Please help us help you and fill where relevant:
Your LimeSurvey version: 5.3.29
Own server or LimeSurvey hosting: own: running on k3s
Survey theme/template: standard
==================
hi folks,
I 'm running LS on k3s cluster on a rocky 8.5 container with php8 and postgres crunchy op. I managed to install db and run LS. Surveys are showing up, but with strange behaviour. When I try to log in /admin, the log in window shows up and after putting my credentials in and clicking on log in the page loads again with a 302 error, so I'm not able to get to the admin area. Same thing with the surveys: they're showing up, when clicking on one of them I'm getting to the participating site, clicking on the button to participate wan't let me do anything and I'm hanging there with the 302 error.
When investigating I found 302 errors in my apache logs:
my apache conf:

<VirtualHost *:80>
    ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/run/php-fpm/www.sock|fcgi://127.0.0.1:9000/var/www/LIMESURVEY
    ProxyPreserveHost on

    Alias /upload        "/var/www/LIMESURVEY/upload"
    Alias /tmp           "/var/www/LIMESURVEY/tmp"
    Alias /third_party   "/var/www/LIMESURVEY/third_party"
    Alias /scripts       "/var/www/LIMESURVEY/scripts"
    Alias /styles        "/var/www/LIMESURVEY/styles"
    Alias /styles-public "/var/www/LIMESURVEY/styles-public"
    Alias /installer     "/var/www/LIMESURVEY/installer"
    Alias /templates     "/var/www/LIMESURVEY/templates"
    Alias /images        "/var/www/LIMESURVEY/images"
    Alias /themes        "/var/www/LIMESURVEY/themes"
    Alias /assets        "/var/www/LIMESURVEY/assets"

    <Proxy unix:/run/php-fpm/www.sock>
        Require all granted
    </Proxy>

    <Proxy fcgi://127.0.0.1:9000>
        Require all granted
    </Proxy>

    <Directory /var/www/LIMESURVEY>
        Options -Indexes
        AllowOverride All
        Order allow,deny
        allow from all
        <FilesMatch \.php$>
              SetHandler "unix:/run/php-fpm/www.sock|fcgi://127.0.0.1:9000"
           </FilesMatch>
        <IfModule mod_headers.c>
            Header always set Strict-Transport-Security "max-age=15552000"
           </IfModule>
#         AllowOverride all
       Require all granted
    </Directory>
    
    <Directory ~ ^/var/www/LIMESURVEY/application/(config|logs)>
        Require all denied
    </Directory>

    ServerAdmin serveradmin@myserver
    ServerName limesurvey.myserver
    DocumentRoot /var/www/LIMESURVEY
    LogLevel debug
    RewriteEngine on
   # RewriteOptions inherit
    RewriteRule ^/$ /index.php [R,L]
    RewriteRule ^/login$ limesurvey.myserver/index.php/admin [NC,R,L]
    ErrorLog  /var/log/httpd/limesurvey.myserver-error_log
    CustomLog /var/log/httpd/limesurvey.myserver-access_log combined
</VirtualHost>

php-fpm shows no errors. Does anybody maybe have  a clue or a hint on whats happening here?

Thanks a lot!
jim
 

I got a bit further and tested with php7.2.24. What I can say is that the problem is not with php-fpm or the fcgi. with the exact configuration I got a 500 error from this logs:

