multiple sites on a mailman3 server question
So, I have successfully installed mailman3 and it's working great. However, the way it works now, if someone goes to the domain website, he or she will get the mailman page. I'd prefer that it work something like: My www.example.com goes to a home page lists.example.com goes to the mailman3 page mail.example.com goes to a roundcube page
I'm using nginx, and this is the first time I've set up an nginx server (I have traditionally done apache), and I'm still figuring out the syntax.
My sites-available file is below, for the domain emergenus.com.
The behavior I'm getting is that if I go to mail.emergenus.com, it still redirects to mail.emergenus.com/mailman3/lists, but gives a 404 page not found.
If I go to lists.emergenus.com, it redirects to lists.emergenus.com/mailman3/lists and gives the nice postorius page, and works fine.
So, I'm trying to figure out how to stop that redirect.
When I look at my nginx access.log file for mail.emergenus.com, I see:
174.212.104.153 - - [28/Dec/2021:21:03:21 -0500] "GET /mailman3/lists/ HTTP/1.1" 404 188 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36"
Aha! says I. My ip address is 203.159.80.234, not 174.212.104.153.
Thus, uwsgi (I think) is sneaking in there and taking over regardless
of what I'm trying to do.
Is there a way to tell mailman to only take over for lists.emergenus.com and not for www.emergenus.com or mail.emergenus.com?
Here's my uwsgi.ini (without then env= PYTHONPATH change discussed in another thread:
# /etc/mailman3/uwsgi.ini # [uwsgi] # Port on which uwsgi will be listening. http-socket = 0.0.0.0:8000 # If running uwsgi from the virtual environment ... virtualenv = /opt/mailman/venv/
module=mailman_web.wsgi:application # Add to python import path. pythonpath = /etc/mailman3/ # The default settings module. env = DJANGO_SETTINGS_MODULE=settings
# Setup default number of processes and threads per process. master = true processes = 2 threads = 2
# Setup the django_q related worker processes. attach-daemon = /opt/mailman/venv/bin/mailman-web qcluster
# Setup the request log. req-logger = file:/opt/mailman/web/logs/uwsgi.log
# Log qcluster commands separately. logger = qcluster file:/opt/mailman/web/logs/uwsgi-qcluster.log log-route = qcluster uwsgi-daemons
# Last log and it logs the rest of the stuff. logger = file:/opt/mailman/web/logs/uwsgi-error.log
Here's my /etc/nginx/sites-enabled/emergenus.com looks like:
server {
root /var/www/html2;
index index.html index.htm index.nginx-debian.html;
server_name emergenus.com, mail.emergenus.com,www.emergenus.com;
location /{
try_files $uri $uri/ =404;
}##### added 12/19
listen 443 ssl default_server; listen [::]:443 ssl default_server; ##########
ssl_certificate /etc/letsencrypt/live/emergenus.com/fullchain.pem;# managed by Certbot ssl_certificate_key /etc/letsencrypt/live/emergenus.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name lists.emergenus.com;
location /{
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; }
listen 443 ssl ; listen [::]:443 ssl ;
location /static/ { alias /opt/mailman/web/static/; }
##########
ssl_certificate /etc/letsencrypt/live/emergenus.com/fullchain.pem;# managed by Certbot ssl_certificate_key /etc/letsencrypt/live/emergenus.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server { if ($host = mail.emergenus.com) { # return 301 https://$host$request_uri; return 301 https://mail.emergenus.com; } # managed by Certbot
if ($host = www.emergenus.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = lists.emergenus.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name www.emergenus.com lists.emergenus.commail.emergenus.com emergenus.com; return 404; # managed by Certbot
}
Thanks
billo
On 12/28/21 6:15 PM, William Oliver wrote:
So, I have successfully installed mailman3 and it's working great. However, the way it works now, if someone goes to the domain website, he or she will get the mailman page. I'd prefer that it work something like: My www.example.com goes to a home page lists.example.com goes to the mailman3 page mail.example.com goes to a roundcube page
I'm using nginx I'd asked about this a few weeks ago for a MM3 host running Ngnix with a few virtual domains, one of which runs Roundcubemail as its default.
