Moodle 4.3 LMS on Ubuntu 22.04 on Azure User Guide

Overview

This image runs Moodle 4.3.12 on Ubuntu 22.04 LTS. The application server is nginx with PHP FPM 8.1 and OPcache enabled. Content and grade data are stored in PostgreSQL 14 on the same virtual machine, bound to the loopback interface only. Moodle scheduled tasks run every minute through a systemd timer so course backups, message delivery, badge issuing, and other lifecycle jobs fire without manual intervention.

Moodle administrator and PostgreSQL credentials are generated on the first boot of every deployed virtual machine. Two virtual machines launched from the same gallery image never share passwords. The initial administrator password and the PostgreSQL role password are written to /root/moodle-credentials.txt with mode 0600 so that only the root user can read them.

The image expects the virtual machine to have a public IP address or a private IP address that learners can reach. Moodle's $CFG->wwwroot is set dynamically from the browser's Host header on each request, so the site works correctly whether customers reach the virtual machine via a public IP, a private IP, an Azure Application Gateway, or a custom DNS name — no manual reconfiguration is required.

Moodle 4.3 is a long term support release ideal for institutions that need stability, a proven plugin ecosystem, and compatibility with PHP 8.1. If you are evaluating a migration from Moodle 4.1 or 4.2 this image is a safe LTS step before 5.x.

Prerequisites

Before you deploy this image you need:

• A Microsoft Azure subscription where you can create resource groups, virtual networks, and virtual machines
• Azure role permissions equivalent to Contributor on the target resource group
• An SSH public key for first login to the administrator account
• A virtual network and subnet in the same region as the Azure Compute Gallery the image is published into, with an associated network security group allowing inbound port 22 from your management network and inbound ports 80 and 443 from the networks your learners will use
• The Azure CLI (az version 2.50 or later) installed locally if you plan to deploy from the command line
• The cloudimg Moodle 4.3 offer enabled on your tenant in Azure Marketplace

Step 1: Deploy the Virtual Machine from the Azure Portal

Sign in to the Azure Portal at https://portal.azure.com, search the Marketplace for Moodle 4.3 LMS on Ubuntu 22.04 by cloudimg, and select Create.

On the Basics tab pick your subscription and resource group, give the virtual machine a name, choose a region that is in the gallery replication list for this offer, select the image version, and pick a size of Standard_D2s_v3 or larger. On the Disks tab choose Standard SSD (locally redundant storage) to balance cost and performance — the Moodle workload is PHP and PostgreSQL heavy, so a hot managed disk is not required for a small deployment. On the Networking tab select your virtual network and subnet, attach a Standard SKU public IP, and open ports 22 (from your management CIDR only), 80, and 443 on the network security group. Skip 443 for the initial deployment if you do not have a TLS certificate yet and plan to use Let's Encrypt in step 10.

Review and create the virtual machine. First boot takes approximately one minute after the provisioning state becomes Succeeded.

Step 2: Deploy the Virtual Machine from the Azure CLI

The following block creates a resource group, a virtual network with a single subnet, a network security group that opens 22 to your management network and 80 and 443 to the Internet, and a virtual machine that launches from the latest image version of the cloudimg Moodle 4.3 Azure Compute Gallery image.

Replace <your-mgmt-cidr> with the CIDR block of the network you will SSH from (for example 203.0.113.0/24), and replace <sub-id> with your Azure subscription GUID.

LOCATION=eastus
RG=moodle-4-3-rg
VM_NAME=moodle-lms-01
ADMIN_USER=moodleadmin
SSH_KEY=~/.ssh/id_rsa.pub
MGMT_CIDR=<your-mgmt-cidr>
SUB_ID=<sub-id>
IMAGE_ID=/subscriptions/7be40302-8226-4b7d-9040-f1e38b1513a1/resourceGroups/AZURE-CLOUDIMG/providers/Microsoft.Compute/galleries/cloudimgGallery/images/moodle-4-3-12-ubuntu-22-04

az group create --name $RG --location $LOCATION

az network vnet create \
  --resource-group $RG \
  --name moodle-vnet \
  --address-prefix 10.40.0.0/16 \
  --subnet-name moodle-subnet \
  --subnet-prefix 10.40.1.0/24

