I'm in the process of setting up mailman3. The only problem I seem to be having is getting Hyperkitty to archive messages. Rather than the authorisation problems people have previously asked about on the list, I am getting a 403 error...
Aug 05 15:38:40 2019 (10229) HyperKitty failure on http://localhost/mailman3/hyperkitty/api/mailman/urls: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403) Aug 05 15:38:58 2019 (10222) HyperKitty failure on http://localhost/mailman3/hyperkitty/api/mailman/archive: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403)
Any suggestions would be appreciated.
Phil
On Mon, Aug 5, 2019, at 10:06 AM, Phil Thompson wrote:
I'm in the process of setting up mailman3. The only problem I seem to be having is getting Hyperkitty to archive messages. Rather than the authorisation problems people have previously asked about on the list, I am getting a 403 error...
Aug 05 15:38:40 2019 (10229) HyperKitty failure on http://localhost/mailman3/hyperkitty/api/mailman/urls: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403) Aug 05 15:38:58 2019 (10222) HyperKitty failure on http://localhost/mailman3/hyperkitty/api/mailman/archive: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403)
Any suggestions would be appreciated.
How did you install Hyperkitty?
You probably need to the set the API key correctly in both Core and Hyperkitty.
Have you looked at documentation here1?
Note that the MAILMAN_ARCHIVER_KEY = "value" (this value should be in quotes, single or double, doesn't matter) in your settings.py for Web (Django) should be same as the api_key : value (without quotes here in hyperkitty.cfg config file).
Phil
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
-- thanks, Abhilash Raj (maxking)
On 06/08/2019 03:38, Abhilash Raj wrote:
On Mon, Aug 5, 2019, at 10:06 AM, Phil Thompson wrote:
I'm in the process of setting up mailman3. The only problem I seem to be having is getting Hyperkitty to archive messages. Rather than the authorisation problems people have previously asked about on the list, I am getting a 403 error...
Aug 05 15:38:40 2019 (10229) HyperKitty failure on http://localhost/mailman3/hyperkitty/api/mailman/urls: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403) Aug 05 15:38:58 2019 (10222) HyperKitty failure on http://localhost/mailman3/hyperkitty/api/mailman/archive: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403)
Any suggestions would be appreciated.
How did you install Hyperkitty?
On Ubuntu...
apt-get install mailman3-full
You probably need to the set the API key correctly in both Core and Hyperkitty.
Have you looked at documentation here1?
Note that the MAILMAN_ARCHIVER_KEY = "value" (this value should be in quotes, single or double, doesn't matter) in your settings.py for Web (Django) should be same as the
api_key : value(without quotes here in hyperkitty.cfg config file).
That's all correct. I'm familiar with the authorisation issues that other people have had.
The only thing I'm doing differently (as far as I am aware) is that I'm using a URL prefixed with /mailman3 which is stripped off in my nginx configuration...
# mailman3.
location /mailman3/ {
uwsgi_pass unix:/run/mailman3/web/uwsgi.sock;
include uwsgi_params;
uwsgi_param SERVER_ADDR $server_addr;
uwsgi_modifier1 30;
uwsgi_param SCRIPT_NAME /mailman3;
}
location /mailman3/static {
alias /var/lib/mailman3/web/static;
}
location /mailman3/static/favicon.ico {
alias /var/lib/mailman3/web/static/postorius/img/favicon.ico;
}...but I don't see this affecting the mailman to Hyperkitty communication. Posting to lists and the Postorius and Hyperkitty frontends seem to work fine.
Phil
On 06/08/2019 09:48, Phil Thompson wrote:
On 06/08/2019 03:38, Abhilash Raj wrote:
On Mon, Aug 5, 2019, at 10:06 AM, Phil Thompson wrote:
I'm in the process of setting up mailman3. The only problem I seem to be having is getting Hyperkitty to archive messages. Rather than the authorisation problems people have previously asked about on the list, I am getting a 403 error...
Aug 05 15:38:40 2019 (10229) HyperKitty failure on http://localhost/mailman3/hyperkitty/api/mailman/urls: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403) Aug 05 15:38:58 2019 (10222) HyperKitty failure on http://localhost/mailman3/hyperkitty/api/mailman/archive: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403)
Any suggestions would be appreciated.
