Hi friends,
it’s time for another app release.
Moodle is a web learning platform.
New Features: New features - MoodleDocs
Moodle release notes: Moodle 4.5.2 | Moodle Developer Resources
Moodle documentation: MoodleDocs
App documentation: GitHub - mrmarkuz/ns8-moodle
Todo:
Feel free to test and share your feedback.
I think there is an issue with Moodle not being able to access the ports for mail server on ns8 due to the nature of rootless containers which prevents the use of outgoing SMTP connections in Moodle settings, maybe it’s just myself that is having that issue but not sure of the solution
if I remember correctly rootless containers don’t have permission to bind to low ports (<1024) directly.
Possible solution have the port set to higher port on container and have systemd listen on port 465 and forward to the container’s higher port
something like
imageroot/systemd/user/moodle-smtps.service:
[Unit]
Description=User-level SMTPS Proxy for Moodle (1465->465)
After=default.target
[Service]
# Forwards local port 1465 to the Podman container's port 465
ExecStart=/usr/bin/socat TCP-LISTEN:1465,reuseaddr,fork TCP:localhost:465
Restart=always
[Install]
WantedBy=default.target
although I’m not sure if that would work permission wise
wouldnt it be best to use the builtin module mail function, if moodle does support env for emails…
I wasn’t able to get mail working from moodle, I tested via the lost password option at login. I’m going to test some more…
The local mail server should be reachable via the VPN IP, usually 10.5.4.1.
Yes and it should support it (see bitnami-docker-moodle/README.md at master · ceefour/bitnami-docker-moodle · GitHub) but it didn’t work in my tests.
Yes — if you tried to use environment-based mail configuration in your rootless Podman container and it failed, the most likely reason is that Moodle was still trying to connect to a low-numbered port (like 465 or 25), which it cannot do without elevated privileges. So it would work if it was a root full pod but that would defeat the purpose ← paraphrased from my really early notes so might have changed
My original notes if they help
Why This Happens
• Ports below 1024 (e.g. 25 for SMTP, 465 for SMTPS, 587 for submission) are privileged ports.
• Rootless containers (like in NethServer 8) run as an unprivileged user by design, so they cannot bind to or connect to these ports directly on the host unless:
• The destination is reachable externally (i.e. not localhost).
• Or the container has elevated capabilities (which defeats the purpose of rootless).
⸻
Environment Variables Alone Don’t Solve Port Binding
Setting something like:
MOODLE_SMTP_HOST=smtp.example.com
MOODLE_SMTP_PORT=465
MOODLE_SMTP_USER=username
MOODLE_SMTP_PASS=secret
…only tells Moodle where to connect, but the underlying container process still needs permission to make that connection. If the mail server is on localhost:465 (host-side), a rootless container cannot connect unless:
1. The target is a non-privileged port (>1024), or
2. You forward a high port (like 1465) → 465 using socat or similar.
I forget where I originally got the information (maybe chat gtp or forum post probably using chat gtp)
Yes, it’s not possible by default to bind to a non-privileged port but it’s possible to reach such port.
You can test it for example by installing telnet in the moodle-app container…
apt update
apt install telnet
…and connect to the local mail server:
telnet 10.5.4.1 25