az network nsg create --resource-group $RG --name moodle-nsg

az network nsg rule create \
  --resource-group $RG --nsg-name moodle-nsg \
  --name AllowSSH --priority 1000 --access Allow \
  --protocol Tcp --direction Inbound \
  --source-address-prefixes $MGMT_CIDR \
  --destination-port-ranges 22

az network nsg rule create \
  --resource-group $RG --nsg-name moodle-nsg \
  --name AllowHTTP --priority 1010 --access Allow \
  --protocol Tcp --direction Inbound \
  --source-address-prefixes '*' \
  --destination-port-ranges 80

az network nsg rule create \
  --resource-group $RG --nsg-name moodle-nsg \
  --name AllowHTTPS --priority 1020 --access Allow \
  --protocol Tcp --direction Inbound \
  --source-address-prefixes '*' \
  --destination-port-ranges 443

az vm create \
  --resource-group $RG \
  --name $VM_NAME \
  --image $IMAGE_ID \
  --size Standard_D2s_v3 \
  --admin-username $ADMIN_USER \
  --ssh-key-values $SSH_KEY \
  --vnet-name moodle-vnet \
  --subnet moodle-subnet \
  --nsg moodle-nsg \
  --public-ip-sku Standard \
  --os-disk-size-gb 64

The command prints a JSON document on success. Note the publicIpAddress value — you will use it in steps 3 and 4.

Step 3: Retrieve Initial Credentials

SSH into the virtual machine using the administrator username you chose above and the public IP address from step 2. The first boot service runs before the SSH daemon becomes ready, so the credentials file is always in place when you log in for the first time.

ssh moodleadmin@<public-ip>
sudo cat /root/moodle-credentials.txt

You will see a plain text file containing the Moodle URL, the administrator username (admin), the administrator password, and the PostgreSQL role, database name, and password. Copy these values somewhere secure (a password manager or encrypted vault). Do not commit them to source control.

If you need to regenerate the credentials later you can do so through the Moodle web interface (step 6) and, for PostgreSQL, with ALTER ROLE moodle WITH PASSWORD '<new>' as the postgres operating system user followed by a matching edit to $CFG->dbpass in /var/www/moodle/config.php.

Step 4: First Login to the Moodle Web Interface

Open a web browser and navigate to the Moodle URL from the credentials file, for example http://<public-ip>/. Moodle redirects the front page to the login form when no session cookie is present.

Enter the administrator username admin and the administrator password from /root/moodle-credentials.txt. Select Log in. On the first successful sign in Moodle records your session and takes you to the administrator dashboard.

Step 5: Administrator Dashboard

The dashboard at /my/ is the starting point for managing your Moodle site. The top navigation bar gives you Dashboard for a personalised view and Site administration for global settings. The Course overview block prompts you to create your first course, and the Timeline block shows upcoming activities. Notifications and messages live in the top right, and the user menu lets you sign out or open your profile and preferences.

To confirm the Moodle release from the shell without opening a browser, run:

sudo -u www-data php /var/www/moodle/admin/cli/cfg.php --name=release

The image ships with Moodle 4.3.12; the command prints the release followed by the branch tag.

Step 6: Change the Administrator Password

For a production deployment rotate the administrator password that was generated on first boot. Select the user menu in the top right of the dashboard (the AU avatar), choose Preferences, then User account → Change password. Enter the current password from /root/moodle-credentials.txt, pick a new one that satisfies the Moodle password policy, and select Save changes.

From the command line the same thing can be done with Moodle's CLI tool:

sudo -u www-data php /var/www/moodle/admin/cli/reset_password.php \
  --username=admin \
  --password='<new-password>' \
  --ignore-password-policy

Step 7: Site Administration

Select Site administration in the top navigation bar and then Plugins to review the components installed on your site. The Plugins overview page lists the activity modules, authentication plugins, enrolment plugins, blocks, filters, themes, and local plugins that ship with Moodle 4.3. Use the Settings link next to each module to tailor behaviour — for example, disable BigBlueButton if you do not run a conference server, or enable the LTI plugin if you are integrating with a third party tool provider.

Other frequently used pages under Site administration include Users → Authentication (manual accounts, email signup, LDAP, SAML2), Courses → Course categories (top level structure), and Server → System paths if you need to point Moodle at a custom ImageMagick binary or similar.

Step 8: Create Your First Course

Select Site administration → Courses → Manage courses and categories, choose a category (Moodle ships with a default Category 1), then select Create new course. The form groups the required fields under General: enter a course full name, a short name (appears in breadcrumbs and headers), and confirm the course category. Use Save and display to create the course and open it, or Save and return to continue administering categories.