[Wed Aug 03 09:04:08.338731 2022] [proxy_fcgi:debug] [pid 659:tid 139984526898944] mod_proxy_fcgi.c(1028): [client 10.42.1.210:48154] AH01078: serving URL fcgi://php-fpm/var/www/LIMESURVEY/index.php
[Wed Aug 03 09:04:08.338736 2022] [proxy:debug] [pid 659:tid 139984526898944] proxy_util.c(2353): AH00942: FCGI: has acquired connection for (php-fpm)
[Wed Aug 03 09:04:08.338744 2022] [proxy:debug] [pid 659:tid 139984526898944] proxy_util.c(2408): [client 10.42.1.210:48154] AH00944: connecting fcgi://php-fpm/var/www/LIMESURVEY/index.php to php-fpm:8000
[Wed Aug 03 09:04:08.338749 2022] [proxy:debug] [pid 659:tid 139984526898944] proxy_util.c(2445): [client 10.42.1.210:48154] AH02545: fcgi: has determined UDS as /run/php-fpm/www.sock
[Wed Aug 03 09:04:08.338752 2022] [proxy:debug] [pid 659:tid 139984526898944] proxy_util.c(2634): [client 10.42.1.210:48154] AH00947: connected /var/www/LIMESURVEY/index.php to httpd-UDS:0
[Wed Aug 03 09:04:08.338759 2022] [proxy:trace2] [pid 659:tid 139984526898944] proxy_util.c(2918): FCGI: reusing backend connection ?:0<>0.0.0.0:0
proxy_fcgi:trace4] [pid 659:tid 139984526898944] util_script.c(574): [client 10.42.1.210:48154] Headers from script 'index.php':
[Wed Aug 03 09:04:08.421895 2022] [proxy_fcgi:trace4] [pid 659:tid 139984526898944] util_script.c(575): [client 10.42.1.210:48154] Status: 500 Internal Server Error
[Wed Aug 03 09:04:08.421899 2022] [proxy_fcgi:trace1] [pid 659:tid 139984526898944] util_script.c(656): [client 10.42.1.210:48154] Status line from script 'index.php': 500 Internal Server Error
[Wed Aug 03 09:04:08.421903 2022] [proxy_fcgi:trace4] [pid 659:tid 139984526898944] util_script.c(575): [client 10.42.1.210:48154] X-Powered-By: PHP/7.2.24
[Wed Aug 03 09:04:08.421907 2022] [proxy_fcgi:trace4] [pid 659:tid 139984526898944] util_script.c(575): [client 10.42.1.210:48154] Content-type: text/html; charset=UTF-8
[Wed Aug 03 09:04:08.421922 2022] [proxy:debug] [pid 659:tid 139984526898944] proxy_util.c(2368): AH00943: FCGI: has released connection for (php-fpm)
[Wed Aug 03 09:04:08.421935 2022] [headers:trace2] [pid 659:tid 139984526898944] mod_headers.c(875): AH01502: headers: ap_headers_output_filter()
[Wed Aug 03 09:04:08.421964 2022] [http:trace3] [pid 659:tid 139984526898944] http_filters.c(1128): [client 10.42.1.210:48154] Response sent with status 500, headers:
[Wed Aug 03 09:04:08.421969 2022] [http:trace5] [pid 659:tid 139984526898944] http_filters.c(1135): [client 10.42.1.210:48154] Date: Wed, 03 Aug 2022 07:04:08 GMT
[Wed Aug 03 09:04:08.421972 2022] [http:trace5] [pid 659:tid 139984526898944] http_filters.c(1138): [client 10.42.1.210:48154] Server: Apache
[Wed Aug 03 09:04:08.421977 2022] [http:trace4] [pid 659:tid 139984526898944] http_filters.c(957): [client 10.42.1.210:48154] X-Powered-By: PHP/7.2.24
[Wed Aug 03 09:04:08.421980 2022] [http:trace4] [pid 659:tid 139984526898944] http_filters.c(957): [client 10.42.1.210:48154] X-XSS-Protection: 1; mode=block
[Wed Aug 03 09:04:08.421997 2022] [http:trace4] [pid 659:tid 139984526898944] http_filters.c(957): [client 10.42.1.210:48154] Content-Length: 0
[Wed Aug 03 09:04:08.422001 2022] [http:trace4] [pid 659:tid 139984526898944] http_filters.c(957): [client 10.42.1.210:48154] Connection: close
[Wed Aug 03 09:04:08.422003 2022] [http:trace4] [pid 659:tid 139984526898944] http_filters.c(957): [client 10.42.1.210:48154] Content-Type: text/html; charset=UTF-8
[Wed Aug 03 09:04:09.101582 2022] [http2:trace1] [pid 655:tid 139985181202176] h2_h2.c(588): [client 10.42.1.1:45208] h2_h2, process_conn
[Wed Aug 03 09:04:09.101582 2022] [http2:trace1] [pid 659:tid 139985307027200] h2_h2.c(588): [client 10.42.1.1:45210] h2_h2, process_conn
[Wed Aug 03 09:04:09.101616 2022] [http2:trace1] [pid 655:tid 139985181202176] h2_h2.c(602): [client 10.42.1.1:45208] h2_h2, process_conn, new connection using protocol 'http/1.1', direct=0, tls acceptable=1
[Wed Aug 03 09:04:09.101619 2022] [http2:trace1] [pid 659:tid 139985307027200] h2_h2.c(602): [client 10.42.1.1:45210] h2_h2, process_conn, new connection using protocol 'http/1.1', direct=0, tls acceptable=1
[Wed Aug 03 09:04:09.101622 2022] [http2:trace1] [pid 655:tid 139985181202176] h2_h2.c(661): [client 10.42.1.1:45208] h2_h2, declined
[Wed Aug 03 09:04:09.101624 2022] [http2:trace1] [pid 659:tid 139985307027200] h2_h2.c(661): [client 10.42.1.1:45210] h2_h2, declined

