Mailman in EC2 / Docker -- working but HTTPS not serving static content
Hi again ... I got everything working thanks to Danil, Abhilash, and finally found a simple NGINX conf that worked, using WSGI. Cool.
Set up certificates using LetsEncrypt, used another conf to set up SSL, like the conf pasted below.
I edited nginx.conf so that it only takes server config from the nginx/conf.d/blahblah.conf below.
This works for HTTP, HTTPS works but it (apparently) is not serving static content. There are loads of how-tos to get this to work, but I've failed in all -- it seems to be the static path (I've not tried option using thttpd I've not tried as there is no easy install onto AQWS AMI and it seems like it's not specifically necessary.
I'm so close... so close...
server { listen 80 default_server; # listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
server_name listman.iotcouncil.org.za;
return 301 https://$server_name$request_uri; #<< AUTO_REDIRECT HTTP TO HTTPS
# location / { # proxy_pass http://172.19.199.3:8000/; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Server $host; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_redirect off; # } # # location /static/ { # alias /var/spool/mailman-web/static/; # } # # location /robots.txt { # alias /var/spool/mailman-web/static/hyperkitty/robots.txt; # } # # location /favicon.ico { # alias /var/www/listorg/images/favicon.ico; # } # } server { listen 443 default_server; # listen [::]:443 default_server ipv6only=on;
#root /usr/share/nginx/html;
#index index.html index.htm;
server_name listman.iotcouncil.org.za;
ssl on;
ssl_certificate /etc/letsencrypt/live/listman.iotcouncil.org.za/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/listman.iotcouncil.org.za/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://172.19.199.3:8000/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
location /static/ {
alias /opt/mailman/web/static;
}
location /robots.txt {
alias /var/spool/mailman-web/static/hyperkitty/robots.txt;
}
location /favicon.ico {
alias /var/www/listorg/images/favicon.ico;
}
}
- roger hislop:
This works for HTTP, HTTPS works but it (apparently) is not serving static content.
The following config snippet works for me:
# vim:ts=4:ft=nginx server { listen *:443 ssl; listen [::]:443 ssl; server_name lists.example.com; # Settings for cipher preferences, logs, etc. omitted
location /static/ {
alias /var/lib/nginx/mailman/mailman-suite/mailman-suite_project/static/;
}
location / {
include uwsgi_params;
uwsgi_pass unix:///run/nginx/uwsgi-sock;
}
}
-Ralph
On Mon, Apr 15, 2019, at 7:13 AM, roger.hislop@is.co.za wrote:
Hi again ... I got everything working thanks to Danil, Abhilash, and finally found a simple NGINX conf that worked, using WSGI. Cool.
Set up certificates using LetsEncrypt, used another conf to set up SSL, like the conf pasted below.
I edited nginx.conf so that it only takes server config from the nginx/conf.d/blahblah.conf below.
This works for HTTP, HTTPS works but it (apparently) is not serving static content. There are loads of how-tos to get this to work, but I've failed in all -- it seems to be the static path (I've not tried option using thttpd I've not tried as there is no easy install onto AQWS AMI and it seems like it's not specifically necessary.
I'm so close... so close...
server { listen 80 default_server; # listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html; index index.html index.htm; server_name listman.iotcouncil.org.za; return 301 https://$server_name$request_uri; #<<
AUTO_REDIRECT HTTP TO HTTPS
# location / { # proxy_pass http://172.19.199.3:8000/; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Server $host; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_redirect off; # } # # location /static/ { # alias /var/spool/mailman-web/static/; # } # # location /robots.txt { # alias /var/spool/mailman-web/static/hyperkitty/robots.txt; # } # # location /favicon.ico { # alias /var/www/listorg/images/favicon.ico; # } # } server { listen 443 default_server; # listen [::]:443 default_server ipv6only=on;
#root /usr/share/nginx/html; #index index.html index.htm; server_name listman.iotcouncil.org.za; ssl on; ssl_certificate
/etc/letsencrypt/live/listman.iotcouncil.org.za/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/listman.iotcouncil.org.za/privkey.pem;
ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; ssl_prefer_server_ciphers on; location / { proxy_pass http://172.19.199.3:8000/; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; } location /static/ { alias /opt/mailman/web/static; }
Put the /static/ declaration above the
location /one and make sure you add the trailing
/in the
alias /opt/mailman/web/static;option (since you have a trailing
/in
/static/`.
