cat .env.dev > .env
variable name | value | description |
---|---|---|
DEBUG | True or False | Set to True while developing and False in production. |
SSL_CERT_PATH | unix path like '/some/path' | Path to SSL certificate file |
SSL_KEY_PATH | unix path | Path to SSL private key |
LTI13_CLIENT_ID | unique string | Client id generated by Moodle after setting up LTI 1.3 tool |
LTI13_ENDPOINT | URL path | Path to tool's JWKS |
LTI13_AUTHORIZE_URL | URL path | Path to tool's authorization redirect URL |
LTI13_TOKEN_URL | URL path | Path to tool's token endpoint |
JUPYTERHUB_CRYPT_KEY | a random 64 bytes key | Secret key applied to encrypt users' data in auth_state Cookie. You can generate a new one using openssl rand -hex 64 |
MOODLE_API_URL | URL path | URL of your Moodle used to accessing API and sending grades using LTI 1.3 |
MOODLE_API_TOKEN | unique string | Unique API token generated to accessing Moodle web service. |
See official page.
Moodle web service is a way to access Moodle API. Go to:
https://<your_moodle_domain>.com/admin/category.php?category=webservicesettings
We use REST API to obtain courses and user data to synchronize the Jupyterhub server with Moodle database. Read moodle.client documentation to know how to communicate with Moodle database.
- Enable REST protocol, create a specific user to access your moodle API.
- Log in as the API user and agree with Moodle Policy.
- Create external service (for instance, rest_api_service).
- Add functions to the new service going to
Site administration / Plugins / Web services / External services / Functions
- Current list of the required functions is available via MoodleClient.functions attribute:
core_course_get_courses, core_enrol_get_enrolled_users
- Create a token for the REST API user. Paste it to the .env file as shown:
MOODLE_REST_API_TOKEN=your_token
- Ensure that the Moodle instance is published as LTI Tool
Read the complete guide to set up web services on the official Moodle documentation.
You are encouraged to read complete LTI 1.3 specification to understand all underlying caveats and reasons LTI 1.3 designed that way. But for now, you can follow this guide to go with the default configuration.
- Go to
Site administration / Plugins / Activity modules / External tool / Manage tools
- Click on
configure a tool manually
- Create an external tool
- Tool name: can be whatever you want since it's only visible to the Moodle administrators
- Tool URL: a base URL of your Jupyterhub server such as https://jupyterhub.somewhere.edu. Make sure using https:// scheme.
- LTI version: choose LTI 1.3
- Public key type: choose RSA key
- Public key: paste the content of the public certificate from the Jupyterhub server (usually has .crt extension)
- Initiate login URL: /hub/oauth_login endpoint. Such as https://jupyterhub.somewhere.edu/hub/oauth_login
- Redirection URI(s): /hub/oauth_callback endpoint. Such as https://jupyterhub.somewhere.edu/hub/oauth_callback
- In the services section, select:
- IMS LTI Assignment and Grade Services: Use this service for grade sync and column management
- IMS LTI Names and Role Provisioning: Use this service to retrieve members' information as per privacy settings
- Tool Settings: Use this service
- In the privacy section, set all values to Always and activate checkbox Force SSL.
Navigate to your course and select Turn Editing on from the settings context menu. Select Add an activity or resource.
In the Add an activity or resource form, add:
-
Activity Name
-
Select the external tool that you've just created from the Preconfigured Tool dropdown
-
Select New Window from Launch container.
Click on the Save and return to course or Save and display button to complete the tool's setup.
On the server, cd to the project directory, then run:
. deploy.sh
The command will create a new docker container with the Jupyterhub server. Be sure that you set required environment variables from the first step.