LimeSurvey/Technical documentation
Jump to navigation
Jump to search
E-mail
_(4).jpg)
Pagina legata al server
⚙️ intreccioBrief documentation for system administrators of the LimeSurvey instance in Wikimedia Italia.
Server access
ssh fabula.wikimedia.it
ssh intreccio.wikimedia.it
To request access:
Overview
The LimeSurvey application is just a PHP/MySQL application served by Apache mod_php.
Filesystem
The whole application is in read-only (writable only by root) apart from some temporary locations and the upload directory.
The while application is world-readable apart from the file config-secret.php and the directory for PHP sessions.
Before any update:
LIME=/var/www/limesurvey/production/ chown www-data: -R "$LIME"
After any update, harden the application:
LIME=/var/www/limesurvey/production/ # make the whole application read-only for everyone chown root: -R "$LIME" # allow to upload new logo from the backend interface chown www-data: "$LIME"/upload/themes/survey/generalfiles # generic temporary directory for PHP chown -R www-data: "$LIME"/tmp chmod -R o= "$LIME"/tmp # user uploads chown -R www-data: "$LIME"/upload # user configuration (required by installation wizard) chown -R www-data: "$LIME"/application/config
Here an overview of the application directory.
# ls -l /var/www/limesurvey/production total 84 drwxr-xr-x 2 root root 4096 16 feb 10.50 admin drwxr-xr-x 15 root root 4096 21 feb 19.45 application drwxr-xr-x 7 root root 4096 16 feb 10.50 assets -rw-r--r-- 1 root root 1131 16 feb 10.50 composer.json -rw-r--r-- 1 root root 3273 16 feb 10.50 CONTRIBUTING.md drwxr-xr-x 4 root root 4096 16 feb 10.50 docs drwxr-xr-x 19 root root 4096 16 feb 10.50 framework -rw-r--r-- 1 root root 6621 16 feb 10.50 index.php drwxr-xr-x 5 root root 4096 16 feb 10.50 installer drwxr-xr-x 110 root root 4096 16 feb 10.50 locale -rw-r--r-- 1 root root 80 16 feb 10.50 manifest.yml -rw-r--r-- 1 root root 1140 16 feb 10.50 phpci.yml -rw-r--r-- 1 root root 984 16 feb 10.50 phpunit.xml drwxr-xr-x 4 root root 4096 16 feb 10.50 plugins -rw-r--r-- 1 root root 2595 16 feb 10.50 README.md drwxr-xr-x 13 root root 4096 16 feb 10.50 tests drwxr-xr-x 5 root root 4096 16 feb 10.50 themes drwxr-xr-x 37 root root 4096 16 feb 10.50 third_party drwxrwxr-x 5 apache-limesurvey apache-limesurvey 4096 17 feb 10.24 tmp drwxrwxr-x 7 apache-limesurvey apache-limesurvey 4096 16 feb 10.50 upload
This is the configuration directory:
# ls -l /var/www/limesurvey/production/application/config total 156 ... lrwxrwxrwx 1 root root 77 21 feb 19.44 config.php -> /etc/wmit-infrastructure/servers/fabula/projects/limesurvey/public-config.php ...
Dependencies
apt install -y php-zip php-imap php-gd
Admin
This is the admin panel:
The enabled users are listed in:
Configuration
LimeSurvey configuration:
nano /var/www/limesurvey/production/application/config/config.php
Apache configuration:
nano /etc/httpd/sites-enabled/it-wikimedia-survey-ssl.conf nano /etc/httpd/sites-enabled/it-wikimedia-survey-txt.conf
PHP-FPM configuration:
nano /etc/opt/rh/rh-php73/php-fpm.d/9002-limesurvey.conf
To publish whatever change in Wikimedia Phabricator please run this:
/root/scripts/commit.sh
Log
Generic Apache error log:
tail -f /var/log/apache2/error.log
Generic Apache access log:
tail -f /var/log/apache2/access_log
Service
To apply your changes you need to restart the services.
