Differenze tra le versioni di "LimeSurvey/Technical documentation"

Da Wikimedia Italia.
Jump to navigation Jump to search
m (→‎Logo: reload)
(→‎Log: update log info)
Riga 128: Riga 128:
  
 
== Log ==
 
== Log ==
 
Application error log:
 
 
tail -f /var/log/php-fpm/limesurvey-error.log
 
  
 
Generic Apache error log:
 
Generic Apache error log:
  
  tail -f /var/log/httpd/error_log
+
  tail -f /var/log/apache2/error.log
  
 
Generic Apache access log:
 
Generic Apache access log:
  
  tail -f /var/log/httpd/access_log
+
  tail -f /var/log/apache2/access_log
  
 
== Service ==
 
== Service ==

Versione delle 20:56, 2 feb 2023

Pagina legata al server ⚙️ intreccio

Brief documentation for system administrators of the LimeSurvey instance in Wikimedia Italia.

Server access

ssh fabula.wikimedia.it

ssh intreccio.wikimedia.it

To request access:

Overview

The LimeSurvey application is just a PHP/MySQL application served by Apache mod_php.

Filesystem

The whole application is in read-only (writable only by root) apart from some temporary locations and the upload directory.

The while application is world-readable apart from the file config-secret.php and the directory for PHP sessions.

Before any update:

LIME=/var/www/limesurvey/production/
chown www-data: -R "$LIME"

After any update, harden the application:

LIME=/var/www/limesurvey/production/

# make the whole application read-only for everyone
chown root: -R "$LIME"

# allow to upload new logo from the backend interface
chown www-data: "$LIME"/upload/themes/survey/generalfiles

# generic temporary directory for PHP
chown -R www-data: "$LIME"/tmp
chmod -R o=        "$LIME"/tmp

# user uploads
chown -R www-data: "$LIME"/upload

# user configuration (required by installation wizard)
chown -R www-data: "$LIME"/application/config

Here an overview of the application directory.

# ls -l /var/www/limesurvey/production
total 84
drwxr-xr-x   2 root              root              4096 16 feb 10.50 admin
drwxr-xr-x  15 root              root              4096 21 feb 19.45 application
drwxr-xr-x   7 root              root              4096 16 feb 10.50 assets
-rw-r--r--   1 root              root              1131 16 feb 10.50 composer.json
-rw-r--r--   1 root              root              3273 16 feb 10.50 CONTRIBUTING.md
drwxr-xr-x   4 root              root              4096 16 feb 10.50 docs
drwxr-xr-x  19 root              root              4096 16 feb 10.50 framework
-rw-r--r--   1 root              root              6621 16 feb 10.50 index.php
drwxr-xr-x   5 root              root              4096 16 feb 10.50 installer
drwxr-xr-x 110 root              root              4096 16 feb 10.50 locale
-rw-r--r--   1 root              root                80 16 feb 10.50 manifest.yml
-rw-r--r--   1 root              root              1140 16 feb 10.50 phpci.yml
-rw-r--r--   1 root              root               984 16 feb 10.50 phpunit.xml
drwxr-xr-x   4 root              root              4096 16 feb 10.50 plugins
-rw-r--r--   1 root              root              2595 16 feb 10.50 README.md
drwxr-xr-x  13 root              root              4096 16 feb 10.50 tests
drwxr-xr-x   5 root              root              4096 16 feb 10.50 themes
drwxr-xr-x  37 root              root              4096 16 feb 10.50 third_party
drwxrwxr-x   5 apache-limesurvey apache-limesurvey 4096 17 feb 10.24 tmp
drwxrwxr-x   7 apache-limesurvey apache-limesurvey 4096 16 feb 10.50 upload

This is the configuration directory:

# ls -l /var/www/limesurvey/production/application/config
total 156
...
lrwxrwxrwx 1 root              root                 77 21 feb 19.44 config.php -> /etc/wmit-infrastructure/servers/fabula/projects/limesurvey/public-config.php
...

Dependencies

apt install -y php-zip php-imap php-gd

Admin

This is the admin panel:

The enabled users are listed in:

Configuration

LimeSurvey configuration:

nano /var/www/limesurvey/production/application/config/config.php

Apache configuration:

nano /etc/httpd/sites-enabled/it-wikimedia-survey-ssl.conf
nano /etc/httpd/sites-enabled/it-wikimedia-survey-txt.conf

PHP-FPM configuration:

nano /etc/opt/rh/rh-php73/php-fpm.d/9002-limesurvey.conf

To publish whatever change in Wikimedia Phabricator please run this:

/root/scripts/commit.sh

Log

Generic Apache error log:

tail -f /var/log/apache2/error.log

Generic Apache access log:

tail -f /var/log/apache2/access_log

Service

To apply your changes you need to restart the services.

