Differenze tra le versioni di "LimeSurvey/Technical documentation"
Jump to navigation
Jump to search
E-mail
(→Filesystem: +/var/www/limesurvey/production/upload/themes/survey/generalfiles) |
m (Fixes phabricator:T329430) |
||
| (13 versioni intermedie di 3 utenti non mostrate) | |||
| Riga 1: | Riga 1: | ||
| − | {{Server| | + | {{Server|intreccio}} |
Brief documentation for system administrators of the [[LimeSurvey]] instance in [https://www.wikimedia.it/ Wikimedia Italia]. | Brief documentation for system administrators of the [[LimeSurvey]] instance in [https://www.wikimedia.it/ Wikimedia Italia]. | ||
== Server access == | == Server access == | ||
| + | |||
| + | <s>ssh fabula.wikimedia.it</s> | ||
<pre> | <pre> | ||
| − | ssh | + | ssh intreccio.wikimedia.it |
</pre> | </pre> | ||
| Riga 14: | Riga 16: | ||
== Overview == | == Overview == | ||
| − | < | + | The LimeSurvey application is just a PHP/MySQL application served by Apache <code>mod_php</code>. |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | </ | ||
| − | |||
| − | |||
== Filesystem == | == Filesystem == | ||
| Riga 36: | Riga 24: | ||
The while application is world-readable apart from the file <code>config-secret.php</code> and the directory for PHP sessions. | The while application is world-readable apart from the file <code>config-secret.php</code> and the directory for PHP sessions. | ||
| − | + | Before any update: | |
| + | |||
| + | <pre> | ||
| + | LIME=/var/www/limesurvey/production/ | ||
| + | chown www-data: -R "$LIME" | ||
| + | </pre> | ||
| + | |||
| + | After any update, harden the application: | ||
<pre> | <pre> | ||
| − | # to upload new logo from the backend interface | + | LIME=/var/www/limesurvey/production/ |
| − | + | ||
| + | # make the whole application read-only for everyone | ||
| + | chown root: -R "$LIME" | ||
| + | |||
| + | # allow to upload new logo from the backend interface | ||
| + | chown www-data: "$LIME"/upload/themes/survey/generalfiles | ||
# generic temporary directory for PHP | # generic temporary directory for PHP | ||
| − | + | chown -R www-data: "$LIME"/tmp | |
| + | chmod -R o= "$LIME"/tmp | ||
| − | # | + | # user uploads |
| − | + | chown -R www-data: "$LIME"/upload | |
| − | |||
| − | + | # user configuration (required by installation wizard) | |
| − | + | chown -R www-data: "$LIME"/application/config | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
</pre> | </pre> | ||
| Riga 95: | Riga 88: | ||
lrwxrwxrwx 1 root root 77 21 feb 19.44 config.php -> /etc/wmit-infrastructure/servers/fabula/projects/limesurvey/public-config.php | lrwxrwxrwx 1 root root 77 21 feb 19.44 config.php -> /etc/wmit-infrastructure/servers/fabula/projects/limesurvey/public-config.php | ||
... | ... | ||
| + | </pre> | ||
| + | |||
| + | == Dependencies == | ||
| + | |||
| + | <pre> | ||
| + | apt install -y php-zip php-imap php-gd | ||
</pre> | </pre> | ||
| Riga 111: | Riga 110: | ||
LimeSurvey configuration: | LimeSurvey configuration: | ||
| − | nano [[phabricator:diffusion/WIIN/browse/ | + | nano [[phabricator:diffusion/WIIN/browse/main/servers/fabula/projects/limesurvey/public-config.php|/var/www/limesurvey/production/application/config/config.php]] |
Apache configuration: | Apache configuration: | ||
| − | nano [[phabricator:diffusion/WIIN/browse/ | + | nano [[phabricator:diffusion/WIIN/browse/main/servers/fabula/projects/limesurvey/apache2/it-wikimedia-survey-ssl.conf|/etc/httpd/sites-enabled/it-wikimedia-survey-ssl.conf]] |
| − | nano [[phabricator:diffusion/WIIN/browse/ | + | nano [[phabricator:diffusion/WIIN/browse/main/servers/fabula/projects/limesurvey/apache2/it-wikimedia-survey-txt.conf|/etc/httpd/sites-enabled/it-wikimedia-survey-txt.conf]] |
