It is possible to configure a MoodleBox to make it accessible directly from the Internet, provided that you have very good knowledge in system administration.
The MoodleBox was not designed to provide a Moodle platform permanently accessible from the Internet, as it is usually the case with a Moodle server. However, for specific use cases, this feature may be useful.
The MoodleBox is built on a low-performance computer. It could quickly be overloaded and become very slow, or even totally frozen in the event of a massive amount of visitors.
The availability of a MoodleBox on the web implies significant security risks. In particular, the server can be attacked and made unusable by various means. Change all MoodleBox passwords before making these modifications.
The operations described on this page may render your MoodleBox unusable, requiring the complete wiping of the SD card and the loss of all data (course contents, installed plug-ins, custom configurations, etc.). Do this only if you know exactly what you are doing. In any case, no support is provided on this subject.
We accept no responsibility for any direct or indirect damage caused by the use of the MoodleBox, in particular following a change in configuration in order to expose the MoodleBox on the Internet.
The following items are required to make your MoodleBox accessible from the Internet:
- a valid domain name, for which you have the administrative rights, e.g.
- a fixed IP address or a functional dynamic DNS configuration;
- the MoodleBox must be connected to your network or router using an Ethernet cable.
This documentation does not explain how to manage a domain name, how to obtain a fixed IP address, or how to configure a dynamic DNS. Please refer to your Internet service provider for more information.
How to proceed
Step 1 - Change the domain name of your MoodleBox
Read the related documentation page. Specify the domain name for which you have administrative rights. It is also possible to use a subdomain, for example:
This step is crucial, as it configures domain name masquerading, which is required for Moodle to work properly.
Step 2 - Allow web traffic to the MoodleBox
As a security measure, only your router is visible from the Internet; no device on your local network can be reached. It is therefore necessary to configure your router so that it transmits to your MoodleBox the web traffic that arrives to it.
The necessary actions must be performed on your router. Consult the documentation provided by your service provider. Due to the diversity of hardware installed among users, no support can be provided for the configuration of your router. Do only make such changes if you really know what you are doing.
- Identify the public IP address of your router, for example
- Identify the private IP address given to your MoodleBox by your router, for example
192.168.1.226, using the
hostname -Icommand on your MoodleBox.
- In your router, permanently assign this address to your MoodleBox (not mandatory, but recommended).
- In your router, redirect web traffic from port 80 (http) to the MoodleBox (port forwarding). If you want to administer your MoodleBox from the Internet, also redirect port 22 (ssh).
Step 3 - Configure the domain name server
At your domain name provider, associate the public address of your router, for example
184.108.40.206, with the desired domain name, for example
learn.example.com. Refer to the documentation provided by your domain name provider.
If you do not have a fixed IP address, configure the dynamic DNS.
Step 4 - Strengthen security
This step is not required. However is very highly recommended.
- Change all MoodleBox passwords, using strong passwords:
- using the MoodleBox dashboard for the main password and the Wi-Fi password,
- via the administrator user account profile in Moodle.
- Enforce hard passwords for all Moodle user accounts.
- Install fail2ban on your MoodleBox. This software allows to block some systematic attacks against servers exposed on the Internet.
- Enable HTTPS on the nginx web server of the MoodleBox, using e.g. LetsEncrypt certificates. In this case, don’t forget to redirect port 443 (https) traffic to your router (see above).