How did you install Hyperkitty?
On Ubuntu...
apt-get install mailman3-full
You probably need to the set the API key correctly in both Core and Hyperkitty.
Have you looked at documentation here1?
Note that the MAILMAN_ARCHIVER_KEY = "value" (this value should be in quotes, single or double, doesn't matter) in your settings.py for Web (Django) should be same as the
api_key : value(without quotes here in hyperkitty.cfg config file).That's all correct. I'm familiar with the authorisation issues that other people have had.
The only thing I'm doing differently (as far as I am aware) is that I'm using a URL prefixed with /mailman3 which is stripped off in my nginx configuration...
# mailman3. location /mailman3/ { uwsgi_pass unix:/run/mailman3/web/uwsgi.sock; include uwsgi_params; uwsgi_param SERVER_ADDR $server_addr; uwsgi_modifier1 30; uwsgi_param SCRIPT_NAME /mailman3; } location /mailman3/static { alias /var/lib/mailman3/web/static; } location /mailman3/static/favicon.ico { alias /var/lib/mailman3/web/static/postorius/img/favicon.ico; }...but I don't see this affecting the mailman to Hyperkitty communication. Posting to lists and the Postorius and Hyperkitty frontends seem to work fine.
I have now fixed the 403 error (by setting MAILMAN_ARCHIVER_FROM to my public IP address). However I now get a 400 Bad Request error.
I have traced this to the archive() function in hyperkitty/views/mailman.py which is expect a POST but is actually getting a GET, specifically...
GET '/mailman3/hyperkitty/api/mailman/archive?key=...'
...which seems to be a fairly fundamental problem.
Again, any suggestions would be welcome.
Phil
On Wed, Aug 7, 2019, at 8:41 AM, Phil Thompson wrote:
On 06/08/2019 09:48, Phil Thompson wrote:
On 06/08/2019 03:38, Abhilash Raj wrote:
On Mon, Aug 5, 2019, at 10:06 AM, Phil Thompson wrote:
I'm in the process of setting up mailman3. The only problem I seem to be having is getting Hyperkitty to archive messages. Rather than the authorisation problems people have previously asked about on the list, I am getting a 403 error...
Aug 05 15:38:40 2019 (10229) HyperKitty failure on http://localhost/mailman3/hyperkitty/api/mailman/urls: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403) Aug 05 15:38:58 2019 (10222) HyperKitty failure on http://localhost/mailman3/hyperkitty/api/mailman/archive: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403)
Any suggestions would be appreciated.
How did you install Hyperkitty?
On Ubuntu...
apt-get install mailman3-full
You probably need to the set the API key correctly in both Core and Hyperkitty.
Have you looked at documentation here1?
Note that the MAILMAN_ARCHIVER_KEY = "value" (this value should be in quotes, single or double, doesn't matter) in your settings.py for Web (Django) should be same as the
api_key : value(without quotes here in hyperkitty.cfg config file).That's all correct. I'm familiar with the authorisation issues that other people have had.
The only thing I'm doing differently (as far as I am aware) is that I'm using a URL prefixed with /mailman3 which is stripped off in my nginx configuration...
# mailman3. location /mailman3/ { uwsgi_pass unix:/run/mailman3/web/uwsgi.sock; include uwsgi_params; uwsgi_param SERVER_ADDR $server_addr; uwsgi_modifier1 30; uwsgi_param SCRIPT_NAME /mailman3; } location /mailman3/static { alias /var/lib/mailman3/web/static; } location /mailman3/static/favicon.ico { alias /var/lib/mailman3/web/static/postorius/img/favicon.ico; }...but I don't see this affecting the mailman to Hyperkitty communication. Posting to lists and the Postorius and Hyperkitty frontends seem to work fine.
I have now fixed the 403 error (by setting MAILMAN_ARCHIVER_FROM to my public IP address). However I now get a 400 Bad Request error.
I have traced this to the archive() function in hyperkitty/views/mailman.py which is expect a POST but is actually getting a GET, specifically...
GET '/mailman3/hyperkitty/api/mailman/archive?key=...'
