Hi All, thanks for your contibution to opensource softwares. I have done the installation walkthrough on the wiki page (thanks to Brian Carpenter) and I am almost there. I can run the three services and they provide the relevant web interfaces (admin, postorius, hyperkitty). In comparison to the walkthrough, I did two changes; First, I used different port numbers , as it would otherwise conflict with other services on the server. Second, I disabled the social accounts authentification mechanisms. I am still running on sqllite, as I am still testing things (one task at a time).
Using my "superuser" credentials, I can log to the admin section in a fraction of a second. The server response time is less than one second. Once logged in, I can navigate through all the site as an authenticated user, including in the postorius pages related to list management. The services work normally.
However, if logout and attempt to login from the postorius website, I get a « 502 bad gateway » error after roughly 30 seconds. The logs in Systemctl for gunicorn register a "DIGEST-MD5 common mech free" error message and the nginx error logs just show a connection drop:
2021/08/12 18:11:09 [error] 26026#26026: *31 upstream prematurely closed connection while reading response header from upstream, client: [ip redacted], server: [domain redacted], request: "POST /accounts/login/ HTTP/2.0", upstream: "http://127.0.0.1:8006/accounts/login/", host: "[domain redacted]", referrer: "https://[domain redacted]/accounts/login/?next=/mailman3/lists/"
Two additional clues may help understanding what is going on:
1- If I attempt to login with improper credentials, the services respond normally, and I get the expected red box with "invalid credentials" message on the postorius page. It is only when proper credentials are given that the connection fails.
2- If I attempt to register a new email adress, the services also fail to respond (although with no DIGEST-MD5 message registered).
It thus seems to be a post "POST" problem, but what puzzles me is that it is not an issue for the admin page.
Below the relevant sections of my settings.py page. The skipped ([...]) sections are as in the walkthrough files. In particular, the AUTH_PASSWORD_VALIDATORS, the EMAIL_BACKEND are as is and the "USE_X_FORWARDED_HOST" is still commented.
##Settings.py [...] # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = '[redacted]'
# SECURITY WARNING: don't run with debug turned on in production! DEBUG = False
ADMINS = ( ('ME', 'my@email'), )
SITE_ID = 1
# Hosts/domain names that are valid for this site; required if DEBUG is False # See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts ALLOWED_HOSTS = [ "localhost", # Archiving API from Mailman, keep it. "[domain]", # Add here all production URLs you may have. ]
# Mailman API credentials MAILMAN_REST_API_URL = 'http://localhost:8005' MAILMAN_REST_API_USER = '[redacted]' MAILMAN_REST_API_PASS = '[redacted]' MAILMAN_ARCHIVER_KEY = '[redacted]' MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')
# Application definition
INSTALLED_APPS = ( 'hyperkitty', 'postorius', 'django_mailman3', # Uncomment the next line to enable the admin: 'django.contrib.admin', # Uncomment the next line to enable admin documentation: # 'django.contrib.admindocs', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', 'django_gravatar', 'compressor', 'haystack', 'django_extensions', 'django_q', 'allauth', 'allauth.account', 'allauth.socialaccount', #'django_mailman3.lib.auth.fedora', #'allauth.socialaccount.providers.openid', #'allauth.socialaccount.providers.github', #'allauth.socialaccount.providers.gitlab', #'allauth.socialaccount.providers.google', #'allauth.socialaccount.providers.facebook', #'allauth.socialaccount.providers.twitter', #'allauth.socialaccount.providers.stackexchange', )
[...] # Database # https://docs.djangoproject.com/en/1.8/ref/settings/#databases
DATABASES = { 'default': { # Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'. 'ENGINE': 'django.db.backends.sqlite3', # DB name or path to database file if using sqlite3. 'NAME': os.path.join(BASE_DIR, 'mailmansuite.db'), # The following settings are not used with sqlite3: 'USER': 'XXX', 'PASSWORD': 'XXX', # HOST: empty for localhost through domain sockets or '127.0.0.1' for # localhost through TCP. 'HOST': '', # PORT: set to empty string for default. 'PORT': '', # OPTIONS: for mysql engine only, do not use with other engines. # 'OPTIONS': {'charset': 'utf8mb4'} # Enable utf8 4-byte encodings. } } [...]
# Password validation # https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', }, { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', }, { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', }, { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', }, ]
# Internationalization # https://docs.djangoproject.com/en/1.8/topics/i18n/
LANGUAGE_CODE = 'fr'
TIME_ZONE = 'America/New_York'
[...]
# If you enable internal authentication, this is the address that the emails # will appear to be coming from. Make sure you set a valid domain name, # otherwise the emails may get rejected. # https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email # DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org" DEFAULT_FROM_EMAIL = 'username@domain'
# If you enable email reporting for error messages, this is where those emails # will appear to be coming from. Make sure you set a valid domain name, # otherwise the emails may get rejected. # https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL # SERVER_EMAIL = 'root@your-domain.org' SERVER_EMAIL = 'username@domain'
# Change this when you have a real email backend EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
[...]
# # Social auth # AUTHENTICATION_BACKENDS = ( 'django.contrib.auth.backends.ModelBackend', 'allauth.account.auth_backends.AuthenticationBackend', )
# Django Allauth ACCOUNT_AUTHENTICATION_METHOD = "username_email" ACCOUNT_EMAIL_REQUIRED = True ACCOUNT_EMAIL_VERIFICATION = "mandatory" # You probably want https in production, but this is a dev setup file ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https" ACCOUNT_UNIQUE_EMAIL = True
# # Asynchronous tasks # Q_CLUSTER = { 'timeout': 300, 'save_limit': 100, 'retry':360, 'orm': 'default', }
[...] # Only display mailing-lists from the same virtual host as the webserver FILTER_VHOST = True
POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost:8006'
## (End of settings.py)
I'm happy to provide additional information if it can help.
Best,
Pier-André