From the course page you can add sections, activities (quizzes, assignments, forums, SCORM packages, H5P, Big Blue Button sessions), and resources (files, pages, URLs, books). Use Enrolled users under the course Participants menu to add teachers and students, or set up self enrolment through Course administration → Enrolment methods.

Step 9: Configure Outbound Email (SMTP)

By default Moodle attempts to send mail through the local sendmail binary. For reliable delivery on a cloud virtual machine configure an external SMTP provider (SendGrid, Mailgun, Amazon SES, Microsoft 365, and so on).

Select Site administration → Server → Email → Outgoing mail configuration. Populate the SMTP hosts field with smtp.example.com:587, set SMTP security to TLS, set SMTP authentication type to LOGIN, and enter the SMTP username and password issued by your provider. Set the No-reply address to an address your provider lets you send from, for example no-reply@example.com. Save and then use Site administration → Server → Test outgoing mail configuration to send a test message to your own inbox.

Step 10: Enable HTTPS with Let's Encrypt

For any production Moodle deployment serve the site over HTTPS so session cookies and authentication tokens cannot be intercepted. The image ships with nginx, which certbot can configure automatically.

The following assumes you have a DNS A record pointing your fully qualified domain name (for example moodle.example.com) at the virtual machine's public IP address.

sudo snap install --classic certbot
sudo ln -sf /snap/bin/certbot /usr/local/bin/certbot
sudo certbot --nginx -d <your-domain> \
  --non-interactive --agree-tos -m <your-email> \
  --redirect

After certbot finishes, run sudo -u www-data php /var/www/moodle/admin/cli/purge_caches.php so Moodle rebuilds its theme cache under the new base URL. The dynamic wwwroot detection will automatically pick up the https:// scheme from the browser's request.

Step 11: Backups and Maintenance

Moodle has two data sources that must be backed up together: the PostgreSQL database and the moodledata directory at /var/moodledata (course files, user files, session data, caches).

sudo -u postgres pg_dump -Fc moodle > <backup-dir>/moodle-db-$(date +%F).dump
sudo tar --acls --xattrs -czf <backup-dir>/moodle-data-$(date +%F).tgz -C /var moodledata

Ship both artifacts to Azure Blob Storage, an off site S3 bucket, or another object store of your choice. The Moodle cron timer installed with the image also triggers scheduled course backups if you enable them under Site administration → Courses → Backups → Automated backup setup.

For kernel and package updates, Ubuntu's unattended-upgrades is enabled by default — security patches apply automatically. To install non security upgrades:

sudo apt-get update && sudo apt-get -y upgrade

When a Moodle 4.3 patch release is published (for example 4.3.13) you can upgrade the source tree in place. Replace <new-branch> with the upstream branch you wish to track (commonly MOODLE_403_STABLE):

sudo -u www-data php /var/www/moodle/admin/cli/maintenance.php --enable
cd /var/www/moodle
sudo git fetch origin <new-branch>
sudo git pull origin <new-branch>
sudo -u www-data php /var/www/moodle/admin/cli/upgrade.php --non-interactive
sudo -u www-data php /var/www/moodle/admin/cli/maintenance.php --disable

Step 12: Scaling Beyond a Single Virtual Machine

For larger deployments (hundreds of concurrent users and above) decouple Moodle from the single virtual machine pattern:

• Move PostgreSQL to Azure Database for PostgreSQL Flexible Server and update $CFG->dbhost / $CFG->dbpass in /var/www/moodle/config.php
• Put the Moodle web tier behind Azure Application Gateway or Azure Front Door and scale horizontally with an Azure Virtual Machine Scale Set, with /var/moodledata on Azure Files shared storage
• Offload session storage to Azure Cache for Redis via Moodle's session_handler_class setting
• Push static assets to Azure Blob Storage via the Moodle tool_objectfs plugin

Each of these is documented in the official Moodle admin docs at https://docs.moodle.org/ under "Performance recommendations" and "Multi site Moodle".

Support

cloudimg provides 24/7/365 expert technical support for this image. Guaranteed response within 24 hours, one hour average for critical issues. Contact support@cloudimg.co.uk.

For general Moodle administration questions consult the community forums at https://moodle.org/ and the documentation at https://docs.moodle.org/.