⚓ T274837 Deploy a cute LimeSurvey instance in Wikimedia Italia's infrastructure - aka no Google Form or Qualtrics please :)
- ️Tue Feb 16 2021
Preamble
Today in a Wikimania 2021 talk page I've tried to write down some reasons against Google Form (but also other stuff as well) plus additional notes in the Wikimedia Forum, both on Meta-wiki.
Some of these discussions against Google Form and similar proprietary tools:
- https://lists.wikimedia.org/pipermail/wikimedia-l/2021-February/096224.html
- https://meta.wikimedia.org/wiki/Talk:Wikimania_2021/Call_for_participation#Please_no_Google_Form
- https://meta.wikimedia.org/wiki/Wikimedia_Forum#Please_no_Google_Form_or_Google_Meet_or_whatever_proprietary_%3A%29_ask_us_how%21
Having said that, even if the problem could be well described, and even if solutions exist (also thanks to our volunteers) it's difficult to help: it's damn easy to diffuse a Google Form but it's damn hard to stop one without a good ready-for-use alternative.
In short, while trying to stop this trend at least by giving greater awareness of the problems ad described in the above discussions, we can try to be pro-active and to play ahead and provide sustainable and credible and simple technologies to everyone.
It seems that the Wikimedia Foundation tried to adopt the free software LimeSurvey in T109606: Re-evaluate Limesurvey but they failed because ~5 years ago LimeSurvey had serious security issues and they already had a contract with a proprietary solution called Qualtrics and as far as I understood they were (sic) happy with that.
In short this Task is related to the infrastructure of Wikimedia Italia. Because maybe WMI has more operating margin to quickly deploy a pilot solution and find out how it ends.
Having said that I noticed that nextCloud Forms and QuickSurvey are also nice candidates but LimeSurvey is really much more complete and advanced from a lot of points of view (multilingualism, accessibility, responsiveness, completeness of question types, settings, etc.).
Some years ago I saw LimeSurvey adopted in the Politecnico di Torino (source), also in use by the municipality of Torino, to do the most absurd questionnaires (some of them lasted up to 45 minutes (!) like a kind of competition to see who wastes more time and where everyone wins). This gives me the idea that, from a security point of view, it is not stupid to try to install a recent version of LimeSurvey.
Then I was able to further explore the LimeSurvey backend during the surveys for the 2020 Italian wiki conference online. I and my friend @Ferdi2005 were somehow really satisfied by this tool that now we would like to install it on any toaster.
Proposed solution
In short this Task is about toasting ehm installing LimeSurvey in the wmi-fabula webserver owned by Wikimedia Italia.
The related documentation will live here:
https://wiki.wikimedia.it/wiki/LimeSurvey
https://wiki.wikimedia.it/wiki/LimeSurvey/Technical_documentation
There was this (actually private - apologies) discussion to pick survey.wikimedia.it as cute sub-domain:
https://wiki.wikimedia.it/wiki/Talk:LimeSurvey
We can try to make WMI-LimeSurvey available to all applicants for purposes related to Wikimedia projects, possibly by tracking ideas and not people, for example by collecting feedback and not personal data, unless of course it is the registration form for some live event, or a list of Santa Claus etc.
To avoid to stop the project after a while, to ensure a certain turnover, it could be useful to do regular trainings, starting at least by some of the staff of Wikimedia Italia.
Let's hack with our GForm-killer ehm LimeSurvey.
Technical documentation
Here some technical stuff about our application:
https://wiki.wikimedia.it/wiki/LimeSurvey/Technical_documentation
Server intervention
This was less or more the intervention in the fabula.wikimedia.it server to deploy the application:
$ ssh boz@fabula.wikimedia.it $ sudo -i ... $ mkdir /var/www/limesurvey $ cd /var/www/limesurvey # https://community.limesurvey.org/downloads/ # Download LimeSurvey Community Edition stable version $ wget https://download.limesurvey.org/lts-releases/limesurvey3.25.13+210216.zip $ md5sum limesurvey3.25.13+210216.zip 0546f852c70e6bb1d93e40834128b667 limesurvey3.25.13+210216.zip $ sha1sum limesurvey3.25.13+210216.zip f84d5fc1325d3b1d1c57fbcdb3afc72c892e8d48 limesurvey3.25.13+210216.zip # get rid of temporary stuff $ rm limesurvey*.zip # give an useful name $ mv limesurvey limesurvey-3.25.13 # create a symbolic link to simplify updates $ ln --symbolic limesurvey-3.25.13 production # create a dedicated user for the PHP-FPM daemon $ adduser apache-limesurvey # harden the installation with a dedicated directory for PHP sessions $ mkdir -p /var/www/limesurvey/session # allow to write SOME directories $ cd production $ chown -R apache-limesurvey: application/config upload tmp /var/www/limesurvey/session # enable the http:// virtualhost $ cd /etc/httpd/conf.d/sites-enabled $ ln -s ../sites-available/it-wikimedia-survey-txt.conf $ apachectl configtest OK $ apachectl graceful # deploy a Let's Encrypt certificate $ certbot certonly --webroot --webroot-path=/var/www/limesurvey/production -d survey.wikimedia.it Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for survey.wikimedia.it Using the webroot path /var/www/limesurvey/production for all unmatched domains. Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/survey.wikimedia.it/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/survey.wikimedia.it/privkey.pem Your cert will expire on 2021-05-17. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le # enable the https:// virtualhost $ ln -s ../sites-available/it-wikimedia-survey-ssl.conf $ apachectl configtest OK $ apachectl graceful # install missing dependencies $ yum install rh-php73-php-imap
Then created a dedicated database:
mysql
$ CREATE DATABASE limesurvey; $ CREATE USER limesurvey@localhost IDENTIFIED BY '<omissis asd>'; $ GRANT ALL PRIVILEGES ON limesurvey.* TO limesurvey@localhost;
See also the related commits in rWIIN wikimedia-it-wmit-infrastructure attached to this Task.