[Moodle Migration][Phase 1] Base OS prep (Ubuntu 24.04 LTS)
Phase 1 — Base OS prep (Ubuntu 24.04 LTS)
Context Starting to execute the plan we outlined on the Moodle migration considerations and upgrade strategy note.
Goal Establish a production-ready foundation that’s secure by default and ready for Moodle restore & upgrades.
Steps
- Patch & reboot if needed
- Essentials + firewall
- Web tier online (no app yet)
- Moodle directories (secure layout)
Patch & reboot if needed**
sudo apt update
sudo apt -y upgrade
[ -f /var/run/reboot-required ] && sudo rebootWhy: current security/bug fixes; start from a known-good baseline.
Essentials + firewall**
sudo apt install -y ca-certificates curl gnupg ufw
sudo ufw allow OpenSSH
sudo ufw --force enable
sudo ufw statusWhy: CA trust/curl/GPG for secure repos; UFW to default-deny everything except SSH.
Web tier online (no app yet)**
sudo apt install -y nginx
sudo systemctl enable --now nginx
sudo ufw allow 'Nginx Full' # 80/443
sudo ufw statusWhy: stand up the reverse proxy cleanly; we’ll wire PHP later.
Moodle directories (secure layout)**
sudo mkdir -p /var/www/moodle /var/www/moodledata
sudo chown -R www-data:www-data /var/www/moodledata
sudo chmod 750 /var/www/moodledataWhy: moodledata outside webroot, writable only by the web user; prevents direct download of uploads/caches.
Acceptance checks
- SSH reachable; UFW shows only OpenSSH and Nginx Full allowed.
- Nginx running; default page loads.
moodledataexists withwww-dataand restrictive perms.