On 1/20/22 11:40 PM, Josef Dietl wrote:
Dear all,
Sorry for coming back to a topic that seems to be done for 18 months now.
I'm staring at this issue for a few days now (on and off). But I still get these messages:
Jan 19 22:43:27 2022 (149439) HyperKitty failure on https://lists.[...]/hyperkitty/api/mailman/urls: <html><title>Forbidden</title><body>
<h1>Access is forbidden</h1><p>Please check the IP addresses assigned to MAILMAN_ARCHIVER_FROM in the settings file. </p></body></html> (403). and consequently, nothing ends up in the archive.
I have checked (among others):
- MAILMAN_ARCHIVER_FROM - doesn't make a difference. 127.0.0.1, external IP address, different orders, '*'.
OK.
(Asterisk makes a difference, see at the bottom)
??? I didn't see what.
- MAILMAN_ARCHIVER_KEY in mailman-web.py matches api_key in mailman-hyperkitty.cfg (except for the quotes). According to the editor's
color coding, the quotes are "right", too. I have removed special characters to circumvent diverging treatment in different environments
- I guess it doesn't matter, but wget --user restadmin --password [.] http://localhost:8001/3.1/lists works, too.
That is Mailman core's REST API which is not the issue here.
- ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https" (probably also doesn't matter
I'm running a fresh package installation from Debian Bullseye with certificates from Certbot with nginx, so Certbot may have messed with my nginx config, but even that seems to be OK: Yes, Certbot has inserted http->https redirection, but I'd expect that a https base_url and ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https" circumvents that.
It should.
Note that your primary resource for help with issue with Debian packages should be Debian.
Mailman info says ... To provide all possible information, I'm also adding the nginx log that seems to correspond to that request (no other requests at that time, give or take five minutes): Yes, everything yields 403 response codes.
[.] - - [19/Jan/2022:22:43:27 +0000] "GET /hyperkitty/api/mailman/urls?mlist=demo%40lists.pro-digi-par.de&key=[.] HTTP/1.1" 403 175 "-" "python-requests/2.25.1"
The issue here is accessing the hyperkitty API. The base URL for these
accesses is configured in mailman-hyperkitty.cfg. From what I see here,
that is something like http(s)://host.example.com/hyperkitty/ If you
append api/ to that base URL and go there in a web browser do you get
a page of documentation of the HyperKitty API? If so, then figure out
why it works from a web browser and not when Mailman core does it. If
you get the 403, figure out why. This is probably an nginx issue.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan