Differenze tra le versioni di "LimeSurvey/Technical documentation"

Versione delle 23:00, 28 feb 2021

Pagina legata al server ⚙️ fabula

Brief documentation for system administrators of the LimeSurvey instance in Wikimedia Italia.

Server access

ssh fabula.wikimedia.it

To request access:

Infrastruttura#Contatti

Overview

     ┌─────┐          ┌─────────────────┐          ┌───────────────┐
     │Alice│          │Apache (:80 :443)│          │PHP-FPM (:9002)│
     └──┬──┘          └────────┬────────┘          └───────┬───────┘
        │       request        │                           │        
        │<────────────────────>│                           │        
        │                      │                           │        
        │                      │         request           │        
        │                      │<─────────────────────────>│        
     ┌──┴──┐          ┌────────┴────────┐          ┌───────┴───────┐
     │Alice│          │Apache (:80 :443)│          │PHP-FPM (:9002)│
     └─────┘          └─────────────────┘          └───────────────┘

(refresh)

Filesystem

The whole application is in read-only (writable only by root) apart from some temporary locations and the upload directory.

The while application is world-readable apart from the file config-secret.php and the directory for PHP sessions.

Some directories that needs write:

# to upload new logo from the backend interface
/var/www/limesurvey/production/upload/themes/survey/generalfiles

# generic temporary directory for PHP
/var/www/limesurvey/production/tmp

# PHP sessions
/var/www/limesurvey/production/session

Here an overview of the filesystem:

# ls -l /var/www/limesurvey
total 44
-rw-r-----  1 apache-limesurvey apache-limesurvey    79 22 feb 00.04 config-secret.php
drwxr-xr-x 15 root              root               4096 22 feb 01.34 limesurvey-3.25.13
lrwxrwxrwx  1 root              root                 18 16 feb 18.17 production -> limesurvey-3.25.13
drwxrwx---  2 apache-limesurvey apache-limesurvey 32768 22 feb 03.01 session

Here an overview of the application directory.

# ls -l /var/www/limesurvey/production
total 84
drwxr-xr-x   2 root              root              4096 16 feb 10.50 admin
drwxr-xr-x  15 root              root              4096 21 feb 19.45 application
drwxr-xr-x   7 root              root              4096 16 feb 10.50 assets
-rw-r--r--   1 root              root              1131 16 feb 10.50 composer.json
-rw-r--r--   1 root              root              3273 16 feb 10.50 CONTRIBUTING.md
drwxr-xr-x   4 root              root              4096 16 feb 10.50 docs
drwxr-xr-x  19 root              root              4096 16 feb 10.50 framework
-rw-r--r--   1 root              root              6621 16 feb 10.50 index.php
drwxr-xr-x   5 root              root              4096 16 feb 10.50 installer
drwxr-xr-x 110 root              root              4096 16 feb 10.50 locale
-rw-r--r--   1 root              root                80 16 feb 10.50 manifest.yml
-rw-r--r--   1 root              root              1140 16 feb 10.50 phpci.yml
-rw-r--r--   1 root              root               984 16 feb 10.50 phpunit.xml
drwxr-xr-x   4 root              root              4096 16 feb 10.50 plugins
-rw-r--r--   1 root              root              2595 16 feb 10.50 README.md
drwxr-xr-x  13 root              root              4096 16 feb 10.50 tests
drwxr-xr-x   5 root              root              4096 16 feb 10.50 themes
drwxr-xr-x  37 root              root              4096 16 feb 10.50 third_party
drwxrwxr-x   5 apache-limesurvey apache-limesurvey 4096 17 feb 10.24 tmp
drwxrwxr-x   7 apache-limesurvey apache-limesurvey 4096 16 feb 10.50 upload

This is the configuration directory:

# ls -l /var/www/limesurvey/production/application/config
total 156
...
lrwxrwxrwx 1 root              root                 77 21 feb 19.44 config.php -> /etc/wmit-infrastructure/servers/fabula/projects/limesurvey/public-config.php
...

