1.3 How to Install Moodle on a Hestia VPS

Moodle has many functions that will not work well on a normal Shared Hosting account. But Moodle will work well on a Virtual Private Server (VPS) provided the VPS has at least 4 GB of RAM. Hestia is rapidly becoming the world’s most advanced free open source VPS control panel. In this article, we will review how to install Moodle on a Hestia VPS.


VPS Assumptions
We assume that you have already gotten a VPS hosting account with at least 4 GB of RAM - and that you or your VPS host have installed a Debian server on the VPS and then installed Hestia CP on your Debian server. If you would like to learn more about this process, visit our separate course and website which goes into great detail about how to install and use Hestia CP on a Debian VPS: https://createyourownvps.com/

As we explained in our prior course, we also assume that you obtained a domain name from your VPS host and that you are using your VPS host as a DNS Manager to properly connect your domain name and website to the Internet. In this article, we will use the domain name localdevtest.com which is hosted on CanHost.ca. Hestia is set up on our VPS server called ns1.localdevtest.com which is managed by the CanHost DNS Manager.

Step 1: Change DNS settings for your domain name to point to your VPS IP address and Hestia Server

If your domain name is hosted on Canhost, they provide a DNS record for it. But this DNS record points to the Canhost IP address rather than our VPS IP address. To change this, log into your Canhost account. Then click on My DNS in the left side menu. Then click on the Edit button to edit the DNS Zone for your domain name. There are 10 records. But only the first four need to be changed:


You need to use your cursor to delete the four Canhost IP addresses. Then you can copy paste your VPS IP address into the boxes. Then click Save Changes.

To get a free Lets Encrypt SSL certificate for your website, you also need to create two CAA records. Click Add Record and choose CAA for the Type. Type in your domain name (example mysite.com) for the Name. Type 0 for the Flag. Type issue for the Tag. Type letsencrypt.org for the Target. Then click Add Record. Then repeat to add a second CAA record using issuewild instead of issue for the Tag. Then click Save Changes.

Step 2 Create a New Hestia User
Log into your Hestia Admin Control Panel and create a new Hestia user. In our example, the new user is called course0.


Add a secure password. Then click Save and Back. Then log out of the Hestia Admin Panel and log into the course 0 Hestia User Panel.


Step 3 Add a New Web Domain
Click Add Web Domain. Then type in the domain name of your website and the IP address of your VPS. Also click Create DNS Zone and click Enable mail for this domain in order to set up custom email addresses such as This email address is being protected from spambots. You need JavaScript enabled to view it..


Then click Save and Back.


Select the domain name and click on the pencil to edit the domain name. Check Enable SSL and Use Let’s Encrypt.


Then click on Back and click on the Up arrow to visit the website:


The default website has https and a lock. Close the default website.

Step 4 Use Hestia to Create a Database
The website has 16 DNS records and an email domain. But it does not yet have a database.


Since Moodle needs, a database, click on DB. Then click Add Database. In our example, we will call it db1 with the full Database name being course 0_db1.

Also click on Database Advanced Options and change the Charset to utf8mb4.


Step 4 Create a Custom Moodle Back end Template

By default, Hestia uses a special version of Apache server called PHP-FPM to display websites. Each website is assigned a front end template and a back end template by Hestia. These templates can be changed in the Hestia User website edit Advanced settings. There is no need to create a special back end template when creating a Joomla website. However, Moodle has some bad coding that may create a conflict with Line 20 of the Hestia PHP-FPM back end template during installation.

We could just change Line 20 in the default PHP-FPM back end template. However, any changes we make might be overwritten during a Hestia Update. Therefore, we should first create a Custom Moodle Backend Template and then change our website Advanced settings to use the custom Moodle PHP-FPM template rather than the default template.

Editing certain files may not be possible with the Hestia file manager. We are therefore better off starting an SSH session. First, change the prompt to the Hestia PHP-FPM template folder by copy pasting this command.

cd /usr/local/hestia/data/templates/web/php-fpm

There are four templates in this folder. To see them, type


The default template is called default.tpl. To create a copy of this template, copy paste this into the terminal:

cp default.tpl moodle-default.tpl

Then to edit the new moodle template, copy paste:

nano moodle-default.tpl

Use the down arrow to go down to Line 20 and add a forward slash and colon /: to change the beginning of Line 20 from:

php_admin_value[open_basedir] = /home/%user%/web/%domain%/public_html


php_admin_value[open_basedir] = /:/home/%user%/web/%domain%/public_html

Be careful to leave the rest of Line 20 unchanged. The save and close the new moodle template file. Then type exit to close the SSH session and go to your Hestia User account. Open your moodle domain and click Advanced. Then use the drop down arrow to change the Backend Template from Default to Moodle-Default:


Click Save and Back. Then log out of your Hestia User account and into your Hestia Admin account. Click Settings. Then restart php7.4-fpm.