...which seems to be a fairly fundamental problem.
Again, any suggestions would be welcome.
It should be sending POST request to archive emails1. How did you grab the above request? Was it from logs?
Do you have anything else in the logs? There should be something in the Mailman Core or web logs should have something.
-- thanks, Abhilash Raj (maxking)
On 07/08/2019 17:04, Abhilash Raj wrote:
On Wed, Aug 7, 2019, at 8:41 AM, Phil Thompson wrote:
On 06/08/2019 09:48, Phil Thompson wrote:
On 06/08/2019 03:38, Abhilash Raj wrote:
On Mon, Aug 5, 2019, at 10:06 AM, Phil Thompson wrote:
I'm in the process of setting up mailman3. The only problem I seem to be having is getting Hyperkitty to archive messages. Rather than the authorisation problems people have previously asked about on the list, I am getting a 403 error...
Aug 05 15:38:40 2019 (10229) HyperKitty failure on http://localhost/mailman3/hyperkitty/api/mailman/urls: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403) Aug 05 15:38:58 2019 (10222) HyperKitty failure on http://localhost/mailman3/hyperkitty/api/mailman/archive: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403)
Any suggestions would be appreciated.
How did you install Hyperkitty?
On Ubuntu...
apt-get install mailman3-full
You probably need to the set the API key correctly in both Core and Hyperkitty.
Have you looked at documentation here1?
Note that the MAILMAN_ARCHIVER_KEY = "value" (this value should be in quotes, single or double, doesn't matter) in your settings.py for Web (Django) should be same as the
api_key : value(without quotes here in hyperkitty.cfg config file).That's all correct. I'm familiar with the authorisation issues that other people have had.
The only thing I'm doing differently (as far as I am aware) is that I'm using a URL prefixed with /mailman3 which is stripped off in my nginx configuration...
# mailman3. location /mailman3/ { uwsgi_pass unix:/run/mailman3/web/uwsgi.sock; include uwsgi_params; uwsgi_param SERVER_ADDR $server_addr; uwsgi_modifier1 30; uwsgi_param SCRIPT_NAME /mailman3; } location /mailman3/static { alias /var/lib/mailman3/web/static; } location /mailman3/static/favicon.ico { alias /var/lib/mailman3/web/static/postorius/img/favicon.ico; }...but I don't see this affecting the mailman to Hyperkitty communication. Posting to lists and the Postorius and Hyperkitty frontends seem to work fine.
I have now fixed the 403 error (by setting MAILMAN_ARCHIVER_FROM to my public IP address). However I now get a 400 Bad Request error.
I have traced this to the archive() function in hyperkitty/views/mailman.py which is expect a POST but is actually getting a GET, specifically...
GET '/mailman3/hyperkitty/api/mailman/archive?key=...'
...which seems to be a fairly fundamental problem.
Again, any suggestions would be welcome.
It should be sending POST request to archive emails1. How did you grab the above request? Was it from logs?
Yes, I added DEBUG=True in mailman-web.py and captured the HTML from mailman.log.
Do you have anything else in the logs? There should be something in the Mailman Core or web logs should have something.
There's nothing useful in the core log.
There are 3 preceding entries in the web log...
GET /mailman3/hyperkitty/api/mailman/urls?mlist=...&key=... GET /mailman3/hyperkitty/api/mailman/urls?mlist=...&msgid=...&key=... GET /mailman3/hyperkitty/api/mailman/urls?mlist=...&msgid=...&key=...
There is one item in the spool directory.
These were all (apparently) successful. It seems odd that the last two entries were identical.
Phil
On Wed, Aug 7, 2019, at 9:49 AM, Phil Thompson wrote:
On 07/08/2019 17:04, Abhilash Raj wrote:
On Wed, Aug 7, 2019, at 8:41 AM, Phil Thompson wrote:
On 06/08/2019 09:48, Phil Thompson wrote:
On 06/08/2019 03:38, Abhilash Raj wrote:
On Mon, Aug 5, 2019, at 10:06 AM, Phil Thompson wrote:
I'm in the process of setting up mailman3. The only problem I seem to be having is getting Hyperkitty to archive messages. Rather than the authorisation problems people have previously asked about on the list, I am getting a 403 error...
