Plesk Onyx Server Nginx setup

More
3 months 5 days ago #181967 by marcgold
Hi,

Were running a Plesk Onyx 17.8 Server and have switched to Nginx server rather than use the Apache. On the plus side performance is significantly better and generally the setup works really well.

We have had one small issue and not sure if this is a bug or a configuration issue and would appreciate if anyone else can shed some light on this.

Under Survey Responses: the first two Buttons View Survey Response and View as PDF both return a Nginx 404 page not found error

This is my current Nginx.conf file with sensitive details ***

server {
listen **.**.**.**:80;

server_name ****;
server_name ****;
server_name ****;

client_max_body_size 128m;

proxy_read_timeout 3000;

root "/var/www/vhosts/***/***";
access_log "/var/www/vhosts/system/***/logs/proxy_access_log";
error_log "/var/www/vhosts/system/***/logs/proxy_error_log";

#extension letsencrypt begin
location ~ ^/\.well-known/acme-challenge/ {
root /var/www/vhosts/default/htdocs;

types { }
default_type text/plain;

satisfy any;
auth_basic off;
allow all;

location ~ ^/\.well-known/acme-challenge.*/\. {
deny all;
}
}
#extension letsencrypt end

location ~ ^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
return 301 https://$host$request_uri;
}

location @fallback {
return 404;
}

location ~ ^/(.*\.(ac3|avi|bmp|bz2|css|cue|dat|doc|docx|dts|eot|exe|flv|gif|gz|htm|html|ico|img|iso|jpeg|jpg|js|mkv|mp3|mp4|mpeg|mpg|ogg|pdf|png|ppt|pptx|qt|rar|rm|svg|swf|tar|tgz|ttf|txt|wav|woff|woff2|xls|xlsx|zip))$ {
try_files $uri @fallback;
}

location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
alias /var/www/vhosts/****/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/****/php-fpm.sock";
include /etc/nginx/fastcgi.conf;

}

location ~ \.php(/.*)?$ {
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/****/php-fpm.sock";
include /etc/nginx/fastcgi.conf;

}

location ~ /$ {
index "index.html" "index.cgi" "index.pl" "index.php" "index.xhtml" "index.htm" "index.shtml";
}

add_header X-Powered-By PleskLin;

location / {
index index.php index.htm;
try_files $uri $uri/ /index.php?$args;
}
}
Attachments:

Please Log in or Create an account to join the conversation.

LimeSurvey Partners
More
3 months 4 days ago #181977 by marcgold
Just updated the Additional Nginx directives to fully include the rewrite rules so from ...location / {... onwards now reads.

location / {
index index.php index.htm;
try_files $uri $uri/ /index.php?$args;
if (!-e $request_filename){
rewrite ^(.*)$ /index.php;
}
}
location ~ 403 {
rewrite ^(.*)$ ^/(?!\.well-known/)(.*/)?\.+ redirect;
}

location ~ /\.well-known {
}

location ~ ^/(.*/)?\.+ {
return 403;
}

This did not fix things.

But, changing the setting in config.php to showScriptName' => true, (ie turning of clean URLS, then the problem goes away.

So this is definitely something to with the re-write rules.
Can anyone please provide the correct syntax for the nginx.conf to make this work.

Thanks

Marc

Please Log in or Create an account to join the conversation.

More
3 months 4 days ago #181983 by jelo
Replied by jelo on topic Plesk Onyx Server Nginx setup
What version of LimeSurvey is used?

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users

Please Log in or Create an account to join the conversation.

More
3 months 4 days ago #181990 by DenisChenu

marcgold wrote: …

So this is definitely something to with the re-write rules.
Can anyone please provide the correct syntax for the nginx.conf to make this work.

I like to have one ;)

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in or Create an account to join the conversation.

More
3 months 4 days ago #182001 by marcgold

jelo wrote: What version of LimeSurvey is used?


Hi Jelo,

Current Version 3.16.1+190314

It's the weirdest thing as everything else works really well, its blisteringly fast.
The Production Server is Centos 6.1, I have spun up a Centos 7 with the same version of Plesk but the Apache / Nginx will be later versions so will report back later if this changes anything.

Marc

Please Log in or Create an account to join the conversation.

More
3 months 4 days ago - 3 months 4 days ago #182005 by jelo
Replied by jelo on topic Plesk Onyx Server Nginx setup

marcgold wrote: It's the weirdest thing as everything else works really well, its blisteringly fast.

CentOS7 makes more sense since CentOS6 is near EOL. But it's not causing this issue.
The NGINX+Apache combination in Plesk is not that often tested with LimeSurvey.
LimeSurvey.org uses pure NGINX. Other use Apache or Apache with PHP-FPM.

