15424: Limesurvey in virtual folder - css and js ok but any form action URL is wrong

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

15424	Bug reports	Installation	public	2019-10-18 23:34	2021-02-03 18:50

Reporter	jaybeede	Assigned To	cdorin
Priority	none	Severity	partial_block
Status	closed	Resolution	fixed

Summary	15424: Limesurvey in virtual folder - css and js ok but any form action URL is wrong
Description	Hi, I'm trying to install limesurvey in a Docker container. For that I'm trying to create a limesurvey Docker image from alpine 3.7 with nginx. So you have 3 containers involved here: (container A) : myqsl container official image (container B) : limesurvey container (image I have built) with php7 and nginx as web server. This container is linked to mysql container. (container C) : web proxy container nginx official image. This container is linked with several other applications (front-ends) and actually provides successfully access to theses applications, from one single domain. This container acts as a reverse proxy (HTTPS till there) to some sub-paths. So you actually have something like : https://my-domain.com/ -> blog https://my-domain.com/racktables/ -> racktables applications https://my-domain.com/app1/ -> app 1 https://my-domain.com/app2/ -> app 2 etc. What I'm trying to do is to add https://my.example.com/limesurvey/ for the limesurvey application here.
Steps To Reproduce	So I have added the link to this new limesurvey container and edited the entry in the nginx reverse proxy container configuration (see configuration after). In the limesurvey container, I have temporary edited the file /var/www/html/limesurvey/application/config/config-defaults.php for the installation process in order to get the css and js working. The problem was that any form action url was wrongly recirecting to https://my.example.com/index.php?r=installer/welcome (for exemple) instead of https://my.example.com/limesurvey/index.php?r=installer/welcome. Since it was only the install process that I will automate in the future, it didn't matter for me to manually edit the HTML (each page) with the web browser devtools. Once installed, I have changed back the changes done in /var/www/html/limesurvey/application/config/config-defaults.php edited the URL related settings in the newly created file /var/www/html/limesurvey/application/config/config.php (see after) So now the problem with the form action URL is still there : I can for example successfully login to the backoffice, but I still need to manually edit the HTML before clicking the "Log in" button. Indeed the problem is still there : redirect to the wrong url : `<form id='loginform' name='loginform' action='/index.php?r=admin/authentication/sa/login' method='post'>` instead of `<form id='loginform' name='loginform' action='/limesurvey/index.php?r=admin/authentication/sa/login' method='post'>` How can I definitively configure that? What is the best way to configure that? container B's nginx configuration? container C's nginx configuration? Limesurvey configuration? Yii Framework configuration? Thank for your help!
Additional Information	Here is the /var/www/html/limesurvey/application/config/config.php file content : <?php if (!defined('BASEPATH')) exit('No direct script access allowed'); return array( 'components' => array( 'db' => array( // my secret DB settings here... ), 'urlManager' => array( 'urlFormat' => 'get', 'rules' => array( // You can add your own rules here ), 'showScriptName' => true, ), 'request' => array( 'baseUrl' => '/limesurvey/', ), ), 'config'=>array( 'debug'=>0, 'debugsql'=>0, // Set this to 1 to enanble sql logging, only active when debug = 2 'mysqlEngine' => 'MYISAM', 'publicurl' => 'https://my-domain.com/limesurvey', 'rooturl' => 'https://my-domain.com/limesurvey' ) ); /* End of file config.php / / Location: ./application/config/config.php / Here is the nginx reverse proxy configuration (container C)* : /etc/nginx/nginx.conf events { worker_connections 4096; } http { upstream service-app1 { server app1-ui:80; } upstream service-app2 { server app2-ui:8080; } upstream service-app3 { server app3-ui:8080; } upstream service-blog { server blog-ui:80; } upstream service-racktables { server racktables-ui:80; } upstream service-limesurvey { server limesurvey-test:80; } server { listen 80; listen [::]:80; server_name my-domain.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name my-domain.com; error_log /var/log/nginx/my-domain.com-error.log; access_log /var/log/nginx/my-domain.com-access.log; ssl_certificate /etc/nginx/ssl/my-domain.com.crt; ssl_certificate_key /etc/nginx/ssl/my-domain.com.key; ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL'; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/ssl/dhparam2048.pem; ssl_ecdh_curve secp384r1; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 10s; server_tokens off; location / { proxy_pass http://service-blog; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header Host $host; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; } location /app3 { proxy_buffering off; proxy_pass http://service-app3; } location /app2 { proxy_pass http://service-app2; } location /app1/ { rewrite ^(app1)$ $1/ permanent; proxy_pass http://service-app1; } location /racktables/ { proxy_pass http://service-racktables/; proxy_redirect http://$host/ /racktables/; proxy_set_header Host $host; } location /limesurvey/ { proxy_pass http://service-limesurvey/; proxy_redirect http://$host/ /limesurvey/; proxy_set_header Host $host; } location /.well-known/acme-challenge { root /var/www; } location = /50x.html { root /var/www/errors; } location = /40x.html { root /var/www/errors; } } } Here is the nginx server configuration in the limesurvey container (container B) : /etc/nginx/nginx.conf user www; worker_processes auto; # it will be determinate automatically by the number of core #pid /var/run/nginx/nginx.pid; # it permit you to use /etc/init.d/nginx reload\|restart\|stop\|start events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 3000; server { listen 80; root /var/www/html/limesurvey; index index.html index.htm index.php; server_name localhost; error_log /var/log/nginx/error.log warn; access_log /var/log/nginx/access.log; client_max_body_size 32m; error_page 500 502 503 504/50x.html; location = /50x.html { root /var/lib/nginx/html; } location / { try_files $uri $uri/ /limesurvey/index.php?r=$uri&$args; location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } } } }
Tags	No tags attached.

