Hi Jelo and thank you very much for your answer!
I thought it might be userfull to adding some extra info of my setup.
config.php:
cat > @@APPDIR@@/application/config/config.php << EOF<?phpif (!defined('BASEPATH')) {exit('No direct script access allowed');}return array('components' => array('db' => array('connectionString' => 'pgsql:host=$,'emulatePrepare' => true,'username' => '$(cat /secret/pg-secret/user)','password' => '$(cat /secret/pg-secret/password)','charset' => 'utf8','tablePrefix' => 'lime_',),'session' => array('sessionName' => 'limesurvey', ),'urlManager' => array('urlFormat' => 'path','rules' => array(// You can add your own rules here),'showScriptName' => true,), 'assetManager' => array('basePath' => '@@APPDIR@@/tmp/assets',),'request'=>array('csrfCookie'=>;(object)array('domain'=>'mysurvey.server','path' => '/',)),'cache' => array('class' => 'CRedisCache','hostname' => '$(cat /secret/redis-secret/host)','port' => 6379,'database' => 0,'password' => '$(cat /secret/redis-secret/password)','options' => STREAM_CLIENT_CONNECT,)),'config'=>array('debug' => ${DEBUG:-2},'debugsql' => ${DEBUG:-1}, // Set this to 1 to enanble sql logging, only active when debug = 2'updatable' => false,'uploaddir' => '@@APPDIR@@/upload','tempdir' => '@@APPDIR@@/tmp','usertemplaterootdir'=>'@@APPDIR@@/upload/templates'),);
apache config:
ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/run/php-fpm/www.sock|fcgi://127.0.0.1:9000/var/www/LIMESURVEY
ProxyPreserveHost on
Alias /upload "/var/www/LIMESURVEY/upload"
Alias /tmp "/var/www/LIMESURVEY/tmp"
Alias /third_party "/var/www/LIMESURVEY/third_party"
Alias /scripts "/var/www/LIMESURVEY/scripts"
Alias /styles "/var/www/LIMESURVEY/styles"
Alias /styles-public "/var/www/LIMESURVEY/styles-public"
Alias /installer "/var/www/LIMESURVEY/installer"
Alias /templates "/var/www/LIMESURVEY/templates"
Alias /images "/var/www/LIMESURVEY/images"
Alias /themes "/var/www/LIMESURVEY/themes"
Alias /assets "/var/www/LIMESURVEY/assets"
<Proxy unix:/run/php-fpm/www.sock>
Require all granted
</Proxy>
<Proxy fcgi://127.0.0.1:9000>
Require all granted
</Proxy>
<Directory /var/www/LIMESURVEY>
AllowOverride All
Require all granted
</Directory>
<Directory ~ ^/var/www/LIMESURVEY/application/(config|logs)>
Require all denied
</Directory>
ServerAdmin serveradmin@myserver
ServerName mysurvey.server
DocumentRoot /var/www/LIMESURVEY
LogLevel trace5
RewriteEngine on
# RewriteOptions inherit
# RewriteRule ^/$ /index.php [R,L]
RewriteRule ^/login$
mysurvey.server/index.php?r=admin/authentication/sa/login
[NC,R,L]
ErrorLog /var/log/httpd/mysurvey-error_log
CustomLog /var/log/httpd/myserver-access_log combined
.htaccess is left untouched.
the index.php?r=admin/authentication/sa/login doesn't achieve anything. I'm landing on the survey page and not in the login area...
request and respond header:
Respond_header:
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
date: Thu, 04 Aug 2022 05:19:04 GMT
location:
mysurvey.server/index.php/admin/index
server: Apache
set-cookie: YII_CSRF_TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; SameSite=Lax
set-cookie: YII_CSRF_TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; SameSite=Lax
strict-transport-security: max-age=315360000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: DENY
x-powered-by: PHP/8.0.22
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
Request Header:
POST /index.php/admin/authentication/sa/login HTTP/2
Host: mysurvey.server
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 222
Origin:
mysurvey.server
Connection: keep-alive
Referer:
mysurvey.server/index.php/admin/authentication/sa/login
Cookie: _gcl_au=1.1.1030608996.1659514808; _ga_7ZV6JMX8Q2=GS1.1.1659514807.1.1.1659514928.0; _ga=GA1.1.783072166.1659514808; ZNPCQ003-32313900=b5d03b69; AAAA03802d6ade=AQAAAAAAAABKSmhIZ+uxqHYJVfN0qf6X; YII_CSRF_TOKEN=S1J1UTNjbWU4djNsUE9MQ2xMYnBTamhoS2gxYWJCVUx8sPNOM-QSVTLr0lWD1NgV4np3cDA1NagBkSIv5n2mhw%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
DNT: 1
Sec-GPC: 1
TE: trailers
php-fpm
www.conf
:
php_value[session.save_handler] = redis
php_value[session.save_path] = 'tcp://redis-standalone:6379?database=0&auth=somepass'
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
interesting is that I have a long wait time of more then 100ms when I login with the get index and post login from the admin site... (see screenshots)
I installed it initially via webinstaller without troubles, but when I now rename the config.php the webinstaller won't let me further because LS has no clue about the redis server .. (see screenshot)
redis is up and running and I can connect to it from the LS pod via redis-cli and there are keys regarding to LS too: f.e:
"a:2:{i:0;a:2:{i:0;a:19:{i:0;O:8:\"CUrlRule\":16:{s:9:\"urlSuffix\";N;s:13:\"caseSensitive\";N;s:13:\"defaultParams\";a:0:{}s:10:\"matchValue\";N;s:4:\"verb\";N;s:11:\"parsingOnly\";b:0;s:5:\"route\";s:51:\"survey/index/sid/<_sid>/lang/<_lang>/token/<_token>\";s:10:\"references\";a:3:{s:4:\"_sid\";s:6:\"<_sid>\";s:5:\"_lang\";s:7:\"<_lang>\";s:6:\"_token\";s:8:\"<_token>\";}s:12:\"routePattern\";s:90:\"/^survey\\/index\\/sid\\/(?P<_sid>\\d+)\\/lang\\/(?P<_lang>\\w+[-\\w]+)\\/token\\/(?P<_token>\\w+)$/u\";s:7:\"pattern\";s:68:\"/^(?P<_sid>\\d+)\\/lang\\-(?P<_lang>\\w+[-\\w]+)\\/tk\\-(?P<_token>\\w+)\\//u\";s:8:\"template\";s:31:\"<_sid>/lang-<_lang>/tk-<_token>\";s:6:\"params\";a:0:{}s:6:\"append\";b:1;s:11:\"hasHostInfo\";b:0;s:14:\"........
thanks for your help!
jim
EDIT 1: when changing from urlFormat' => 'path', to urlFormat' => 'get' the index.php?r=admin/authentication/sa/login redirects me to the admin site but the login attempt ends up also with a 302...
EDIT 2: my header settings:
Spec: │
│ Headers: │
│ Browser Xss Filter: true │
│ Content Type Nosniff: true │
│ Force STS Header: true │
│ Frame Deny: true │
│ Ssl Proxy Headers: │
│ X - Forwarded - Proto: https │
│ Ssl Redirect: true │
│ Ssl Temporary Redirect: true │
│ Sts Include Subdomains: true │
│ Sts Preload: true │
│ Sts Seconds: 315360000