PHP-FPM configuration: | PHP-FPM configuration: | ||
| − | nano [[phabricator:diffusion/WIIN/browse/ | + | nano [[phabricator:diffusion/WIIN/browse/main/servers/fabula/projects/limesurvey/php-fpm/9002-limesurvey.conf|/etc/opt/rh/rh-php73/php-fpm.d/9002-limesurvey.conf]] |
To publish whatever change in Wikimedia Phabricator please run this: | To publish whatever change in Wikimedia Phabricator please run this: | ||
| Riga 129: | Riga 128: | ||
== Log == | == Log == | ||
| − | |||
| − | |||
| − | |||
| − | |||
Generic Apache error log: | Generic Apache error log: | ||
| − | tail -f /var/log/ | + | tail -f /var/log/apache2/error.log |
Generic Apache access log: | Generic Apache access log: | ||
| − | tail -f /var/log/ | + | tail -f /var/log/apache2/access_log |
== Service == | == Service == | ||
| Riga 229: | Riga 224: | ||
</pre> | </pre> | ||
| − | + | Created with: | |
| − | + | <pre> | |
| + | # copy a password | ||
| + | pwgen 40 | ||
| − | + | # create database | |
| − | + | mysql | |
| + | CREATE DATABASE limesurvey; | ||
| + | CREATE USER limesurvey@localhost IDENTIFIED BY '<omissis>'; | ||
| + | GRANT ALL PRIVILEGES ON limesurvey.* TO limesurvey@localhost; | ||
| − | + | quit | |
| + | </pre> | ||
== E-mail == | == E-mail == | ||
| Riga 246: | Riga 247: | ||
See [[Associazione:Mail/Caselle tecniche|technical addresses]]. | See [[Associazione:Mail/Caselle tecniche|technical addresses]]. | ||
| − | == | + | == Automatic update == |
| − | + | Just visit this page: | |
| − | + | https://survey.wikimedia.it/index.php/admin/update | |
| − | + | If the key is not valid anymore, copy and paste this page to request another one and have more than 120 updates: | |
| + | |||
| + | * [[Microgrant/2021/Supporto WMI-LimeSurvey]] | ||
| + | |||
| + | After the update see [[#Logo]]. | ||
| + | |||
| + | == Manual update == | ||
| + | |||
| + | # backup files | ||
| + | # backup database | ||
| + | # see [[#Filesystem]] to remove hardening | ||
| + | # now: | ||
| + | ## Option 1 without command line | ||
| + | ### You can use the ComfortUpdate from the web interface (but you need to pay the license - that is good to support LimeSurvey) | ||
| + | ## Option 2 with command line | ||
| + | ### see [[#Deploy]] | ||
| + | ### update the database: | ||
| + | ###: <code>su www-data -s /bin/bash --command='php /var/www/limesurvey/production/application/commands/console.php updatedb'</code> | ||
| + | # see [[#Filesystem]] to restore hardening | ||
| + | |||
| + | Notes: | ||
| + | |||
| + | * to see the new version online you can just replace the symbolic link at <code>/var/www/limesurvey/production</code>. | ||
| + | * remember to copy the <code>/application/config</code> inside your new version (both config.php and secret.php) | ||
Then follow the official guide. | Then follow the official guide. | ||
https://manual.limesurvey.org/upgrading_from_a_previous_version | https://manual.limesurvey.org/upgrading_from_a_previous_version | ||
| + | |||
| + | After the update see [[#Logo]]. | ||
== Security == | == Security == | ||
| − | + | * [[Infrastruttura#Sicurezza]] | |
| + | * [[phabricator:T275574]] | ||
| + | |||
| + | == Deploy == | ||
| + | |||
| + | <pre> | ||
| + | # info | ||
| + | latest_stable=https://download.limesurvey.org/lts-releases/limesurvey3.25.17+210309.zip | ||
| + | version=3.25.17 | ||
| + | |||
| + | # download | ||
| + | mkdir -p /var/www/limesurvey | ||
| + | cd /var/www/limesurvey | ||
| + | wget "$latest_stable" -O stable.zip | ||
| + | |||
| + | # checks | ||
| + | sha256sum stable.zip | ||