So we have three different files for rewriting URLs
htaccess (Apache) shipped with LS
.user.ini (PHP-FPM) could be shipped with LS
nginx.conf (NGINX) manual work needed

I'm not using NGINX, so debugging is a bit difficult for me.

You might check your NGINX rules against the current htaccess rules via a converter.
www.winginx.com/en/htaccess

Can you examine the nonfancy URLs these broken buttons are using?

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Last edit: 3 months 4 days ago by DenisChenu. Reason: Fix quote

Please Log in or Create an account to join the conversation.

More
3 months 4 days ago #182047 by DenisChenu
@marcgold : there are some in browse response else construction of url is near same … than edit url

Edit url (GET format) : ?r=admin/dataentry/sa/editdata/subaction/edit&surveyid=222725&id=1&browselang=
View url (GET format) : r=admin/responses/sa/view&surveyid=222725&id=1&browselang=

Edit url (PATH without index) : /admin/dataentry/sa/editdata/subaction/edit/surveyid/953474/id/2/browselang
View url (PATH without index) : /admin/responses/sa/view/surveyid/953474/id/2/browselang/

Realy strange if edit work and not view …

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in or Create an account to join the conversation.

More
3 months 2 days ago #182182 by marcgold

jelo wrote:

marcgold wrote: It's the weirdest thing as everything else works really well, its blisteringly fast.

CentOS7 makes more sense since CentOS6 is near EOL. But it's not causing this issue.
The NGINX+Apache combination in Plesk is not that often tested with LimeSurvey.
LimeSurvey.org uses pure NGINX. Other use Apache or Apache with PHP-FPM.

So we have three different files for rewriting URLs
htaccess (Apache) shipped with LS
.user.ini (PHP-FPM) could be shipped with LS
nginx.conf (NGINX) manual work needed

I'm not using NGINX, so debugging is a bit difficult for me.

You might check your NGINX rules against the current htaccess rules via a converter.
www.winginx.com/en/htaccess

Can you examine the nonfancy URLs these broken buttons are using?


Hi Jelo,

I am unfamiliar with .user.ini so if you have any more info on this file I can troubleshoot from there.
I have already converted the .htaccess rules to Nginx compatible ones and generally these seem to be working properly.

I have examined the non fancy URLs and the results are below but I agree with @DenisChenu this is very weird as the edit URL's are very similar in construct to the view URL's which work without an issue.

View Individual Result:

In Config.php urlManager => URLFormat => “Path” ShowScriptName = True
https://<<DOMAIN NAME>>/index.php/admin/responses/sa/view/surveyid/2723/id/1/browselang/ WORKS

In Config.php urlManager => URLFormat => “Get” ShowScriptName = True
https://<<DOMAIN NAME>>/index.php?r=admin/responses/sa/view&surveyid=2723&id=1&browselang= WORKS

In Config.php urlManager => URLFormat => “Get” ShowScriptName = False
https://<<DOMAIN NAME>>/?r=admin/responses/sa/view&surveyid=2723&id=1&browselang= WORKS

In Config.php urlManager => URLFormat => “Path” ShowScriptName = False
https://<<DOMAIN NAME>>/admin/responses/sa/view/surveyid/2723/id/1/browselang/ NOT WORKING

Edit Individual Response

In Config.php urlManager => URLFormat => “Path” ShowScriptName = False
https://<<DOMAIN NAME>>/admin/dataentry/sa/editdata/subaction/edit/surveyid/2723/id/1/browselang WORKS

Please Log in or Create an account to join the conversation.

More
3 months 2 days ago #182200 by DenisChenu
And delete url can be worst since it send GET and POST value …

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in or Create an account to join the conversation.

More
3 months 1 day ago #182208 by marcgold

DenisChenu wrote: And delete url can be worst since it send GET and POST value …


Interestingly, Delete actually works without issue.

I have actually deployed a brand new install of the latest release onto a Centos 7 Running plesk, Nginx & PHP7.3 PHP-FPM
The problem still persists :(

However I have just tested this on Limesurvey Professional (Hosted) and it works. I believe @Jelo stated that this is also running on Nginx pure. This works as it should and is definately using URL > Path and ShowScript > False.

Therefore Im pretty convinced this is a config issue and not a bug. Do you have access to this environment and possibly share the Nginx configs responsible for the rewrites needed to make this work.

Marc

Please Log in or Create an account to join the conversation.

More
3 months 1 day ago #182211 by holch
Replied by holch on topic Plesk Onyx Server Nginx setup
Most of us here in the forum are volunteers that help to support the CE edition of Limesurvey, so as far as I know Jelo and Denis don't have access to Limesurvey Pro.

You would need to get in touch with the Limesurvey GmbH via "Support" in the top navigation or hope that someone from their team (cdorin seems to be quite active in the forum lately, haven't seen anyone else in the last weeks) will stumble upon this thread.