You can also remove the trailing /
from both places. It just needs to be consistent.
location /robots.txt { alias /var/spool/mailman-web/static/hyperkitty/robots.txt; } location /favicon.ico { alias /var/www/listorg/images/favicon.ico; }
}
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
-- thanks, Abhilash Raj (maxking)
Fantastic! Up and going.
Thanks for dealing with idiot questions.
On 15/04/2019, 18:33, "Abhilash Raj" <maxking@asynchronous.in> wrote:
On Mon, Apr 15, 2019, at 7:13 AM, roger.hislop@is.co.za wrote:
> Hi again ... I got everything working thanks to Danil, Abhilash, and
> finally found a simple NGINX conf that worked, using WSGI. Cool.
>
> Set up certificates using LetsEncrypt, used another conf to set up SSL,
> like the conf pasted below.
>
> I edited nginx.conf so that it only takes server config from the
> nginx/conf.d/blahblah.conf below.
>
> This works for HTTP, HTTPS works but it (apparently) is not serving
> static content. There are loads of how-tos to get this to work, but
> I've failed in all -- it seems to be the static path (I've not tried
> option using thttpd I've not tried as there is no easy install onto
> AQWS AMI and it seems like it's not specifically necessary.
>
> I'm so close... so close...
>
> -------------------------------
> server {
> listen 80 default_server;
> # listen [::]:80 default_server ipv6only=on;
>
> root /usr/share/nginx/html;
> index index.html index.htm;
>
> server_name listman.iotcouncil.org.za;
> return 301 https://$server_name$request_uri; #<<
> AUTO_REDIRECT HTTP TO HTTPS
>
> # location / {
> # proxy_pass http://172.19.199.3:8000/;
> # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> # proxy_set_header X-Forwarded-Host $host;
> # proxy_set_header X-Forwarded-Server $host;
> # proxy_set_header X-Forwarded-Proto $scheme;
> # proxy_redirect off;
> # }
> #
> # location /static/ {
> # alias /var/spool/mailman-web/static/;
> # }
> #
> # location /robots.txt {
> # alias /var/spool/mailman-web/static/hyperkitty/robots.txt;
> # }
> #
> # location /favicon.ico {
> # alias /var/www/listorg/images/favicon.ico;
> # }
> #
> }
> server {
> listen 443 default_server;
> # listen [::]:443 default_server ipv6only=on;
>
> #root /usr/share/nginx/html;
> #index index.html index.htm;
>
> server_name listman.iotcouncil.org.za;
>
> ssl on;
> ssl_certificate
> /etc/letsencrypt/live/listman.iotcouncil.org.za/fullchain.pem;
> ssl_certificate_key
> /etc/letsencrypt/live/listman.iotcouncil.org.za/privkey.pem;
>
> ssl_session_timeout 5m;
>
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
> ssl_prefer_server_ciphers on;
>
> location / {
> proxy_pass http://172.19.199.3:8000/;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Host $host;
> proxy_set_header X-Forwarded-Server $host;
> proxy_set_header X-Forwarded-Proto $scheme;
> proxy_redirect off;
> }
>
> location /static/ {
> alias /opt/mailman/web/static;
> }
Put the `/static/ declaration above the `location /` one and make sure you add the trailing
`/` in the ` alias /opt/mailman/web/static;` option (since you have a trailing `/` in `/static/`.
You can also remove the trailing `/` from both places. It just needs to be consistent.
>
> location /robots.txt {
> alias /var/spool/mailman-web/static/hyperkitty/robots.txt;
> }
>
> location /favicon.ico {
> alias /var/www/listorg/images/favicon.ico;
> }
>
> }
> _______________________________________________
> Mailman-users mailing list -- mailman-users@mailman3.org
> To unsubscribe send an email to mailman-users-leave@mailman3.org
> https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
>
--
thanks,
Abhilash Raj (maxking)
Roger Hislop (IS) Executive Head - IOT T +27 11 5751600 M+27 78 4595952
participants (4)
-
Abhilash Raj
-
Ralph Seichter
-
Roger Hislop (IS)
-
roger.hislop@is.co.za