Service of the apache frontend webserver:

apache2ctl configtest
apache2ctl graceful

Service of the PHP-FPM backend webserver:

systemctl status  rh-php73-php-fpm
systemctl restart rh-php73-php-fpm

Database

$ mysql limesurvey
> SHOW TABLES;
+-----------------------------------------------+
| Tables_in_limesurvey                          |
+-----------------------------------------------+
| lime_answers                                  |
| lime_assessments                              |
| lime_asset_version                            |
| lime_boxes                                    |
| lime_conditions                               |
| lime_defaultvalues                            |
| lime_expression_errors                        |
| lime_failed_login_attempts                    |
| lime_groups                                   |
| lime_labels                                   |
| lime_labelsets                                |
| lime_map_tutorial_users                       |
| lime_notifications                            |
| lime_old_survey_272925_20210218220912         |
| lime_old_survey_272925_20210218222604         |
| lime_old_survey_272925_20210218232807         |
| lime_old_survey_272925_20210219171305         |
| lime_old_survey_272925_timings_20210218220912 |
| lime_old_survey_272925_timings_20210218222604 |
| lime_old_survey_272925_timings_20210218232807 |
| lime_old_survey_272925_timings_20210219171305 |
| lime_participant_attribute                    |
| lime_participant_attribute_names              |
| lime_participant_attribute_names_lang         |
| lime_participant_attribute_values             |
| lime_participant_shares                       |
| lime_participants                             |
| lime_permissions                              |
| lime_plugin_settings                          |
| lime_plugins                                  |
| lime_question_attributes                      |
| lime_questions                                |
| lime_quota                                    |
| lime_quota_languagesettings                   |
| lime_quota_members                            |
| lime_saved_control                            |
| lime_sessions                                 |
| lime_settings_global                          |
| lime_settings_user                            |
| lime_survey_272925                            |
| lime_survey_272925_timings                    |
| lime_survey_856642                            |
| lime_survey_856642_timings                    |
| lime_survey_links                             |
| lime_survey_url_parameters                    |
| lime_surveymenu                               |
| lime_surveymenu_entries                       |
| lime_surveys                                  |
| lime_surveys_groups                           |
| lime_surveys_languagesettings                 |
| lime_template_configuration                   |
| lime_templates                                |
| lime_tutorial_entries                         |
| lime_tutorial_entry_relation                  |
| lime_tutorials                                |
| lime_user_groups                              |
| lime_user_in_groups                           |
| lime_users                                    |
+-----------------------------------------------+
58 rows in set (0.00 sec)

Created with:

# copy a password
pwgen 40

# create database
mysql
CREATE DATABASE limesurvey;
CREATE USER limesurvey@localhost IDENTIFIED BY '<omissis>';
GRANT ALL PRIVILEGES ON limesurvey.* TO limesurvey@localhost;

quit

E-mail

This application uses an SMTP account @wikimedia.it with username noreply.

See #Configuration.

See technical addresses.

Automatic update

Just visit this page:

https://survey.wikimedia.it/index.php/admin/update

If the key is not valid anymore, copy and paste this page to request another one and have more than 120 updates:

After the update see #Logo.

Manual update

  1. backup files
  2. backup database
  3. see #Filesystem to remove hardening
  4. now:
    1. Option 1 without command line
      1. You can use the ComfortUpdate from the web interface (but you need to pay the license - that is good to support LimeSurvey)
    2. Option 2 with command line
      1. see #Deploy
      2. update the database:
        su www-data -s /bin/bash --command='php /var/www/limesurvey/production/application/commands/console.php updatedb'
  5. see #Filesystem to restore hardening

Notes:

  • to see the new version online you can just replace the symbolic link at /var/www/limesurvey/production.
  • remember to copy the /application/config inside your new version (both config.php and secret.php)

Then follow the official guide.

https://manual.limesurvey.org/upgrading_from_a_previous_version

After the update see #Logo.

Security

Deploy

# info
latest_stable=https://download.limesurvey.org/lts-releases/limesurvey3.25.17+210309.zip
version=3.25.17

# download
mkdir -p /var/www/limesurvey
cd       /var/www/limesurvey
wget "$latest_stable" -O stable.zip

# checks
sha256sum stable.zip 
# e528de65e48bb30ccfa581f975d9e989b9eb3ee1b65ab43aa80ef7e02b713b65  stable.zip
md5sum stable.zip
# 492d553ed00911b8c0e7ccfb45be0830  stable.zip
du stable.zip 
# 77052	stable.zip

# extract
apt install --yes unzip
unzip stable.zip
rm stable.zip

# give a meaningful name
mv limesurvey limesurvey-"$version"

# create symlink
ln -fs limesurvey-"$version" production

# create temporary locations
mkdir -p tmp
chown www-data: tmp
chmod 770       tmp

Now see #Filesystem and #Database.

Also see #Logo.

You may need to change a couple of lines in this configuration file to change the logo:

/etc/apache2/sites-enabled/it-wikimedia-survey-ssl.conf

Here the lines:

#
# Update the logo
#
# https://commons.wikimedia.org/wiki/File:WikiSurvey_Logo_(lettering).svg
#
# https://phabricator.wikimedia.org/T275919
#
#    cd /var/www/limesurvey/wmi-images/
#    wget "https://upload.wikimedia.org/wikipedia/commons/thumb/0/03/WikiSurvey_Logo_(lettering).svg/350px-WikiSurvey_Logo_(lettering).svg.png"
#
#                 ↓ CHANGE THIS
Alias /tmp/assets/369bd233/survey_list_header.png /var/www/limesurvey/wmi-images/350px-WikiSurvey_Logo_(lettering).svg.png
Alias /tmp/assets/11637359/logo.png               /var/www/limesurvey/wmi-images/350px-WikiSurvey_Logo_(lettering).svg.png

After you have done, just reload apache:

apachectl graceful

Phabricator