I'll be really very happy about a hint.
Thanks!

Hi Jimmi,

Most members of the forum are users, experts in Limesurvey. This here looks like a server configuration issue. So it might take a while until someone who is knowledgable in these things will show up here. But maybe you are lucky and @jelo shows up. I think he is the most knowledgebale one in the forum regarding these server related things.

Especially as you seem to have a very specific setup, probably very different to what most others run here:

k3s cluster on a rocky 8.5 container with php8 and postgres crunchy op

Hi holch,
thanks for your answer! I know it's a specific setup and it is fun setting it up, but this 302 is driving me crazy
So what I did is going back to php8.0, cause the issue seems not to be php-fpm or fcgi related. I guess you are right about that it might be an issue with the configuration, but the documentation covers only the basic stuff and there are no other sources to look for.
I did a fresh install of LS with modified php-fpm conf for redis and LS's precheck complies about it and didn't let me continue. Everything else was green. Actually I don't believe it's a redis issue because the server is availible in the cluster and LS is working with the right config.php settings and I have the keys inside redis..... So I'm out of clues..
btw. how can I connect to @jelo? Seems to be my last chance
Thanks a lot in advance!
jim

Found an interesting topic regarding YII: forum.yiiframework.com/t/https-302-redir...osting-form/43651/12
I'm investigating...

You might post the config.php file your of LimeSurvey installation (with some parts removed for security reasons).
Where is the php session data saved in your LimeSurvey setup?
Did you install the LimeSurvey via the webinstaller or otherwise?

The issue looks like an issue related to redirection or session data.

Is the /admin/ URL changed into /index.php?r=admin/authentication/sa/login when you enter the URL to reach the admin login screen?
Try to enter  "/index.php?r=admin/authentication/sa/login" to  reach the login screen instead of /admin

Checking the URL redirection might be worth a few minutes.
Check if you override parts of the htaccess inside the LimeSurvey directory with your virtual hosts settings.
Perhaps remove parts there and let the htaccess file do the magic first.

The default URL format is set in application/config/config.php,
'urlFormat' => 'get',
or
'urlFormat' => 'path',

Consult
manual.limesurvey.org/Optional_settings#URL_settings
for more infos.

Where is the session data saved in your LimeSurvey setup?
Check your php session handler via phpinfo.

