Installing Totara
  • 10 Jun 2024
  • 6 minutes to read

Installing Totara


Article summary

Choosing an environment

Information on the supported environment can always be found in code in the readme.md file. It can also be found in System server requirements documentation.

We strongly recommend that all production sites follow our recommended environments where possible.

Production sites should be installed from scratch rather than being cloned from a database backup of another site.

Preparing your environment

Operating system

If you are intending to use Totara in multiple user languages you should ensure that the server has been properly configured with the correct locales. This is important in order to ensure that dates, numbers, and currency data is displayed correctly for the user's selected language. See the developer documentation for more information on server locales.

Ensure your server has been properly secured for a production environment. Refer to your operating system's provider for information on how to best achieve this.

Database

Totara supports a number of different databases. Selecting a database is a vitally important step in setting up your Totara installation. We cannot tell you which to choose, nor which is better than the rest. How you intend to use and scale your database, and your knowledge of it will have a bigger impact than most other factors.

If you are unsure which to choose we recommend PostgreSQL as it delivers good performance out of the box without requiring tuning.

MySQL

If you want to use MySQL, we recommend that you use MySQL 8 or greater, due to its improved support for multilingual content in Totara. 

We strongly recommend that you use a case-sensitive, accent-sensitive collation (which MySQL 5.7 does not support). We also recommend a 4-byte-compatible character set (utf8mb4) to ensure full support for characters such as emojis.

MySQL must be using the Barracuda file format. To create your database:

CREATE DATABASE {dbname} DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_as_cs;

For security we recommend you use a dedicated database user who has access just to the Totara database.

MariaDB

There is no case-sensitive, accent-sensitive collation available for MariaDB. If this is likely to be an issue for you, we recommend that you consider MySQL 8 or greater instead.

MySQL must be using the Barracuda file format. To create your database:

CREATE DATABASE {dbname} DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;

For security we recommend you use a dedicated database user who has access just to the Totara database.

PostgreSQL

To create your database:

createdb -E utf8 {dbname}

For security we recommend you use a dedicated database user who has access just to the Totara database.

If you are running PostgreSQL 14.0 or 14.1, the enable_memoize setting must be turned off.

MSSQL

If you are installing Totara as a sysadmin then your database user must have permission to alter server settings:

ALTER SETTINGS(SERVER)

Full text search must be enabled; see Full text search in MSSQL Server [LINK]. 

For security, we recommend you use a dedicated database user who has access just to the Totara database. Alternatively you can install Totara as a non-sysadmin user using the following SQL:

-- First create a new user, change username and password to match your requirements

CREATE LOGIN testuser

    WITH PASSWORD = 'TestUser1';

GO

 

-- Now make sure this user can install the site, ALTER SETTINGS permissions is needed for this

USE master;

 

GRANT ALTER SETTINGS TO testuser;

 

-- For the database (substitute with the database name of your choice)

-- create a login for the user and make sure he has the permissions needed

USE totara_13;

 

CREATE USER testuser FOR LOGIN testuser;

 

-- Make sure the user can create tables, read and write data

ALTER ROLE db_ddladmin ADD MEMBER testuser;

ALTER ROLE db_datareader ADD MEMBER testuser;

ALTER ROLE db_datawriter ADD MEMBER testuser;

 

-- Create a custom role

CREATE ROLE db_totara;

 

-- This is needed to view any definition created by Totara

GRANT VIEW DEFINITION TO db_totara;

 

ALTER ROLE db_totara ADD MEMBER testuser;

 

GO

After Totara is installed the following SQL will ensure Totara is fully usable without sysadmin privileges:

-- Take away the ALTER SETTINGS permission, it's not needed anymore

USE master;

 

REVOKE ALTER SETTINGS TO testuser;

 

USE totara_13;

 

-- Make sure the user role has access to Totara's custom stored procedures

GRANT EXECUTE ON dbo.GROUP_CONCAT_D TO db_totara;

GRANT EXECUTE ON dbo.GROUP_CONCAT_S TO db_totara;

GRANT EXECUTE ON dbo.GROUP_CONCAT_DS TO db_totara;

GRANT EXECUTE ON dbo.GROUP_CONCAT TO db_totara;

 

GO

Web server

Totara is a web-based application and relies upon a web server to operate. Totara is officially supported when run via Apache, IIS and Nginx.