Mark Sapiro suggested the following, and it seems to be working OK. You'll need these lines in the Nginx config file for each virtual host you define.
# begin mailman3 stuff
location /static/ {
alias /opt/mailman/web/static/;
}
location /mailman3/ {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /archives/ {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /accounts/ {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /admin/ {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /mailman/ {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /user-profile/ {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}# end mailman3 stuff
dn
On Tue, 2021-12-28 at 18:23 -0800, David Newman wrote:
[snip] I'm using nginx
I'd asked about this a few weeks ago for a MM3 host running Ngnix with a few virtual domains, one of which runs Roundcubemail as its default.
Mark Sapiro suggested the following, and it seems to be working OK. You'll need these lines in the Nginx config file for each virtual host you define.
# begin mailman3 stuff
location /static/ { alias /opt/mailman/web/static/; }
[snip]
No joy. This just makes it kind of work as the mailman interface when it gets rewritten.
My problem is that the url is getting referred to domainname/mailman3/lists even when I don't want it to. Adding these changes just (partially) loads the mailman3 interface when it gets rewritten.
What I'm trying to figure out is where uwsgi yanks control from nginx and does the rewriting. Pulling that proxypass stuff out will stop mailman3 from coming up, and adding it allows mailman3 to show its interface, but the address gets referred regardless.
Somehow I need to tell uwsgi to ignore www.domain.com *or* somehow tell nginx not to push it to port 8000. But I don't see where nginx is getting told to go to 8000 in the www.domain.com section.
billo
On Dec 29, 2021, at 08:49, William Oliver <billo@billoblog.com> wrote:
On Tue, 2021-12-28 at 18:23 -0800, David Newman wrote:
[snip] I'm using nginx
I'd asked about this a few weeks ago for a MM3 host running Ngnix with a few virtual domains, one of which runs Roundcubemail as its default.
Mark Sapiro suggested the following, and it seems to be working OK. You'll need these lines in the Nginx config file for each virtual host you define.
# begin mailman3 stuff
location /static/ { alias /opt/mailman/web/static/; }[snip]
No joy. This just makes it kind of work as the mailman interface when it gets rewritten.
My problem is that the url is getting referred to domainname/mailman3/lists even when I don't want it to.
That sounds like an nginx configuration problem, not a Mailman3 issue.
One assumption in the MM3 web setup docs is that MM3/Django/Postorius/Hyperkitty are the only web services running. If they’re not, and there are other services running, you’ll need to tell Nginx where they are.
The setup I provided is an excerpt and covers only how to point to MM3 in such a scenario. It does not cover how to point to something else as root at, say, www.domain.tld.
This is off-topic for a Mailman3 list, but maybe check your default files in the sites-available directory, and also anything they point to, paying particular attention to where / points and which root directory you’re using. Same thing with any other config files in that directory.
dn
Adding these changes just (partially) loads the mailman3 interface when it gets rewritten.
What I'm trying to figure out is where uwsgi yanks control from nginx and does the rewriting. Pulling that proxypass stuff out will stop mailman3 from coming up, and adding it allows mailman3 to show its interface, but the address gets referred regardless.
Somehow I need to tell uwsgi to ignore www.domain.com *or* somehow tell nginx not to push it to port 8000. But I don't see where nginx is getting told to go to 8000 in the www.domain.com section.
billo
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
On 12/29/21 8:48 AM, William Oliver wrote:
What I'm trying to figure out is where uwsgi yanks control from nginx and does the rewriting. Pulling that proxypass stuff out will stop mailman3 from coming up, and adding it allows mailman3 to show its interface, but the address gets referred regardless.
Somehow I need to tell uwsgi to ignore www.domain.com *or* somehow tell nginx not to push it to port 8000. But I don't see where nginx is getting told to go to 8000 in the www.domain.com section.
If you are following https://docs.mailman3.org/en/latest/install/virtualenv.html you have
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
in your nginx config and everything goes to uwsgi. What you want is to put those proxy directives in only the mailman locations as at https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/... and then configure your document root so other locations are served from there.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Wed, 2021-12-29 at 09:21 -0800, Mark Sapiro wrote:
On 12/29/21 8:48 AM, William Oliver wrote:
What I'm trying to figure out is where uwsgi yanks control from nginx and does the rewriting. Pulling that proxypass stuff out will stop mailman3 from coming up, and adding it allows mailman3 to show its interface, but the address gets referred regardless.
Somehow I need to tell uwsgi to ignore www.domain.com *or* somehow tell nginx not to push it to port 8000. But I don't see where nginx is getting told to go to 8000 in the www.domain.com section.
If you are following https://docs.mailman3.org/en/latest/install/virtualenv.html you have
location / { proxy_pass http://127.0.0.1:8000; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; }in your nginx config and everything goes to uwsgi. What you want is to put those proxy directives in only the mailman locations as at https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/... and then configure your document root so other locations are served from there.
On Wed, 2021-12-29 at 09:21 -0800, Mark Sapiro wrote:
On 12/29/21 8:48 AM, William Oliver wrote:
[snip]
If you are following https://docs.mailman3.org/en/latest/install/virtualenv.html you have
location / { proxy_pass http://127.0.0.1:8000; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; }in your nginx config and everything goes to uwsgi. What you want is to put those proxy directives in only the mailman locations as at https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/... and then configure your document root so other locations are served from there.
The problem was more stupid than one might imagine. My browser was caching so no matter what changes I made, it loaded domain/mailman/lists because that was what was cached. When I tinkered with things, I only changed whether or not mailman was loaded after that. I changed machines and used a different browser, and it started working fine. And it worked fine on my regular box once I cleared my browser's cache.
It turns out that nginx works like it's supposed to work. Go figure.
So, just to make things clear. Here was my goal:
www.domain.com <-- go to welcome page lists.domain.com <-- go to mailman
later, I'll install roundcube for mail.domain.com
This gives me two primary entries in nginx. I'll send www.domain.com to /var/www/html2 and lists.domain.com to /var/www/html (though mailmanweb will kick in before that).
Here's the /etc/nginx/sites-enabled file that works. The entry for location/ for the mailman section is different from the one you pointed to, but it is cut and pasted from one of the examples on that site. I can't find it right now, though -- but it works fine, and life is short.
Anyway, this works if you clear your browser's cache:
##### paths for www.exampledomain.com ##### #### just goes to /var/www/html2 #####
server {
root /var/www/html2;
index index.html index.htm index.nginx-debian.html;
server_name exampledomain.com, mail.exampledomain.com,www.exampledomain.com;
location /{# try_files $uri $uri/ =404; }
##### added 12/19
listen 443 ssl default_server; listen [::]:443 ssl default_server; ##########
ssl_certificate/etc/letsencrypt/live/exampledomain.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/exampledomain.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
##### this for lists.exampledomain, that turns on mailman
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name lists.exampledomain.com;
location /{
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
#proxy_set_header X-Forwarded-For$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; }
location /static/ {
alias /opt/mailman/web/static/;
}##### added 12/19
listen 443 ssl ; listen [::]:443 ssl ;
##########
ssl_certificate /etc/letsencrypt/live/exampledomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key/etc/letsencrypt/live/exampledomain.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
###### Certbot stuff to force things to 443
server { if ($host = mail.exampledomain.com) { return 301 https://$host$request_uri; } # managed by Certbot
if ($host = www.exampledomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = lists.exampledomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name www.exampledomain.com lists.exampledomain.commail.exampledomain.com exampledomain.com; return 404; # managed by Certbot
}
participants (3)
-
David Newman -
Mark Sapiro -
William Oliver