php7.c>
php_flag register_globals off
</IfModule>
Options -Indexes +FollowSymlinks
DirectoryIndex index.php
DirectoryIndex index.html
DirectoryIndex index.htm
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
To edit the pad.ilias.conf run the following command:
nano pad.ilias.conf
- Copy the code below and change the first line and line 20, if necessary
<VirtualHost pad.iliastutorials.com:80>
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so
ProxyVia On
ProxyRequests Off
ProxyPass / http://localhost:9001/
ProxyPassReverse / http://localhost:9001/
ProxyPreserveHost on
<Proxy *>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Proxy>
</VirtualHost>
To edit the chat.ilias.conf file run the following command
nano chat.ilias.conf
- Copy the code below and change the first line and line 21, if necessary.
<VirtualHost chat.iliastutorials.com:80>
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so
ProxyVia On
ProxyRequests Off
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ProxyPreserveHost on
<Proxy *>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Proxy>
</VirtualHost>
Activate the files and restart Apache
a2ensite 000-www-ilias.conf
a2ensite pad.ilias.conf
a2ensite chat.ilias.conf
systemctl restart apache2
Install the SSL Certificate with Certbot
To install the certificate, we will use the instructions here:
Here are the steps:
apt install certbot python3-certbot-apache
certbot --apache
- After the prompt "which names would you like to activate HTTPS for?", choose the names, like 1 2 3 4, give your e-mail, and so on.
- Recommended: Choose 2: "Secure - Make all requests redirect to secure HTTPS access."
After all, there should appear something like this:
- "Congratulations! You have successfully enabled https://iliastutorials.com, https://chat.iliastutorials.com, https://pad.iliastutorials.com, https://www.iliastutorials.com.
- Check if everything works like expected: https://www.iliastutorials.com ("It works!" should appear))