Aug 05 15:38:40 2019 (10229) HyperKitty failure on http://localhost/mailman3/hyperkitty/api/mailman/urls: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403) Aug 05 15:38:58 2019 (10222) HyperKitty failure on http://localhost/mailman3/hyperkitty/api/mailman/archive: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403)
Any suggestions would be appreciated.
How did you install Hyperkitty?
On Ubuntu...
apt-get install mailman3-full
You probably need to the set the API key correctly in both Core and Hyperkitty.
Have you looked at documentation here1?
Note that the MAILMAN_ARCHIVER_KEY = "value" (this value should be in quotes, single or double, doesn't matter) in your settings.py for Web (Django) should be same as the
api_key : value(without quotes here in hyperkitty.cfg config file).That's all correct. I'm familiar with the authorisation issues that other people have had.
The only thing I'm doing differently (as far as I am aware) is that I'm using a URL prefixed with /mailman3 which is stripped off in my nginx configuration...
# mailman3. location /mailman3/ { uwsgi_pass unix:/run/mailman3/web/uwsgi.sock; include uwsgi_params; uwsgi_param SERVER_ADDR $server_addr; uwsgi_modifier1 30; uwsgi_param SCRIPT_NAME /mailman3; } location /mailman3/static { alias /var/lib/mailman3/web/static; } location /mailman3/static/favicon.ico { alias /var/lib/mailman3/web/static/postorius/img/favicon.ico; }...but I don't see this affecting the mailman to Hyperkitty communication. Posting to lists and the Postorius and Hyperkitty frontends seem to work fine.
I have now fixed the 403 error (by setting MAILMAN_ARCHIVER_FROM to my public IP address). However I now get a 400 Bad Request error.
I have traced this to the archive() function in hyperkitty/views/mailman.py which is expect a POST but is actually getting a GET, specifically...
GET '/mailman3/hyperkitty/api/mailman/archive?key=...'
...which seems to be a fairly fundamental problem.
Again, any suggestions would be welcome.
It should be sending POST request to archive emails1. How did you grab the above request? Was it from logs?
Yes, I added DEBUG=True in mailman-web.py and captured the HTML from mailman.log.
DEBUG=True doesn't print anything more useful around the 400 error response?
Do you have anything else in the logs? There should be something in the Mailman Core or web logs should have something.
There's nothing useful in the core log.
There are 3 preceding entries in the web log...
GET /mailman3/hyperkitty/api/mailman/urls?mlist=...&key=... GET /mailman3/hyperkitty/api/mailman/urls?mlist=...&msgid=...&key=... GET /mailman3/hyperkitty/api/mailman/urls?mlist=...&msgid=...&key=...
There is one item in the spool directory.
These were all (apparently) successful. It seems odd that the last two entries were identical.
The only other thing that I can think of is, ALLOWED_HOSTS. What settings do you have in your ALLOWED_HOSTS in settings.py for Django?
You need to have 'localhost' or whatever is the value of the "Host" in the "base_url" in your hyperkitty.cfg file in Mailman Core. I am not sure what is the default value in Ubuntu system.
If you don't know, you can debug by adding a '*' in your ALLOWED_HOSTS and see if the problem goes away, this will bypass the Host header check.
-- thanks, Abhilash Raj (maxking)
On 08/08/2019 02:11, Abhilash Raj wrote:
On Wed, Aug 7, 2019, at 9:49 AM, Phil Thompson wrote:
On 07/08/2019 17:04, Abhilash Raj wrote:
On Wed, Aug 7, 2019, at 8:41 AM, Phil Thompson wrote:
On 06/08/2019 09:48, Phil Thompson wrote:
On 06/08/2019 03:38, Abhilash Raj wrote:
On Mon, Aug 5, 2019, at 10:06 AM, Phil Thompson wrote: > I'm in the process of setting up mailman3. The only problem I seem to > be > having is getting Hyperkitty to archive messages. Rather than the > authorisation problems people have previously asked about on the > list, I > am getting a 403 error... > > Aug 05 15:38:40 2019 (10229) HyperKitty failure on > http://localhost/mailman3/hyperkitty/api/mailman/urls: > <html><title>Forbidden</title><body> > <h1>Access is forbidden</h1></body></html> (403) > Aug 05 15:38:58 2019 (10222) HyperKitty failure on > http://localhost/mailman3/hyperkitty/api/mailman/archive: > <html><title>Forbidden</title><body> > <h1>Access is forbidden</h1></body></html> (403) > > Any suggestions would be appreciated.
