Whilst this blog is specifically about setting up LimeSurvey, it’s probably more about the steps to adding new Docker Service on my FreeNAS server.

One of the best things about Docker is simplicity and speed of firing up a new service.  In the case of LimeSurvey, it’s no more complex than:

# docker run -d –name limesurvey -p 8585:80 -v /mnt/docker/limesurvey/upload:/app/upload crramirez/limesurvey

And I’ve overcomplicated it by adding a custom port and a volume mount for any uploads.  I had tried to add a volume mount for the SQL database too but ran into some permission issues.  I’ll fix that at some point, but for now, it’s within the Docker volume.  A quick few set-up screens to complete and LimeSurvey is up and running inside my network.

So the next steps are to expose externally.  First to my Domain host (I’ve used Pickaweb for several years now) to add a new DNS A Record pointing survey.domain.com to my fixed IP address.  In actually fact I edited one I was no longer using, just to try and keep things tidy!

As all external traffic is coming through my SSL Reverse Proxy jail, the next step was to create a configuration file for that.  I was going to test it worked using port 80 and HTTP, but thought I’d be brave and dive straight into the port 443 HTTPS configuration.

So first, I’d need a new certificate.  I still haven’t looked into Letsencrypt wildcards as the individual certs and auto-renewal is working so well.  Just yesterday my certs for Nextcloud and Onlyoffice auto-renewed and I received an e-mail to confirm this morning.  I was so happy I immediately deleted the old Warden jail I’d blogged about here!  Create the new certificate is a simple command in the jail console:

# certbot certonly –webroot -w /usr/local/www/ -d survey.domain.com

This created the new cert, so it was just a case of updating the site-enabled nginx service.conf file for the new cert location.  To make things easier I’d just reused an existing service.conf file and edited a few details (e.g. server_name, set $upstream [IP], proxy_pass [IP:port]).

And voila!  All working and an A+ rating on SSL Labs 😀  Look less than an hour from start to finish, and I even had time to set-up a very quick sample survey…