Why would you double book port 80? That's really a bad idea and causes issues like the one you see...
Your "EXTERNAL" server binds to port 80 on all IP addresses available.
Your "INTERNAL" server binds to 127.0.0.1 port 80, only.
Thus only connections to 127.0.0.1 on port 80 end on the internal server, if the host requested is "localhost".
Everything else goes to the external server and is redirected there to https.
Usually localhost in /etc/hosts resolves to 127.0.0.1 and ::1. Usually IPv6 should be preferred.
Thus if you access http://localhost:80/ you will most likely end up in the external server because it will use IPv6 which only binds on the external server.
I highly recommend to use a different port, e.g. 8080, for the "INTERNAL" server. That makes it so much simpler and easier to understand than double booking port 80 and hoping everything goes the way it should...
-Gerald
On 17.02.26 03:37, msok--- via Mailman-users wrote:
My NGINX configure redirect for HTTP to HTTPS. For the domain below, mailman.example.com = my actual domain
-NGINX config server { # EXTERNAL: Redirects all port 80 traffic to HTTPS listen 80 default_server; listen [::]:80 default_server; # server_name mailman.example.com; server_name mailman.example.com; # no issue for accessing from outside, it will redirect to https return 301 https://$host$request_uri; # Redirect http to https server_tokens off;
}# INTERNAL: Listens ONLY on 127.0.0.1 to handle local HTTP requests server { listen 127.0.0.1:80; server_name localhost;
location / { include uwsgi_params; uwsgi_pass unix:/run/mailman3-web/uwsgi.sock; uwsgi_param HTTP_HOST $host; } location /mailman3/static { alias /var/lib/mailman3/web/static; } location /mailman3/static/favicon.ico { alias /var/lib/mailman3/web/static/postorius/img/favicon.ico; }-The URL syntax https://mailman.example.com/mailman3/lists/list-id/confirm/?token=$token
-The error message when tried to add subscriber HTTP Error 400: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /postorius/api/templates/list/list-id/list:user:action:subscribe (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1029)')))
Please help!
Thanks, Marin
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
This message sent to vogt@spamcop.net