| + | # e528de65e48bb30ccfa581f975d9e989b9eb3ee1b65ab43aa80ef7e02b713b65 stable.zip | ||
| + | md5sum stable.zip | ||
| + | # 492d553ed00911b8c0e7ccfb45be0830 stable.zip | ||
| + | du stable.zip | ||
| + | # 77052 stable.zip | ||
| + | |||
| + | # extract | ||
| + | apt install --yes unzip | ||
| + | unzip stable.zip | ||
| + | rm stable.zip | ||
| + | |||
| + | # give a meaningful name | ||
| + | mv limesurvey limesurvey-"$version" | ||
| + | |||
| + | # create symlink | ||
| + | ln -fs limesurvey-"$version" production | ||
| + | |||
| + | # create temporary locations | ||
| + | mkdir -p tmp | ||
| + | chown www-data: tmp | ||
| + | chmod 770 tmp | ||
| + | </pre> | ||
| + | |||
| + | Now see [[#Filesystem]] and [[#Database]]. | ||
| + | |||
| + | Also see [[#Logo]]. | ||
| + | |||
| + | == Logo == | ||
| + | |||
| + | You may need to change a couple of lines in this configuration file to change the logo: | ||
| − | + | <pre> | |
| + | /etc/apache2/sites-enabled/it-wikimedia-survey-ssl.conf | ||
| + | </pre> | ||
| + | |||
| + | Here the lines: | ||
| + | |||
| + | <pre> | ||
| + | # | ||
| + | # Update the logo | ||
| + | # | ||
| + | # https://commons.wikimedia.org/wiki/File:WikiSurvey_Logo_(lettering).svg | ||
| + | # | ||
| + | # https://phabricator.wikimedia.org/T275919 | ||
| + | # | ||
| + | # cd /var/www/limesurvey/wmi-images/ | ||
| + | # wget "https://upload.wikimedia.org/wikipedia/commons/thumb/0/03/WikiSurvey_Logo_(lettering).svg/350px-WikiSurvey_Logo_(lettering).svg.png" | ||
| + | # | ||
| + | # ↓ CHANGE THIS | ||
| + | Alias /tmp/assets/369bd233/survey_list_header.png /var/www/limesurvey/wmi-images/350px-WikiSurvey_Logo_(lettering).svg.png | ||
| + | Alias /tmp/assets/11637359/logo.png /var/www/limesurvey/wmi-images/350px-WikiSurvey_Logo_(lettering).svg.png | ||
| + | </pre> | ||
| + | |||
| + | After you have done, just reload apache: | ||
| + | |||
| + | <pre> | ||
| + | apachectl graceful | ||
| + | </pre> | ||
== Phabricator == | == Phabricator == | ||
* [[phabricator:search/query/EefnawXAoEzx/#R|phabricator:search]] - search recent activity | * [[phabricator:search/query/EefnawXAoEzx/#R|phabricator:search]] - search recent activity | ||
| − | * [[phabricator:diffusion/WIIN/browse/ | + | * [[phabricator:diffusion/WIIN/browse/main/servers/fabula/projects/limesurvey/]] - public configuration |
| + | |||
| + | [[Categoria:LimeSurvey]] | ||
| + | [[Categoria:Documentazione tecnica|LimeSurvey]] | ||
Versione attuale delle 20:47, 13 feb 2023
_(4).jpg)
Pagina legata al server
⚙️ intreccioBrief documentation for system administrators of the LimeSurvey instance in Wikimedia Italia.
Server access
ssh fabula.wikimedia.it
ssh intreccio.wikimedia.it
To request access:
Overview
The LimeSurvey application is just a PHP/MySQL application served by Apache mod_php.
Filesystem
The whole application is in read-only (writable only by root) apart from some temporary locations and the upload directory.
The while application is world-readable apart from the file config-secret.php and the directory for PHP sessions.
Before any update:
LIME=/var/www/limesurvey/production/ chown www-data: -R "$LIME"
After any update, harden the application:
LIME=/var/www/limesurvey/production/ # make the whole application read-only for everyone chown root: -R "$LIME" # allow to upload new logo from the backend interface chown www-data: "$LIME"/upload/themes/survey/generalfiles # generic temporary directory for PHP chown -R www-data: "$LIME"/tmp chmod -R o= "$LIME"/tmp # user uploads chown -R www-data: "$LIME"/upload # user configuration (required by installation wizard) chown -R www-data: "$LIME"/application/config
Here an overview of the application directory.
# ls -l /var/www/limesurvey/production total 84 drwxr-xr-x 2 root root 4096 16 feb 10.50 admin drwxr-xr-x 15 root root 4096 21 feb 19.45 application drwxr-xr-x 7 root root 4096 16 feb 10.50 assets -rw-r--r-- 1 root root 1131 16 feb 10.50 composer.json -rw-r--r-- 1 root root 3273 16 feb 10.50 CONTRIBUTING.md drwxr-xr-x 4 root root 4096 16 feb 10.50 docs drwxr-xr-x 19 root root 4096 16 feb 10.50 framework -rw-r--r-- 1 root root 6621 16 feb 10.50 index.php drwxr-xr-x 5 root root 4096 16 feb 10.50 installer drwxr-xr-x 110 root root 4096 16 feb 10.50 locale -rw-r--r-- 1 root root 80 16 feb 10.50 manifest.yml -rw-r--r-- 1 root root 1140 16 feb 10.50 phpci.yml -rw-r--r-- 1 root root 984 16 feb 10.50 phpunit.xml drwxr-xr-x 4 root root 4096 16 feb 10.50 plugins -rw-r--r-- 1 root root 2595 16 feb 10.50 README.md drwxr-xr-x 13 root root 4096 16 feb 10.50 tests drwxr-xr-x 5 root root 4096 16 feb 10.50 themes drwxr-xr-x 37 root root 4096 16 feb 10.50 third_party drwxrwxr-x 5 apache-limesurvey apache-limesurvey 4096 17 feb 10.24 tmp drwxrwxr-x 7 apache-limesurvey apache-limesurvey 4096 16 feb 10.50 upload
This is the configuration directory:
# ls -l /var/www/limesurvey/production/application/config total 156 ... lrwxrwxrwx 1 root root 77 21 feb 19.44 config.php -> /etc/wmit-infrastructure/servers/fabula/projects/limesurvey/public-config.php ...
Dependencies
apt install -y php-zip php-imap php-gd
Admin
This is the admin panel:
The enabled users are listed in:
Configuration
LimeSurvey configuration:
nano /var/www/limesurvey/production/application/config/config.php
Apache configuration:
nano /etc/httpd/sites-enabled/it-wikimedia-survey-ssl.conf nano /etc/httpd/sites-enabled/it-wikimedia-survey-txt.conf
PHP-FPM configuration:
nano /etc/opt/rh/rh-php73/php-fpm.d/9002-limesurvey.conf
To publish whatever change in Wikimedia Phabricator please run this:
/root/scripts/commit.sh
Log
Generic Apache error log:
tail -f /var/log/apache2/error.log
Generic Apache access log:
tail -f /var/log/apache2/access_log
Service
To apply your changes you need to restart the services.
Service of the apache frontend webserver:
apache2ctl configtest apache2ctl graceful
Service of the PHP-FPM backend webserver:
systemctl status rh-php73-php-fpm systemctl restart rh-php73-php-fpm
Database
$ mysql limesurvey > SHOW TABLES; +-----------------------------------------------+ | Tables_in_limesurvey | +-----------------------------------------------+ | lime_answers | | lime_assessments | | lime_asset_version | | lime_boxes | | lime_conditions | | lime_defaultvalues | | lime_expression_errors | | lime_failed_login_attempts | | lime_groups | | lime_labels | | lime_labelsets | | lime_map_tutorial_users | | lime_notifications | | lime_old_survey_272925_20210218220912 | | lime_old_survey_272925_20210218222604 | | lime_old_survey_272925_20210218232807 | | lime_old_survey_272925_20210219171305 | | lime_old_survey_272925_timings_20210218220912 | | lime_old_survey_272925_timings_20210218222604 | | lime_old_survey_272925_timings_20210218232807 | | lime_old_survey_272925_timings_20210219171305 | | lime_participant_attribute | | lime_participant_attribute_names | | lime_participant_attribute_names_lang | | lime_participant_attribute_values | | lime_participant_shares | | lime_participants | | lime_permissions | | lime_plugin_settings | | lime_plugins | | lime_question_attributes | | lime_questions | | lime_quota | | lime_quota_languagesettings | | lime_quota_members | | lime_saved_control | | lime_sessions | | lime_settings_global | | lime_settings_user | | lime_survey_272925 | | lime_survey_272925_timings | | lime_survey_856642 | | lime_survey_856642_timings | | lime_survey_links | | lime_survey_url_parameters | | lime_surveymenu | | lime_surveymenu_entries | | lime_surveys | | lime_surveys_groups | | lime_surveys_languagesettings | | lime_template_configuration | | lime_templates | | lime_tutorial_entries | | lime_tutorial_entry_relation | | lime_tutorials | | lime_user_groups | | lime_user_in_groups | | lime_users | +-----------------------------------------------+ 58 rows in set (0.00 sec)
Created with:
# copy a password pwgen 40 # create database mysql CREATE DATABASE limesurvey; CREATE USER limesurvey@localhost IDENTIFIED BY '<omissis>'; GRANT ALL PRIVILEGES ON limesurvey.* TO limesurvey@localhost; quit
This application uses an SMTP account @wikimedia.it with username noreply.