I'm not a LimeSurvey GmbH member. I answer at the LimeSurvey forum in my spare time. No support via private message.
Some helpful links: Manual (EN) | Question Types | Workarounds

Please Log in or Create an account to join the conversation.

More
3 months 1 day ago #182218 by DenisChenu
You can use irc too, cdorin answer and sometimes call Louis Or Markus

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .
The following user(s) said Thank You: marcgold

Please Log in or Create an account to join the conversation.

More
2 months 4 weeks ago #182251 by marcgold
Thanks everyone and support for all your help. I have now fixed the issue and am sharing the answers.

This is specifically to Servers running Plesk Onyx 17.8. It may work with other versions and below may help steer others incase they run into similar issues.

Plesk manages its nginx.conf configurations internally. If you attempt to change anything, Plesk will just rewrite the file back.

So firstly The correct place to put this is in the Advance Nginx Directive under the correct webspace in Plesk Onyx.

The syntax that I had in that file was incorrect - you can view it above.

The Correct syntax does not need the location / directive.
Then the important part that handles the rewrites site wide is.

try_files $uri $uri/ /index.php?q=$uri&$args;

But this alone does not fix the problem that the display response & display as PDF links in Show results gives a 404 error. To fix this add the following directly under the try_files directive.

if (!-e $request_filename){
rewrite ^(.*)$ /index.php;
}


So the full syntax adding the additional security elements / converted apache .htaccess reads:

try_files $uri $uri/ /index.php?q=$uri&$args;
if (!-e $request_filename){
rewrite ^(.*)$ /index.php;
}

location ~ ^/(protected|framework|themes/\w+/views) {
deny all;
}

location ~ 403 {
rewrite ^(.*)$ ^/(?!\.well-known/)(.*/)?\.+ redirect;
}

location ~ /\.well-known {
}

location ~ ^/(.*/)?\.+ {
return 403;
}


Marc
Limesurvey 3.16.1, Plesk Onyx 17.8, Nginx
The following user(s) said Thank You: DenisChenu

Please Log in or Create an account to join the conversation.

More
2 months 4 weeks ago - 2 months 4 weeks ago #182255 by DenisChenu
Great !

Need an improvment : github.com/LimeSurvey/LimeSurvey/blob/ma...ad/surveys/.htaccess ;)

I try with
location ~ ^/master/upload/surveys/.*/fu_[a-z0-9]*$ {
                deny all;
        }

Else : protected must be replaced by application for limesurvey.


Since i'm on local (no .well-know needed) in a subdirectory :
This seems to work
location /master/ {
        index index.html index.htm index.php;
        try_files $uri $uri/ /index.php?r=$uri&$args;
        if (!-e $request_filename){
                rewrite ^(.*)$ /master/index.php;
        }
        location ~ ^/master/(application|framework|themes/\w+/views) {
                deny all;
        }
        location ~ location ~ ^/master/upload/surveys/.*/fu_[a-z0-9]*$ {
                deny all;
        }
        location ~ ^/master/(.*/)?\.+ {
                return 403;
        }
    }
I use r for uri since the default route param is r. It work too with q, didn't know exactly why.

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .
Last edit: 2 months 4 weeks ago by DenisChenu. Reason: Fix part for fu_ part

Please Log in or Create an account to join the conversation.

More
2 months 4 weeks ago - 2 months 4 weeks ago #182259 by DenisChenu
Another fix for autogenerated .htaccess in surveys/
location /master/ {
        index index.html index.htm index.php;
        try_files $uri $uri/ /index.php?r=$uri&$args;
        if (!-e $request_filename){
                rewrite ^(.*)$ /master/index.php;
        }
        location ~ ^/master/(application|docs|framework|themes/\w+/views) {
                deny all;
        }
        location ~ ^/master/upload/surveys/.*/fu_[a-z0-9]*$ {
                return 444;
        }
        location ~ ^/master/(.*/)?\.+ {
                return 403;
        }
        location ~* /master/upload/.*\.(pl|cgi|py|pyc|pyo|phtml|sh|lua|php|php3|php4|php5|php6|pcgi|pcgi3|pcgi4|pcgi5|pcgi6|icn)$
        {
                return 444;
        }
    }
Since i think it must be disable for all upload type : survey or theme or anything.

Throw a 444 : httpstatusdogs.com/444-no-response ? But can be a 403 too.

Edit : think we muist disable direct access to some third_party tools too
(and personnaly : i think direct acccess to plugins must be disable : plugins must use asset manager).

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .
Last edit: 2 months 4 weeks ago by DenisChenu.
The following user(s) said Thank You: marcgold

Please Log in or Create an account to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!