Important Note on why we need to create a custom Moodle Back End Template
In adding the root folder / to the list of permitted open_basedir folders, we have just created a security problem in that a user may be able to access files which they should not be permitted to access. We are basically defeating the purpose of the open_basedir function - which is to limit user access to only a certain list of files. However, if we do not take this step, the following error may appear during the Moodle Installation process:

Warning: is_readable(): open_basedir restriction in effect. File(/db/renamedclasses.php) is not within the allowed path(s)

This warning is misleading because there is no folder named db and no file named renamedclasses.php. However this folder and file have been called during the installation to rename classes that have not existed in Moodle for many years. The default Hestia back end template line 20 properly recognizes this error and refuses to allow access to this file that actually does not exist.

The best solution to this problem is to temporarily allow Moodle access to all files during the installation process. Sadly, this change of adding / to open_basedir can not be made by a Hestia User. It can only be made by a Hestia administrator. This is because Hestia does not trust users who may inadvertently not only bring down their own Hestia account, but also the entire Hestia VPS. In addition, Hestia users are not allowed to restart PHP-FPM. This also can only be done by a Hestia administrator. However, this only needs to be done one time after creating the Moodle back end template so it will appear as an option for all Hestia users.

What users can do is change the assignment of their website back end template from the default template to any other template set up by the Hestia administrator. Therefore, if you are the administrator of a VPS with a user who wants to install Moodle, you need to advise them to switch from the default back end template to the Moodle back end template before attempting to install Moodle. Also advise them to switch back to the default template once the installation is completed.

They should also be aware that this Moodle warning may reappear during a Moodle Update or when installing some Moodle Plugins. Should the error occur in the future, they should switch back to the Moodle back end template, complete the update, and then switch back to the default template. This is only one of many challenges of installing and running a Moodle website.

Sadly, Moodle has suffered from this security problem for many years. This issue was described in this moodle link:


and these moodle forum posts from 2013 and 2015:



See also 2016 to 2018 moodle efforts to solve this problem:


Also see this moodle tracker file explaining that the file in question was removed in moodle version 3.10 which is why the file can no longer be found:


However, this problem still exists in Moodle 4.0:


The plan is to remove this bad code along with 7 other sections of bad code by Moodle version 4.4


This Moodle security fix may occur sometime in the next year or two. Or it may not. The real problem is that Moodle is an extremely complex application with extremely complex code. All of the features provided by Moodle make it a coders nightmare.

The settings in the Hestia Control Panel are intended to promote a maximum level of security. This security is triggered when it runs into bad code. This is why leaders on the Moodle forum advocate turning off open_basedir restrictions permanently. In response, many Control Panels, such as Cpanel, have a button to turn off open_basedir. Hestia does not have this button.

My own experience, based on nearly 30 years of helping people set up educational and business websites, is that we are living in a Hacker Heaven. Your VPS and or Moodle website will likely be attacked within minutes of going online. Any security hole in your VPS or Moodle website will eventually be exploited by hackers. It is extremely painful to see a website you have spent years building be destroyed by hackers in a matter of minutes. This is why I advocate for only using the Moodle template when there is no other option - and then switching back to the default Hestia back end template when the installation or update is completed. Thankfully, Hestia makes the process of switch templates very easy.

Step 6 Use the Hestia File Manager to Add Moodle
Go to the Moodle downloads page to download the latest version of Moodle. https://download.moodle.org/releases/latest/

Download the Weekly build zip file. 74 MB. Then go back to Hestia and click on Files, web, your-domain-name, public_html.


Click Add Files to add the moodle zipped file.


Click on the 3 dots to the right of the moodle zipped file and click Unzip. This will create a folder called moodle with the moodle files and folders in it. To move these files and folders to the root public_html folder, open the moodle file. Then click at the box on the top to select all files and folders. This will bring up a hidden option called Move.


Then click Move. This will bring up the Select Folder screen. Click on the plus sign to the left of web. Then the plus sign for your domain name. Then click on public_html (not the plus sign). This will move all of the files. Go back to the public_html folder:


Now that we have our files in the root folder, scroll down and click on the three dots to the right of the moodle folder and delete it. Then scroll down and click on the three dots to the right of the moodle-latest zip file. Then click Delete. Then click on the three dots to the right of the index.html file to rename it old-index.html.


Step 7 Use the Hestia File Manager to Create a Moodle Data Folder
Moodle needs to have a special folder called the moodledata folder. For security reasons, this folder cannot be in the public-html folder but instead needs to be in a private folder located in the domain-name folder. Hestia has already created the private folder. Here we will create a moodledata folder in the Hestia private folder. Still in the Hestia File Manager, click on the domain name folder and click on the private folder. Then click New to create a folder called moodledata.


Here it is.


What’s Next?
We will continue to leave the Hestia User Account open in one browser (where we will not clear the cache – which would log us out of Hestia). Then in the next article, we will open a new browser, clear the cache and use the Moodle Installer together with our Hestia Control Panel browser, to complete several additional installation steps.