Bug heat	6
Complete LimeSurvey version number (& build)	4.0.0-RC1
I will donate to the project if issue is resolved	No
Browser	Google Chrome 77.0.3865.120 (64 bits)
Database type & version	mysql 5.7
Server OS (if known)	alpine 3.7
Webserver software & version (if known)	nginx 1.12.2-r4
PHP Version	php 7.1

User List	jaybeede

jaybeede 2019-10-18 23:38 reporter ~54101	Sorry for the formatting I don't know how to edit the ticket...

DenisChenu 2019-10-19 09:59 developer ~54102	You can use markdown :) You don't have edit ? I do it (for code)

DenisChenu 2019-10-19 10:02 developer ~54103	4.0.0-RC1 ? Think it's best to use 3.19 for such setup. Use a stable version for checking config before make it for unstable …

jaybeede 2019-10-19 11:58 reporter ~54106	Yes I could neither preview before submitting nor edit once submitted. Thank you for the formatting. Regarding the version, there are several plateform to download limesurvey... That's probably why I don't have the correct version. During the build process, limesurvey is downloaded from GitHub with the following command: curl -s -H "application/vnd.github.baptiste-preview+json" "https://api.github.com/repos/LimeSurvey/LimeSurvey/tags" \| jq 'map(select(.name == "remove" or .name == "list" or (.name \| contains ("beta")) or (.name \| contains ("alpha")) \| not)) \| .[].tarball_url' --raw-output https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/Release4.0.0-RC1+190509 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/4.0.0-RC4+190930 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/4.0.0-RC3+190807 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/4.0.0-RC2+190723 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.19.1+191009 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.19.0+191008 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.18.0+190923 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.17+190918 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.16+190906 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.15+190903 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.14+190902 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.13+190824 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.12+190823 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.11+190822 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.10+190821 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.9+190731 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.8+190722 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.7+190627 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.6+190624 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.5+190604 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.4+190529 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.3+190429 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.1+190408 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.17.0+190402 https://api.github.com/repos/LimeSurvey/LimeSurvey/tarball/3.16.1+190314 As you can see, it uses the tags URL and not the release URL from GitHub since there are no releases on GitHub repo... Anyway, is GitHub the correct repo for stable releases? Doesn't look like... I need a way to automatically find the latest version URL and then download it over wget. What is the correct way to be able determine the URL of the latest stable release to download programatically?