How did you install Hyperkitty?
On Ubuntu...
apt-get install mailman3-full
You probably need to the set the API key correctly in both Core and Hyperkitty.
Have you looked at documentation here1?
Note that the MAILMAN_ARCHIVER_KEY = "value" (this value should be in quotes, single or double, doesn't matter) in your settings.py for Web (Django) should be same as the
api_key : value(without quotes here in hyperkitty.cfg config file).That's all correct. I'm familiar with the authorisation issues that other people have had.
The only thing I'm doing differently (as far as I am aware) is that I'm using a URL prefixed with /mailman3 which is stripped off in my nginx configuration...
# mailman3. location /mailman3/ { uwsgi_pass unix:/run/mailman3/web/uwsgi.sock; include uwsgi_params; uwsgi_param SERVER_ADDR $server_addr; uwsgi_modifier1 30; uwsgi_param SCRIPT_NAME /mailman3; } location /mailman3/static { alias /var/lib/mailman3/web/static; } location /mailman3/static/favicon.ico { alias /var/lib/mailman3/web/static/postorius/img/favicon.ico; }...but I don't see this affecting the mailman to Hyperkitty communication. Posting to lists and the Postorius and Hyperkitty frontends seem to work fine.
I have now fixed the 403 error (by setting MAILMAN_ARCHIVER_FROM to my public IP address). However I now get a 400 Bad Request error.
I have traced this to the archive() function in hyperkitty/views/mailman.py which is expect a POST but is actually getting a GET, specifically...
GET '/mailman3/hyperkitty/api/mailman/archive?key=...'
...which seems to be a fairly fundamental problem.
Again, any suggestions would be welcome.
It should be sending POST request to archive emails1. How did you grab the above request? Was it from logs?
Yes, I added DEBUG=True in mailman-web.py and captured the HTML from mailman.log.
DEBUG=True doesn't print anything more useful around the 400 error response?
It prints the usual Django debug html, including the Python traceback, which is how I knew which line of code was raising the 400 error.
Do you have anything else in the logs? There should be something in the Mailman Core or web logs should have something.
There's nothing useful in the core log.
There are 3 preceding entries in the web log...
GET /mailman3/hyperkitty/api/mailman/urls?mlist=...&key=... GET /mailman3/hyperkitty/api/mailman/urls?mlist=...&msgid=...&key=... GET /mailman3/hyperkitty/api/mailman/urls?mlist=...&msgid=...&key=...
There is one item in the spool directory.
These were all (apparently) successful. It seems odd that the last two entries were identical.
The only other thing that I can think of is, ALLOWED_HOSTS. What settings do you have in your ALLOWED_HOSTS in settings.py for Django?
You need to have 'localhost' or whatever is the value of the "Host" in the "base_url" in your hyperkitty.cfg file in Mailman Core. I am not sure what is the default value in Ubuntu system.
If you don't know, you can debug by adding a '*' in your ALLOWED_HOSTS and see if the problem goes away, this will bypass the Host header check.
ALLOWED_HOSTS is ['*'].
Phil
I had the same problem when getting Hyperkitty to work.
It was caused by a global redirect on my web server which was redirecting every web request received for *:80 to https://... url. This is enabled by default if you run certbot, for example to automagically update your web server config, enable https and redirect all non-https to https.
mailman3 conf doesn't know about that, of course.
I had to explicitly create a non-https port 80 listener for localhost:
(in apache2, but nginx has similar conf:)
<VirtualHost 127.0.0.1:80 [::1]:80>
... ServerName localhost
# Mailman3 conf: Include conf-available/mailman3.conf
...
</VirtualHost>
/etc/apache2/conf-available/mailman3.conf is just a symlink to the example provided in /etc/mailman3/apache.conf
Similar example is provided for nginx.