Admin

This is the admin panel:

https://survey.wikimedia.it/admin/

The enabled users are listed in:

LimeSurvey#Amministratori

Configuration

LimeSurvey configuration:

nano /var/www/limesurvey/production/application/config/config.php

Apache configuration:

nano /etc/httpd/sites-enabled/it-wikimedia-survey-ssl.conf
nano /etc/httpd/sites-enabled/it-wikimedia-survey-txt.conf

PHP-FPM configuration:

nano /etc/opt/rh/rh-php73/php-fpm.d/9002-limesurvey.conf

To publish whatever change in Wikimedia Phabricator please run this:

/root/scripts/commit.sh

Log

Application error log:

tail -f /var/log/php-fpm/limesurvey-error.log

Generic Apache error log:

tail -f /var/log/httpd/error_log

Generic Apache access log:

tail -f /var/log/httpd/access_log

Service

To apply your changes you need to restart the services.

Service of the apache frontend webserver:

apache2ctl configtest
apache2ctl graceful

Service of the PHP-FPM backend webserver:

systemctl status  rh-php73-php-fpm
systemctl restart rh-php73-php-fpm

Database

$ mysql limesurvey
> SHOW TABLES;
+-----------------------------------------------+
| Tables_in_limesurvey                          |
+-----------------------------------------------+
| lime_answers                                  |
| lime_assessments                              |
| lime_asset_version                            |
| lime_boxes                                    |
| lime_conditions                               |
| lime_defaultvalues                            |
| lime_expression_errors                        |
| lime_failed_login_attempts                    |
| lime_groups                                   |
| lime_labels                                   |
| lime_labelsets                                |
| lime_map_tutorial_users                       |
| lime_notifications                            |
| lime_old_survey_272925_20210218220912         |
| lime_old_survey_272925_20210218222604         |
| lime_old_survey_272925_20210218232807         |
| lime_old_survey_272925_20210219171305         |
| lime_old_survey_272925_timings_20210218220912 |
| lime_old_survey_272925_timings_20210218222604 |
| lime_old_survey_272925_timings_20210218232807 |
| lime_old_survey_272925_timings_20210219171305 |
| lime_participant_attribute                    |
| lime_participant_attribute_names              |
| lime_participant_attribute_names_lang         |
| lime_participant_attribute_values             |
| lime_participant_shares                       |
| lime_participants                             |
| lime_permissions                              |
| lime_plugin_settings                          |
| lime_plugins                                  |
| lime_question_attributes                      |
| lime_questions                                |
| lime_quota                                    |
| lime_quota_languagesettings                   |
| lime_quota_members                            |
| lime_saved_control                            |
| lime_sessions                                 |
| lime_settings_global                          |
| lime_settings_user                            |
| lime_survey_272925                            |
| lime_survey_272925_timings                    |
| lime_survey_856642                            |
| lime_survey_856642_timings                    |
| lime_survey_links                             |
| lime_survey_url_parameters                    |
| lime_surveymenu                               |
| lime_surveymenu_entries                       |
| lime_surveys                                  |
| lime_surveys_groups                           |
| lime_surveys_languagesettings                 |
| lime_template_configuration                   |
| lime_templates                                |
| lime_tutorial_entries                         |
| lime_tutorial_entry_relation                  |
| lime_tutorials                                |
| lime_user_groups                              |
| lime_user_in_groups                           |
| lime_users                                    |
+-----------------------------------------------+
58 rows in set (0.00 sec)

Unix

There is a dedicated Unix user able to read secret configurations and write some logs.

# id apache-limesurvey
uid=1438(apache-limesurvey) gid=1438(apache-limesurvey) groups=1438(apache-limesurvey),48(apache)

TODO: Actually this user is not in use because I don't want to experiment in production and now I don't have time to do otherwise. But please update the PHP-FPM #Configuration to adopt this separated user.

E-mail

This application uses an SMTP account @wikimedia.it with username noreply.

See #Configuration.

See technical addresses.

Update

During an update try to do not use the web interface (because the application is in read-only on the filesystem) but download instead the new version in /var/www/limesurvey.

To see the new version online you can just replace the /var/www/limesurvey/production symbolic link.

Remember to copy the /application/config inside your new version.

Then follow the official guide.

https://manual.limesurvey.org/upgrading_from_a_previous_version

Security

Some initiatives to improve the security of LimeSurvey itself:

(Italian) https://gitlab.com/ItalianLinuxSociety/brainstorm/-/issues/27

Phabricator

phabricator:search - search recent activity
phabricator:diffusion/WIIN/browse/master/servers/fabula/projects/limesurvey/ - public configuration