DenisChenu 2019-10-19 12:07 developer ~54107	Personally i use git master … But : https://bugs.limesurvey.org/view.php?id=15409 But stilla : about original issue : best is to manually check with 3.19.1+191009

jaybeede 2019-10-19 12:13 reporter ~54108	For example the latest official stable release (version 3.19.2+191017) can be downloaded from here: https://www.limesurvey.org/stable-release?download=2681:limesurvey3192%20191017zip This doesn't work for me since I cannot guess via an API the URL from the version as input... Furthermore, without any API, I would appreciate to have a fixed URL to always get the latest stable release such as https://www.limesurvey.org/stable-release?download=latest

DenisChenu 2019-10-19 12:14 developer ~54109	This is NOT related to the original issue Please : one issue by issue report …

jaybeede 2019-10-19 12:19 reporter ~54110	Yes you are right. I will test it by temporarily changing the code of the dockerfile to a fixed URL and come back to you regarding the initial issue : form action url wrong in a virtual folder configuration.

DenisChenu 2019-10-19 17:07 developer ~54111	Else, LimeSurvey use Yii https://github.com/yiisoft/yii/blob/master/framework/web/CHttpRequest.php#L340 https://github.com/yiisoft/yii/blob/master/framework/web/CHttpRequest.php#L396 and getScriptUrl Then you can set some PHP SERVER value in your nginx config …

jaybeede 2019-10-20 22:35 reporter ~54117	Similar to: https://bugs.limesurvey.org/view.php?id=5342 https://bugs.limesurvey.org/view.php?id=4390

jaybeede 2019-10-20 23:15 reporter ~54118	In the nginx server configuration in the limesurvey container (container B), I have made some changes in order to change the behaviour of some $_SERVER values. I have changed the section "location ~ .php$" to: `include fastcgi.conf; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param REQUEST_URI /limesurvey$request_uri; fastcgi_param HOME /limesurvey/;` So now I get the following values when I visit https://my-domain.com/limesurvey/index.php?r=admin/authentication/sa/login, this is the var_dump of the $_SERVER array: array(37) { ["USER"]=> string(6) "nobody" ["HOME"]=> string(12) "/limesurvey/" ["HTTP_COOKIE"]=> string(145) "PHPSESSID=ersjrsusk12gg93god1vbf3982; YII_CSRF_TOKEN=UX5BUmM0Q1RyQmpwVmNOZmhudmc5NW5uUE9rcVJpNG0cQ8a0FTMa-PuTMb2E0OtN2QRd9RVzGcLMNaQo_LIiuA%3D%3D" ["HTTP_ACCEPT_LANGUAGE"]=> string(44) "fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.6" ["HTTP_ACCEPT_ENCODING"]=> string(17) "gzip, deflate, br" ["HTTP_SEC_FETCH_SITE"]=> string(10) "cross-site" ["HTTP_ACCEPT"]=> string(118) "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3" ["HTTP_SEC_FETCH_USER"]=> string(2) "?1" ["HTTP_SEC_FETCH_MODE"]=> string(8) "navigate" ["HTTP_USER_AGENT"]=> string(115) "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36" ["HTTP_UPGRADE_INSECURE_REQUESTS"]=> string(1) "1" ["HTTP_DNT"]=> string(1) "1" ["HTTP_CONNECTION"]=> string(5) "close" ["HTTP_HOST"]=> string(23) "my-domain.com" ["REDIRECT_STATUS"]=> string(3) "200" ["SERVER_NAME"]=> string(9) "localhost" ["SERVER_PORT"]=> string(2) "80" ["SERVER_ADDR"]=> string(11) "172.17.0.13" ["REMOTE_PORT"]=> string(5) "47552" ["REMOTE_ADDR"]=> string(11) "172.17.0.12" ["SERVER_SOFTWARE"]=> string(12) "nginx/1.12.2" ["GATEWAY_INTERFACE"]=> string(7) "CGI/1.1" ["REQUEST_SCHEME"]=> string(4) "http" ["SERVER_PROTOCOL"]=> string(8) "HTTP/1.0" ["DOCUMENT_ROOT"]=> string(24) "/var/www/html/limesurvey" ["DOCUMENT_URI"]=> string(10) "/index.php" ["REQUEST_URI"]=> string(53) "/limesurvey/index.php?r=admin/authentication/sa/login" ["SCRIPT_NAME"]=> string(10) "/index.php" ["CONTENT_LENGTH"]=> string(0) "" ["CONTENT_TYPE"]=> string(0) "" ["REQUEST_METHOD"]=> string(3) "GET" ["QUERY_STRING"]=> string(31) "r=admin/authentication/sa/login" ["SCRIPT_FILENAME"]=> string(34) "/var/www/html/limesurvey/index.php" ["FCGI_ROLE"]=> string(9) "RESPONDER" ["PHP_SELF"]=> string(10) "/index.php" ["REQUEST_TIME_FLOAT"]=> float(1571605167.8087) ["REQUEST_TIME"]=> int(1571605167) }

