HomeLab 5: Docker install LimeSurvey and plugins, reverse proxy with Nginxpm and automate database backups
We needed to self-host a production ready survey solution. LimeSurvey is the number one open-source survey software with many advanced features for customized survey-creation.
Here we will install LimeSurvey through Docker, install a 2FA plugin for added security (we will use admin TOTP login), configure Nginx Proxy Manager reverse proxy and automate container database backups.
1. Install Docker and Docker Compose
I provide a walkthrough on this in my HomeLab 3 blog post.
2. If you have LimeSurvey installed and are fixing/updating:
Be sure to backup the database and the
security.php used for encryption.
An example is provided by adamzammit:
# assuming the container name is 'some-limesurvey', backup the security.php: # sudo docker cp some-limesurvey:/var/www/html/application/config/security.php /tmp/security.php # then update LimeSurvey and then copy the security.php file back: # sudo docker cp /tmp/security.php some-limesurvey:/var/www/html/application/config/security.php
3. Bring LimeSurvey container up
I will be using adamzammit’s LimeSurvey docker image that is well maintained and is production ready.
sudo apt update sudo docker pull acspri/limesurvey:latest sudo docker pull mariadb/server:latest
Make a directory for the Docker Compose file:
mkdir $HOME/Installs/limesurvey # make a directory inside $HOME (aka /home/<your-username>/) cd $HOME/Installs/limesurvey
version: '3' services: limesurvey: image: acspri/limesurvey:latest restart: unless-stopped ports: - 8082:80 environment: LIMESURVEY_DB_PASSWORD: example LIMESURVEY_ADMIN_USER: admin LIMESURVEY_ADMIN_PASSWORD: password LIMESURVEY_ADMIN_NAME: Lime Administrator LIMESURVEY_ADMIN_EMAIL: firstname.lastname@example.org volumes: # Installed LimeSurvey plugins - ./plugins:/var/www/html/plugins # New or created themes, Survey resources, Data from uploaded responses - ./upload:/var/www/html/upload # Configuration and security.php for encrypted responses - ./config:/var/www/html/application/config mysql: image: mariadb/server:latest restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: example
Bring the container up:
sudo docker compose up -d
Wait for it to initialize completely!
http://host-ip:8082 (for me it’s
http://host-ip:8082/admin and change default Administrator user and password.
- user: admin
- password: password
More on settings in the LimeSurvey manual.
5. Add 2FA plugin
Most plugins need only to be copied and unzipped in the corresponding folder. Here we will install the TwoFactorAdminLogin so we can have TOTP for the Admin accounts for added security. You can find more on this plugin in the manual and from LimeStore where you can also download it from. For ease of use, I uploaded it unzipped in my GitHub account and will download it from there.
# plugins should be placed in the volume defined in docker compose ./var/www/html/plugins cd $HOME/Installs/limesurvey/plugins sudo wget https://github.com/ClaudiuPapasteri/LimeSurvey-plugins/blob/main/TwoFactorAdminLogin
Now login as Administrator, go to Plugins and activate the plugin.
Change the settings if necesary (I kept defaults). More info on the official LimeStore docs
After, scan the QR code (remember to take a photo and keep it safe) and put in the code.
Each time you login in from now on you will use the 2FA code generated by your preffered app (I use Google Authenticator).
6. Reverse Proxy LimeSurvey
As outline in previous posts, I use Nginx Proxy Manager for reverse proxying. To add a Proxy Host, connect to the Administrator user of Nginxpm and do the following:
Hosts > Add Proxy Host
- Domain Names: survey.psychlab.eu
- Scheme: http
- IP: 192.168.0.2
- Port: 8082
- Cache Assets: disabled
- Block Common Exploits: enabled
- Websockets Support: enabled
- Access List: Publicly Accessible
- SSL Certificate: *.psychlab.eu, psychlab.eu
- Force SSL: enabled
- HSTS Enabled: enabled
- HTTP/2 Support: enabled
- HSTS Subdomains: disabled
If all went well you can acces LimeSurvey by going to your subdomain (in my case its
7. Automate container database backups
Download xcad2k’s bash script
I have forked it, modified it and hosted it on my Github. The script stores dumps of the container mysql/mariadb in the defined path and keeps them for 3 days before deleting them.
cd $HOME/scripts # for me this is home/claudiu/scripts sudo git clone https://github.com/ClaudiuPapasteri/db-container-backup.git # get my modified db-container-backup.sh cd db-container-backup sudo rm -r db-container-backup # this directory has the original scripts, we don't need them sudo chmod +x db-container-backup.sh # to make sure bash script is executable # make directory where the backups should be stored cd $HOME sudo mkdir db_backups # sudo chown -R $USER: $HOME # if you dont have permission over the two created folders, run this to own your home dir # set the path to where the backups should be stored nano db-container-backup.sh # addapt cloudflare.sh # execute script ./db-container-backup.sh # execute script in a subshell # sed -i -e 's/\r$//' db-container-backup.sh # if you get bad interpreter error, run this command and execute again
Automate the backup task with Cron Job
Get permissions to run Docker without sudo. This will let the bash script run docker comands. For more info see the official docs.
sudo groupadd docker # create the docker group. sudo usermod -aG docker $USER # add your user to the docker group. getent group docker # check that you are member of the group sudo chown root:docker /var/run/docker.sock # change group ownership of the docker.sock file sudo chmod root:docker /var/run/docker.sock # provide read write permission to docker.sock file # test by running a docker command # docker ps
Set Cron Job for the bash script.
sudo crontab -l # list root cron jobs sudo crontab -e # sudo is important here because we want to define the user-specific crontab for root # pick text editor (press 1 for nano) # edit so that bash script is ran every day at 4:00AM and 5 minutes after every system startup: # @reboot sleep 300 && /bin/bash /home/claudiu/scripts/db-container-backup/db-container-backup.sh # 0 4 * * * /bin/bash /home/claudiu/scripts/db-container-backup/db-container-backup.sh # save and exit sudo crontab -l # check that changes were made sudo systemctl restart cron # cron needs not be restarted whenever a crontab file is modified sudo systemctl status cron # check that the task has been run successfuly
- HomeLab 6: Dockerized RStudio Server, packages, persistent storage and SSL certs
- HomeLab 4: Install and configure Nginx Proxy Manager with SSL Wildcard Certs
- HomeLab 3: Install and configure Apache Guacamole as Docker Container
- HomeLab 2: Web domain, subdomains and Dynamic DNS with Cloudflare API
- HomeLab 1: Installing Ubuntu