[Pkg-mailman-hackers] WG: [MM3-users] Re: mailman3 postorius cannot retrieve template
Wolfgang Bock
mailinglisten at wbock.de
Thu Nov 4 21:44:59 GMT 2021
Mark Sapiro says:
Issues with Debian packaging should be directed to Debian.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
Regards
Wolfgang
-----Ursprüngliche Nachricht-----
Von: Wolfgang Bock via Mailman-users <mailman-users at mailman3.org>
Gesendet: Donnerstag, 4. November 2021 13:04
An: mailman-users at mailman3.org
Betreff: [MM3-users] Re: mailman3 postorius cannot retrieve template
Hello Mark,
I reconstruct the configuration problems regarding the creation of templates
in mm3:
I installed mailman3 via the debian bullseye package(s).
BTW: My experience is to install it step by step, not as mailman3-full, but
as mailman-3, mailman3-doc, mailman3-web and python3-django-mailman3.
In my case the full installation did not run clean, the step-by-step variant
run clean.
The debian bullseye variant comes with a nginx conf-file in
/etc/mailman3/nginx.conf ...
# This nginx config file is part of the mailman3-web package.
#
# This nginx configuration file is a vhost configuration.
...
# Nginx SSL snippet. To enable it, please uncomment and update the
server_name and the ...
server {
listen 443;
listen [::]:443;
server_name mailman.example.com;
server_tokens off;
#
# ## Strong SSL Security
# ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html &
https://cipherli.st/
ssl on;
ssl_certificate /etc/letsencrypt/live/mailman.example.com/fullchain.pem;
ssl_certificate_key
/etc/letsencrypt/live/mailman.example.com/privkey.pem;
#
...
The configuration "ssl on" is outdated as nginx -t comments.
The actual configuration should be:
/etc/nginx/
/etc/nginx/sites-available/nginx.lists.mydomain.ssl (and /sites-enabled)
....
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name lists.mydomain.com; # for example
server_tokens off;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
...
If you - as proposed in the mailman3 nginx.conf - include in
nginx.lists.mydomain.ssl the following:
....
upstream mailman3 {
server unix:/run/mailman3-web/uwsgi.sock fail_timeout=0; } ....
you cannot in include this in another vhost-nginx configuration (for
example):
/etc/nginx/sites-available/nginx.lists.mydomain_2.ssl
as nginx -t says something like "no double entries please".
So I put this in another file like
/etc/nginx/sites-available/nginx.00.mailman3.upstream (and via symlink in
.../enabled/...) and both nginx-domain-files work.
The debian bullseye also serves a file mailman-web.py with an entry ...
POSTORIUS_TEMPLATE_BASE_URL = 'https://localhost/mailman3/'
...
As mentioned in a mail before that could not work:
1. letsencrypt doesnt serve an entry match for localhost. That floods your
syslog.
2. "localhost" doesnt match with the nginx.conf-proposal.
It must be something like
/etc/mailman3/mailman-web.py
....
POSTORIUS_TEMPLATE_BASE_URL = 'lists.mydomain.com/'
....
In this combination the creating of templates on the postorius website
works.
My conclusion:
I ask you to consider these experiences in an update for the mailman3
packages in debian bullseye. It would save time, questions and nerves.
Regards
Wolfgang
-----Ursprüngliche Nachricht-----
Von: Mark Sapiro <mark at msapiro.net>
Gesendet: Dienstag, 2. November 2021 23:44
An: mailman-users at mailman3.org
Betreff: [MM3-users] Re: mailman3 postorius cannot retrieve template
On 11/2/21 3:28 PM, Wolfgang Bock via Mailman-users wrote:
>
> I get an db-entry in the mailman3 table template which doesnt lead to
> a suitable link:
>
https://localhost/postorius/api/templates/list/testliste01.mydomain.de/list:
> member:regular:footer
>
> In the next stept it leads to a flood of entries in my syslog because
> django is asking for a certificate match for "localhost":
> Nov 2 11:47:49 myserver mailman3[175334]: Nov 02 11:47:49 2021
> (175334) Certificate did not match expected hostname: localhost.
Certificate: ...
>
> Letsencrypt cannot deliver this match for "localhost", it is
> impossible to configurate letsencrypt to do so.
>
> The running script must create a postgres INSERT database command
> which includes the correct domain-name including the correct path
> .../mailman3/api/templates .... and not ... postorius/api/....
>
> I dont know, where is the place to correct this.
> - in mailman-web.py ??
> ...
> ALLOWED_HOSTS ... '*'
> or
> MAILMAN_REST_API_URL = 'http://localhost:8001'
> or
> POSTORIUS_TEMPLATE_BASE_URL = 'https://localhost/mailman3/'
If you normally access Postorius on your site at something like
https://www.example.com/postorius, than set that as
POSTORIUS_TEMPLATE_BASE_URL
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
_______________________________________________
Mailman-users mailing list -- mailman-users at mailman3.org To unsubscribe send
an email to mailman-users-leave at mailman3.org
https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
_______________________________________________
Mailman-users mailing list -- mailman-users at mailman3.org To unsubscribe send
an email to mailman-users-leave at mailman3.org
https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
More information about the Pkg-mailman-hackers
mailing list