jaybeede 2019-10-20 23:19 reporter ~54119	I think the issue comes from `PHP_SELF`. How can I configure it in order to add the /limesurvey prefix?

jaybeede 2019-10-20 23:21 reporter ~54120	Does it have something to deal with the cgi.fix-pathinfo flag in the php.ini config?

jaybeede 2019-10-30 23:08 reporter ~54289	Hi, Thank you DenisChenu for your suggestion regarding the framework. In addition to the previous changes, I could get the form action URL working for latest stable version, but with the following hotfix in the Yii framework: File framework/web/CHttpRequest.php, in the getScriptUrl function at line 438: replace `public function getScriptUrl() ... return $this->_scriptUrl;` by `public function getScriptUrl() ... return "/limesurvey".$this->_scriptUrl;`

jaybeede 2019-10-30 23:09 reporter ~54290	Of course " is the quote iteself!

jaybeede 2019-10-30 23:09 reporter ~54291	SOLVED

Date Modified	Username	Field	Change
2019-10-18 23:34	jaybeede	New Issue
2019-10-18 23:37	jaybeede	Issue Monitored: jaybeede
2019-10-18 23:38	jaybeede	Note Added: 54101
2019-10-19 09:59	DenisChenu	Note Added: 54102
2019-10-19 10:01	DenisChenu	Description Updated
2019-10-19 10:01	DenisChenu	Steps to Reproduce Updated
2019-10-19 10:01	DenisChenu	Additional Information Updated
2019-10-19 10:01	DenisChenu	Complete LimeSurvey version number (& build)	$config['versionnumber'] ='4.0.0-RC1'; $config['dbversionnumber'] = 418; $config['buildnumber'] = ''; $config['updatable'] = true; $config['assetsversionnumber'] = '30090'; => 4.0.0-RC1
2019-10-19 10:02	DenisChenu	Note Added: 54103
2019-10-19 11:58	jaybeede	Note Added: 54106
2019-10-19 12:07	DenisChenu	Note Added: 54107
2019-10-19 12:13	jaybeede	Note Added: 54108
2019-10-19 12:14	DenisChenu	Note Added: 54109
2019-10-19 12:19	jaybeede	Note Added: 54110
2019-10-19 17:07	DenisChenu	Note Added: 54111
2019-10-20 22:35	jaybeede	Note Added: 54117
2019-10-20 23:15	jaybeede	Note Added: 54118
2019-10-20 23:19	jaybeede	Note Added: 54119
2019-10-20 23:21	jaybeede	Note Added: 54120
2019-10-30 23:08	jaybeede	Note Added: 54289
2019-10-30 23:09	jaybeede	Note Added: 54290
2019-10-30 23:09	jaybeede	Note Added: 54291
2021-02-03 18:50	cdorin	Assigned To	=> cdorin
2021-02-03 18:50	cdorin	Status	new => closed
2021-02-03 18:50	cdorin	Resolution	open => fixed

View Issue Details

Users monitoring this issue

Activities

Issue History