Hi Jelo and thank you very much for your answer!
I thought it might be userfull to adding some extra info of my setup.
config.php:cat > @@APPDIR@@/application/config/config.php << EOF<?phpif (!defined('BASEPATH')) {exit('No direct script access allowed');}return array('components' => array('db' => array('connectionString' => 'pgsql:host=$,'emulatePrepare' => true,'username' => '$(cat /secret/pg-secret/user)','password' => '$(cat /secret/pg-secret/password)','charset' => 'utf8','tablePrefix' => 'lime_',),'session' => array('sessionName' => 'limesurvey', ),'urlManager' => array('urlFormat' => 'path','rules' => array(// You can add your own rules here),'showScriptName' => true,), 'assetManager' => array('basePath' => '@@APPDIR@@/tmp/assets',),'request'=>array('csrfCookie'=>;(object)array('domain'=>'mysurvey.server','path' => '/',)),'cache' => array('class' => 'CRedisCache','hostname' => '$(cat /secret/redis-secret/host)','port' => 6379,'database' => 0,'password' => '$(cat /secret/redis-secret/password)','options' => STREAM_CLIENT_CONNECT,)),'config'=>array('debug' => ${DEBUG:-2},'debugsql' => ${DEBUG:-1}, // Set this to 1 to enanble sql logging, only active when debug = 2'updatable' => false,'uploaddir' => '@@APPDIR@@/upload','tempdir' => '@@APPDIR@@/tmp','usertemplaterootdir'=>'@@APPDIR@@/upload/templates'),);
apache config:

ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/run/php-fpm/www.sock|fcgi://127.0.0.1:9000/var/www/LIMESURVEY
       ProxyPreserveHost on

   Alias /upload        "/var/www/LIMESURVEY/upload"
       Alias /tmp           "/var/www/LIMESURVEY/tmp"
       Alias /third_party   "/var/www/LIMESURVEY/third_party"
       Alias /scripts       "/var/www/LIMESURVEY/scripts"
       Alias /styles        "/var/www/LIMESURVEY/styles"
       Alias /styles-public "/var/www/LIMESURVEY/styles-public"
       Alias /installer     "/var/www/LIMESURVEY/installer"
       Alias /templates     "/var/www/LIMESURVEY/templates"
       Alias /images        "/var/www/LIMESURVEY/images"
       Alias /themes        "/var/www/LIMESURVEY/themes"
       Alias /assets        "/var/www/LIMESURVEY/assets"

       <Proxy unix:/run/php-fpm/www.sock>
               Require all granted
       </Proxy>

       <Proxy fcgi://127.0.0.1:9000>
               Require all granted
       </Proxy>

       <Directory /var/www/LIMESURVEY>
          AllowOverride All
      Require all granted
       </Directory>
    
   <Directory ~ ^/var/www/LIMESURVEY/application/(config|logs)>
               Require all denied
       </Directory>

   ServerAdmin serveradmin@myserver
   ServerName mysurvey.server
   DocumentRoot /var/www/LIMESURVEY
   LogLevel trace5
   RewriteEngine on
#   RewriteOptions inherit
#   RewriteRule ^/$ /index.php [R,L]
   RewriteRule ^/login$ mysurvey.server/index.php?r=admin/authentication/sa/login [NC,R,L]
   ErrorLog  /var/log/httpd/mysurvey-error_log
   CustomLog /var/log/httpd/myserver-access_log combined

.htaccess is left untouched.

the index.php?r=admin/authentication/sa/login doesn't achieve anything. I'm landing on the survey page and not in the login area...

request and respond header:
Respond_header:
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
date: Thu, 04 Aug 2022 05:19:04 GMT
location: mysurvey.server/index.php/admin/index
server: Apache
set-cookie: YII_CSRF_TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; SameSite=Lax
set-cookie: YII_CSRF_TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; SameSite=Lax
strict-transport-security: max-age=315360000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: DENY
x-powered-by: PHP/8.0.22
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2

