Hello Mark,
I reconstruct the configuration problems regarding the creation of templates in mm3:
I installaed mailman3 via the debian bullseye package(s).
BTW: My experience is to install it step by step, not as mailman3-full, but as mailman-3, mailman3-doc, mailman3-web and python3-django-mailman3. In my case the full installation did not run clean, the step-by-step variant run clean.
The debian bullseye variant comes with a nginx conf-file in /etc/mailman3/nginx.conf ... # This nginx config file is part of the mailman3-web package. # # This nginx configuration file is a vhost configuration. ... # Nginx SSL snippet. To enable it, please uncomment and update the server_name and the ... server { listen 443; listen [::]:443; server_name mailman.example.com; server_tokens off; # # ## Strong SSL Security # ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ ssl on; ssl_certificate /etc/letsencrypt/live/mailman.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mailman.example.com/privkey.pem; # ... The configuration "ssl on" is outdated as nginx -t comments.
The actual configuration should be:
/etc/nginx/ /etc/nginx/sites-available/nginx.lists.mydomain.ssl (and /sites-enabled) .... server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name lists.mydomain.com; # for example server_tokens off;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;... If you - as proposed in the mailman3 nginx.conf - include in nginx.lists.mydomain.ssl the following: .... upstream mailman3 { server unix:/run/mailman3-web/uwsgi.sock fail_timeout=0; } .... you cannot in include this in another vhost-nginx configuration (for example): /etc/nginx/sites-available/nginx.lists.mydomain_2.ssl as nginx -t says something like "no double entries please".
So I put this in another file like /etc/nginx/sites-available/nginx.00.mailman3.upstream (and via symlink in .../enabled/...) and both nginx-domain-files work.
The debian bullseye also serves a file mailman-web.py with an entry ... POSTORIUS_TEMPLATE_BASE_URL = 'https://localhost/mailman3/' ... As mentioned in a mail before that could not work:
- letsencrypt doesnt serve an entry match for localhost. That floods your syslog.
- "localhost" doesnt match with the nginx.conf-proposal.
It must be something like /etc/mailman3/mailman-web.py .... POSTORIUS_TEMPLATE_BASE_URL = 'lists.mydomain.com/' ....
In this combination the creating of templates on the postorius website works.
My conclusion: I ask you to consider these experiences in an update for the mailman3 packages in debian bullseye. It would save time, questions and nerves.
Regards
Wolfgang
-----Ursprüngliche Nachricht----- Von: Mark Sapiro <mark@msapiro.net> Gesendet: Dienstag, 2. November 2021 23:44 An: mailman-users@mailman3.org Betreff: [MM3-users] Re: mailman3 postorius cannot retrieve template
On 11/2/21 3:28 PM, Wolfgang Bock via Mailman-users wrote:
I get an db-entry in the mailman3 table template which doesnt lead to a suitable link:
https://localhost/postorius/api/templates/list/testliste01.mydomain.de/list:
member:regular:footer
In the next stept it leads to a flood of entries in my syslog because django is asking for a certificate match for "localhost": Nov 2 11:47:49 myserver mailman3[175334]: Nov 02 11:47:49 2021 (175334) Certificate did not match expected hostname: localhost. Certificate: ...
Letsencrypt cannot deliver this match for "localhost", it is impossible to configurate letsencrypt to do so.
The running script must create a postgres INSERT database command which includes the correct domain-name including the correct path .../mailman3/api/templates .... and not ... postorius/api/....
I dont know, where is the place to correct this.
- in mailman-web.py ?? ... ALLOWED_HOSTS ... '*' or MAILMAN_REST_API_URL = 'http://localhost:8001' or POSTORIUS_TEMPLATE_BASE_URL = 'https://localhost/mailman3/'
If you normally access Postorius on your site at something like https://www.example.com/postorius, than set that as POSTORIUS_TEMPLATE_BASE_URL
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/