Totara source code contains a server directory. The web server needs to be configured to serve this directory and its children only.

The structure of the code base changed between Totara 12 and Totara 13. It is important that your web server serves the server directory only. It is a security concern if your web server is configured to serve the top-level source code directory as that exposes more information than is intended.

When configuring the web server we recommend you harden it following the best practices for your chosen web server. The following points can serve as a guide for Totara best practice for production sites:

  • Disable directory listings
  • Disable serving of the following directories:
    • /server/**/tests/
    • /server/**/amd/
    • /server/**/templates/
    • /server/**/classes/
  • Disable serving of the following file types:
    • /server/*/.txt (access should only be allowed to checknet.txt)
    • /server/*/.md
    • /server/*/.xml
    • All files starting with "."
  • Disable serving of the following files:
    • /server/package.json
    • /server/package-lock.json
  • Ensure errors are being written to a known log file location. If you experience any problems and seek support they will often ask you to check the web server error logs.

If you are using Apache + mod_php, CGI, or PHP-FPM, and intend to use the Totara Mobile app then you will need to additionally add the following directive to your VirtualHost entry for the site in order for Apache to correctly pass the authentication headers required by the mobile app:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
If you are using Apache + mod_php, CGI, or PHP-FPM we recommend you add the following directives to your Apache VirtualHost entry to ensure that these headers are preserved:
SetEnvIf Content-Type "(.*)" HTTP_CONTENT_TYPE=$1
SetEnvIf Accept "(.*)" HTTP_ACCEPT=$1
Information on the required PHP environment can be found on the server system requirements page.

Data directory

Totara requires access to a data directory in which to store user data, cache files, temporary files etc. This directory must be readable and writable by the web server user.

In a horizontally scaled environment all web servers must have access to the data directory. It must be shared by them.

Installing Totara

Getting the code

The Totara code is available for Totara Alliance Partners only. We provide access to the source code via a GIT version control repository.

To access the code you will need to have your ssh public key added to our git server. For any assistance with this please file a ticket with the support desk.

For the main Totara code:

git clone ssh://git@code.totaralms.com/totara-txp.git

For the Totara Mobile app code:

git clone ssh://git@code.totaralms.com/totara-mobile.git

CLI installation

We strongly recommend that installation and upgrade be completed through the command line interface.

This command must be run as the web user (in this case www-data):

sudo -u www-data php server/admin/cli/install_database.php --agree-license --adminpass=mypassword123

There are a number of other optional arguments that can be provided to minimise post-install setup:

--lang=CODE           Installation and default site language. Default is en.

--adminuser=USERNAME  Username for the admin account. Default is admin.

--adminemail=STRING   Email address for the totara admin account.

--fullname=STRING     Name of the site

--shortname=STRING    Name of the site

Once the CLI install is finished you can go to the site homepage and log in using the admin credentials for further setup.

Web installation

Web installation can be performed by navigating to the wwwroot that was set in the config.php file and following the on-screen instructions. 

Essential configuration

Below is an example of a minimal config.php file which should be present in the top-level folder. There is a lot of optional config that can be added - see the config.example.php file in the top-level folder.

<?php

$CFG = new stdClass();

$CFG->wwwroot = 'http://mytotara.com';

$CFG->dirroot = '/var/www/totara/htdocs/server';

$CFG->dataroot = '/var/sitedata/totara';

$CFG->directorypermissions = 00777; // try 02777 on a server in Safe Mode

 

$CFG->dbhost = 'localhost';

$CFG->dbtype = 'pgsql';

$CFG->dbuser = 'dbuser';

$CFG->dbpass = 'dbpass';

$CFG->dbname = 'totaradb';

 

$CFG->prefix = 'ttr_';

 

$CFG->forceflavour = 'learn_engage';

The following options are available for the forceflavour config, depending on which combination of products the site will be using:

  • learn
  • engage
  • perform
  • learn_perform
  • learn_engage
  • perform_engage
  • learn_perform_engage

In addition, if you wish to use flavours then you can find more information on this in our developer documentation.

Next steps

Can't find what you're looking for? Contact us at documentation@totara.com. Alternatively, book a call to have a chat about your Totara platform with a dedicated Customer Success Manager.

© Copyright 2024 Totara Learning Solutions. All rights reserved.

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.