See #Configuration.
See technical addresses.
Automatic update
Just visit this page:
https://survey.wikimedia.it/index.php/admin/update
If the key is not valid anymore, copy and paste this page to request another one and have more than 120 updates:
After the update see #Logo.
Manual update
- backup files
- backup database
- see #Filesystem to remove hardening
- now:
- Option 1 without command line
- You can use the ComfortUpdate from the web interface (but you need to pay the license - that is good to support LimeSurvey)
- Option 2 with command line
- see #Deploy
- update the database:
su www-data -s /bin/bash --command='php /var/www/limesurvey/production/application/commands/console.php updatedb'
- Option 1 without command line
- see #Filesystem to restore hardening
Notes:
- to see the new version online you can just replace the symbolic link at
/var/www/limesurvey/production. - remember to copy the
/application/configinside your new version (both config.php and secret.php)
Then follow the official guide.
https://manual.limesurvey.org/upgrading_from_a_previous_version
After the update see #Logo.
Security
Deploy
# info latest_stable=https://download.limesurvey.org/lts-releases/limesurvey3.25.17+210309.zip version=3.25.17 # download mkdir -p /var/www/limesurvey cd /var/www/limesurvey wget "$latest_stable" -O stable.zip # checks sha256sum stable.zip # e528de65e48bb30ccfa581f975d9e989b9eb3ee1b65ab43aa80ef7e02b713b65 stable.zip md5sum stable.zip # 492d553ed00911b8c0e7ccfb45be0830 stable.zip du stable.zip # 77052 stable.zip # extract apt install --yes unzip unzip stable.zip rm stable.zip # give a meaningful name mv limesurvey limesurvey-"$version" # create symlink ln -fs limesurvey-"$version" production # create temporary locations mkdir -p tmp chown www-data: tmp chmod 770 tmp
Now see #Filesystem and #Database.
Also see #Logo.
Logo
You may need to change a couple of lines in this configuration file to change the logo:
/etc/apache2/sites-enabled/it-wikimedia-survey-ssl.conf
Here the lines:
# # Update the logo # # https://commons.wikimedia.org/wiki/File:WikiSurvey_Logo_(lettering).svg # # https://phabricator.wikimedia.org/T275919 # # cd /var/www/limesurvey/wmi-images/ # wget "https://upload.wikimedia.org/wikipedia/commons/thumb/0/03/WikiSurvey_Logo_(lettering).svg/350px-WikiSurvey_Logo_(lettering).svg.png" # # ↓ CHANGE THIS Alias /tmp/assets/369bd233/survey_list_header.png /var/www/limesurvey/wmi-images/350px-WikiSurvey_Logo_(lettering).svg.png Alias /tmp/assets/11637359/logo.png /var/www/limesurvey/wmi-images/350px-WikiSurvey_Logo_(lettering).svg.png
After you have done, just reload apache:
apachectl graceful
Phabricator
- phabricator:search - search recent activity
- phabricator:diffusion/WIIN/browse/main/servers/fabula/projects/limesurvey/ - public configuration