Request Header:
POST /index.php/admin/authentication/sa/login HTTP/2
Host: mysurvey.server
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 222
Origin: mysurvey.server
Connection: keep-alive
Referer: mysurvey.server/index.php/admin/authentication/sa/login
Cookie: _gcl_au=1.1.1030608996.1659514808; _ga_7ZV6JMX8Q2=GS1.1.1659514807.1.1.1659514928.0; _ga=GA1.1.783072166.1659514808; ZNPCQ003-32313900=b5d03b69; AAAA03802d6ade=AQAAAAAAAABKSmhIZ+uxqHYJVfN0qf6X; YII_CSRF_TOKEN=S1J1UTNjbWU4djNsUE9MQ2xMYnBTamhoS2gxYWJCVUx8sPNOM-QSVTLr0lWD1NgV4np3cDA1NagBkSIv5n2mhw%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
DNT: 1
Sec-GPC: 1
TE: trailers

php-fpm www.conf :
php_value[session.save_handler] = redis
php_value[session.save_path]    = 'tcp://redis-standalone:6379?database=0&auth=somepass'
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache

interesting is that I have a long wait time of more then 100ms when I login with the get index and  post login from the admin site... (see screenshots)

I installed it initially via webinstaller without troubles, but when I now rename the config.php the webinstaller won't let me further because LS has no clue about the redis server .. (see screenshot)

redis is up and running and I can connect to it from the LS pod via redis-cli and there are  keys regarding to LS too: f.e:
"a:2:{i:0;a:2:{i:0;a:19:{i:0;O:8:\"CUrlRule\":16:{s:9:\"urlSuffix\";N;s:13:\"caseSensitive\";N;s:13:\"defaultParams\";a:0:{}s:10:\"matchValue\";N;s:4:\"verb\";N;s:11:\"parsingOnly\";b:0;s:5:\"route\";s:51:\"survey/index/sid/<_sid>/lang/<_lang>/token/<_token>\";s:10:\"references\";a:3:{s:4:\"_sid\";s:6:\"<_sid>\";s:5:\"_lang\";s:7:\"<_lang>\";s:6:\"_token\";s:8:\"<_token>\";}s:12:\"routePattern\";s:90:\"/^survey\\/index\\/sid\\/(?P<_sid>\\d+)\\/lang\\/(?P<_lang>\\w+[-\\w]+)\\/token\\/(?P<_token>\\w+)$/u\";s:7:\"pattern\";s:68:\"/^(?P<_sid>\\d+)\\/lang\\-(?P<_lang>\\w+[-\\w]+)\\/tk\\-(?P<_token>\\w+)\\//u\";s:8:\"template\";s:31:\"<_sid>/lang-<_lang>/tk-<_token>\";s:6:\"params\";a:0:{}s:6:\"append\";b:1;s:11:\"hasHostInfo\";b:0;s:14:\"........

thanks for your help!
jim

EDIT 1: when changing from urlFormat' => 'path', to urlFormat' => 'get' the index.php?r=admin/authentication/sa/login redirects me to the admin site but the login attempt ends up also with a 302...

EDIT 2: my header settings:
Spec:                                                                                                   │
│   Headers:                                                                                              │
│     Browser Xss Filter:    true                                                                         │
│     Content Type Nosniff:  true                                                                         │
│     Force STS Header:      true                                                                         │
│     Frame Deny:            true                                                                         │
│     Ssl Proxy Headers:                                                                                  │
│       X - Forwarded - Proto:  https                                                                     │
│     Ssl Redirect:             true                                                                      │
│     Ssl Temporary Redirect:   true                                                                      │
│     Sts Include Subdomains:   true                                                                      │
│     Sts Preload:              true                                                                      │
│     Sts Seconds:              315360000   



 

I don't use LimeSurvey in a comparable environment. I don't use redis, so my debugging skills will not help you that much.

config.php
Change path in 'urlFormat' => 'path', to 'get" for a try.

Cache Redisdatabase.
Is 'database'=>0, correct?
Could it be a higher number?

Hi jelo,
i tried it with "get" and got also a 302
database 0 is correct, LS is writing some data to it.... so I don't think it is a redis issue.
do you have some other suggestions? I'll try it nginx maybe a bit later.

Problem solved! Thanks for the hints! the problem was within the php-fpm redis module.