[Pkg-mailman-hackers] WG: [MM3-users] Re: mailman3 postorius cannot retrieve template

Wolfgang Bock mailinglisten at wbock.de
Thu Nov 4 21:44:59 GMT 2021 

Mark Sapiro says:

Issues with Debian packaging should be directed to Debian.


-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,

Regards

Wolfgang



-----Ursprüngliche Nachricht-----
Von: Wolfgang Bock via Mailman-users <mailman-users at mailman3.org> 
Gesendet: Donnerstag, 4. November 2021 13:04
An: mailman-users at mailman3.org
Betreff: [MM3-users] Re: mailman3 postorius cannot retrieve template

Hello Mark,

I reconstruct the configuration problems regarding the creation of templates
in mm3:

I installed mailman3 via the debian bullseye package(s).

BTW: My experience is to install it step by step, not as mailman3-full, but
as mailman-3, mailman3-doc, mailman3-web and python3-django-mailman3.
In my case the full installation did not run clean, the step-by-step variant
run clean.

The debian bullseye variant comes with a nginx conf-file in
/etc/mailman3/nginx.conf ...
# This nginx config file is part of the mailman3-web package.
#
# This nginx configuration file is a vhost configuration.
...
# Nginx SSL snippet. To enable it, please uncomment and update the
server_name and the ...
server {
    listen 443;
    listen [::]:443;
    server_name mailman.example.com;
    server_tokens off;
#
#    ## Strong SSL Security
#    ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html &
https://cipherli.st/
   ssl on;
    ssl_certificate /etc/letsencrypt/live/mailman.example.com/fullchain.pem;
    ssl_certificate_key
/etc/letsencrypt/live/mailman.example.com/privkey.pem;
#
...
The configuration "ssl on" is outdated as nginx -t comments.

The actual configuration should be:

/etc/nginx/
/etc/nginx/sites-available/nginx.lists.mydomain.ssl (and /sites-enabled)
....
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name lists.mydomain.com; # for example
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
...
If you - as proposed in the mailman3 nginx.conf - include in
nginx.lists.mydomain.ssl the following:
....
upstream mailman3 {
     server unix:/run/mailman3-web/uwsgi.sock fail_timeout=0;  } ....
you cannot in include this in another vhost-nginx configuration (for
example):
/etc/nginx/sites-available/nginx.lists.mydomain_2.ssl
as nginx -t says something like "no double entries please".

So I put this in another file like
/etc/nginx/sites-available/nginx.00.mailman3.upstream (and via symlink in
.../enabled/...) and both nginx-domain-files work.

The debian bullseye also serves a file mailman-web.py with an entry ...
POSTORIUS_TEMPLATE_BASE_URL = 'https://localhost/mailman3/'
...
As mentioned in a mail before that could not work:
1. letsencrypt doesnt serve an entry match for localhost. That floods your
syslog.
2. "localhost" doesnt match with the nginx.conf-proposal.

It must be something like
/etc/mailman3/mailman-web.py
....
POSTORIUS_TEMPLATE_BASE_URL = 'lists.mydomain.com/'
....

In this combination the creating of templates on the postorius website
works.

My conclusion:
I ask you to consider these experiences in an update for the mailman3
packages in debian bullseye. It would save time, questions and nerves.

Regards

Wolfgang




-----Ursprüngliche Nachricht-----
Von: Mark Sapiro <mark at msapiro.net>
Gesendet: Dienstag, 2. November 2021 23:44
An: mailman-users at mailman3.org
Betreff: [MM3-users] Re: mailman3 postorius cannot retrieve template

On 11/2/21 3:28 PM, Wolfgang Bock via Mailman-users wrote:

> 
> I get an db-entry in the mailman3 table template which doesnt lead to 
> a suitable link:
>
https://localhost/postorius/api/templates/list/testliste01.mydomain.de/list:
> member:regular:footer
> 
> In the next stept it leads to a flood of entries in my syslog because 
> django is asking for a certificate match for "localhost":
> Nov  2 11:47:49 myserver mailman3[175334]: Nov 02 11:47:49 2021
> (175334) Certificate did not match expected hostname: localhost.
Certificate: ...
> 
> Letsencrypt cannot deliver this match for "localhost", it is 
> impossible to configurate letsencrypt to do so.
> 
> The running script must create a postgres INSERT database command 
> which includes the correct domain-name including the correct path 
> .../mailman3/api/templates .... and not ... postorius/api/....
> 
> I dont know, where is the place to correct this.
> - in mailman-web.py ??
> ...
> ALLOWED_HOSTS ... '*'
> or
> MAILMAN_REST_API_URL = 'http://localhost:8001'
> or
> POSTORIUS_TEMPLATE_BASE_URL = 'https://localhost/mailman3/'


If you normally access Postorius on your site at something like
https://www.example.com/postorius, than set that as
POSTORIUS_TEMPLATE_BASE_URL


-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
_______________________________________________
Mailman-users mailing list -- mailman-users at mailman3.org To unsubscribe send
an email to mailman-users-leave at mailman3.org
https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/

_______________________________________________
Mailman-users mailing list -- mailman-users at mailman3.org To unsubscribe send
an email to mailman-users-leave at mailman3.org
https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/

More information about the Pkg-mailman-hackers mailing list