Service of the apache frontend webserver:
apache2ctl configtest apache2ctl graceful
Service of the PHP-FPM backend webserver:
systemctl status rh-php73-php-fpm systemctl restart rh-php73-php-fpm
Database
$ mysql limesurvey > SHOW TABLES; +-----------------------------------------------+ | Tables_in_limesurvey | +-----------------------------------------------+ | lime_answers | | lime_assessments | | lime_asset_version | | lime_boxes | | lime_conditions | | lime_defaultvalues | | lime_expression_errors | | lime_failed_login_attempts | | lime_groups | | lime_labels | | lime_labelsets | | lime_map_tutorial_users | | lime_notifications | | lime_old_survey_272925_20210218220912 | | lime_old_survey_272925_20210218222604 | | lime_old_survey_272925_20210218232807 | | lime_old_survey_272925_20210219171305 | | lime_old_survey_272925_timings_20210218220912 | | lime_old_survey_272925_timings_20210218222604 | | lime_old_survey_272925_timings_20210218232807 | | lime_old_survey_272925_timings_20210219171305 | | lime_participant_attribute | | lime_participant_attribute_names | | lime_participant_attribute_names_lang | | lime_participant_attribute_values | | lime_participant_shares | | lime_participants | | lime_permissions | | lime_plugin_settings | | lime_plugins | | lime_question_attributes | | lime_questions | | lime_quota | | lime_quota_languagesettings | | lime_quota_members | | lime_saved_control | | lime_sessions | | lime_settings_global | | lime_settings_user | | lime_survey_272925 | | lime_survey_272925_timings | | lime_survey_856642 | | lime_survey_856642_timings | | lime_survey_links | | lime_survey_url_parameters | | lime_surveymenu | | lime_surveymenu_entries | | lime_surveys | | lime_surveys_groups | | lime_surveys_languagesettings | | lime_template_configuration | | lime_templates | | lime_tutorial_entries | | lime_tutorial_entry_relation | | lime_tutorials | | lime_user_groups | | lime_user_in_groups | | lime_users | +-----------------------------------------------+ 58 rows in set (0.00 sec)
Created with:
# copy a password pwgen 40 # create database mysql CREATE DATABASE limesurvey; CREATE USER limesurvey@localhost IDENTIFIED BY '<omissis>'; GRANT ALL PRIVILEGES ON limesurvey.* TO limesurvey@localhost; quit
This application uses an SMTP account @wikimedia.it with username noreply.
See #Configuration.
See technical addresses.
Automatic update
Just visit this page:
https://survey.wikimedia.it/index.php/admin/update
If the key is not valid anymore, copy and paste this page to request another one and have more than 120 updates:
After the update see #Logo.
Manual update
- backup files
- backup database
- see #Filesystem to remove hardening
- now:
- Option 1 without command line
- You can use the ComfortUpdate from the web interface (but you need to pay the license - that is good to support LimeSurvey)
- Option 2 with command line
- see #Deploy
- update the database:
su www-data -s /bin/bash --command='php /var/www/limesurvey/production/application/commands/console.php updatedb'
- Option 1 without command line
- see #Filesystem to restore hardening
Notes:
- to see the new version online you can just replace the symbolic link at
/var/www/limesurvey/production. - remember to copy the
/application/configinside your new version (both config.php and secret.php)
Then follow the official guide.
https://manual.limesurvey.org/upgrading_from_a_previous_version
After the update see #Logo.
Security
Deploy
# info latest_stable=https://download.limesurvey.org/lts-releases/limesurvey3.25.17+210309.zip version=3.25.17 # download mkdir -p /var/www/limesurvey cd /var/www/limesurvey wget "$latest_stable" -O stable.zip # checks sha256sum stable.zip # e528de65e48bb30ccfa581f975d9e989b9eb3ee1b65ab43aa80ef7e02b713b65 stable.zip md5sum stable.zip # 492d553ed00911b8c0e7ccfb45be0830 stable.zip du stable.zip # 77052 stable.zip # extract apt install --yes unzip unzip stable.zip rm stable.zip # give a meaningful name mv limesurvey limesurvey-"$version" # create symlink ln -fs limesurvey-"$version" production # create temporary locations mkdir -p tmp chown www-data: tmp chmod 770 tmp
Now see #Filesystem and #Database.
Also see #Logo.
Logo
You may need to change a couple of lines in this configuration file to change the logo:
/etc/apache2/sites-enabled/it-wikimedia-survey-ssl.conf
Here the lines:
# # Update the logo # # https://commons.wikimedia.org/wiki/File:WikiSurvey_Logo_(lettering).svg # # https://phabricator.wikimedia.org/T275919 # # cd /var/www/limesurvey/wmi-images/ # wget "https://upload.wikimedia.org/wikipedia/commons/thumb/0/03/WikiSurvey_Logo_(lettering).svg/350px-WikiSurvey_Logo_(lettering).svg.png" # # ↓ CHANGE THIS Alias /tmp/assets/369bd233/survey_list_header.png /var/www/limesurvey/wmi-images/350px-WikiSurvey_Logo_(lettering).svg.png Alias /tmp/assets/11637359/logo.png /var/www/limesurvey/wmi-images/350px-WikiSurvey_Logo_(lettering).svg.png
After you have done, just reload apache:
apachectl graceful
Phabricator
- phabricator:search - search recent activity
- phabricator:diffusion/WIIN/browse/main/servers/fabula/projects/limesurvey/ - public configuration