>> Aug 05 15:38:40 2019 (10229) HyperKitty failure on >> http://localhost/mailman3/hyperkitty/api/mailman/urls: >> <html><title>Forbidden</title><body> >> <h1>Access is forbidden</h1></body></html> (403) >> Aug 05 15:38:58 2019 (10222) HyperKitty failure on >> http://localhost/mailman3/hyperkitty/api/mailman/archive: >> <html><title>Forbidden</title><body> >> <h1>Access is forbidden</h1></body></html> (403) >> >> Any suggestions would be appreciated. >
-- Robert Lister - email: robl@lentil.org - tel: 020 7043 7996
Holy Schmoly Robert - this was it for me, thank you for this post! This is very unfamiliar territory for me (the virtual host stuff) and I had to do some self-teaching before I could follow where to put the lines of code you referenced. But the internets are replete with examples and I'm a quick learner so for others who might be complete virtual host newbs like myself, here's a little more detail on how I applied this fix to resolve the 403 Forbidden error I was getting:
(after making sure the archiver keys matched and the base url was set to my actual domain and my ip was added to the MAIL_FROM variable)
The mailman3-full install for Debian provides you with an apache.conf file (in the deployment folder) and creates a symbolic link to it in the apache virtual hosts configuration folders (etc/apache2/conf-available). So that is nice - that is already taken care of.
What I wasn't sure about was where to add the new <VirtualHost 127.0.0.1:80 [::1]:80></VirtualHost> section provided by Robert. In the /etc/apache2/sites-available folder just two of the conf files are linked into the /sites-enabled folder so I figured it was one of those. One of them is clearly the ssl conf settings and the other, well I guess it's the default one you have before you install ssl on your server. I opted to add the new section to that one (000-default.conf).
I created the section at the top and just added the 2 lines to it for ServerName and Include, and a note to explain why it was there. After saving the file and exiting, I reloaded apache2. <VirtualHost 127.0.0.1:80 [::1]:80> # non-https port 80 listener for localhost so hyperkitty can archive ServerName localhost Include conf-available/mailman3.conf </VirtualHost>
What a nice surprise too that all 6 billion test messages I sent trying to get this to work showed up in the archive! :-) And actually that WAS a nice surprise because this is a live and active server and several messages had already come in since I deployed it this morning so those are now in the archives as well.
Time to go play outside. Happy first day of summer to all!
~Kelly
Sorry for not replying earlier to this, but as noted, the underlying issue is that a redirect from http to https in the web server is losing POST data. While this can be fixed by munging the web server to not redirect http requests from local host, the preferred fix is to not use http in the first place. This is accomplished by using an https scheme in the setting for base_url in mailman-hyperkitty.cfg.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Hi Mark - could you elaborate on this just a little? One of the things I did try was to include the https:// prefix in my base URL setting and it did not affect the issue. Is there a different way to use an https scheme in the base_url setting than just adding the 's'? I tried every combination I could think of for that setting, restarting both mailman and apache2 between each try I think, but maybe I missed something. ~Kelly
On 6/24/20 7:28 AM, kelly.close@lrewater.com wrote:
Hi Mark - could you elaborate on this just a little? One of the things I did try was to include the https:// prefix in my base URL setting and it did not affect the issue. Is there a different way to use an https scheme in the base_url setting than just adding the 's'? I tried every combination I could think of for that setting, restarting both mailman and apache2 between each try I think, but maybe I missed something. ~Kelly
I don't know what the issue was in your case, but if it was fixed by changing the Appache config to not redirect http to https for requests from localhost, it should be fixed by just going to https in the first place unless there is some certificate issue at play. The relevant settings for this list are:
mailman-hyperkitty.cfg: [general] base_url: https://lists.mailman3.org/archives api_key: xxx
settings_local.py: MAILMAN_ARCHIVER_KEY = 'xxx' ALLOWED_HOSTS = ['localhost', '127.0.0.1', 'lists.mailman3.org', 'mail.mailman3.org', 'mailman.iad1.psf.io', 'mail.falconframework.org', '104.239.228.201', ]
(I'm sure the above is overkill, but ...)
MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1', '::ffff:127.0.0.1', '104.239.228.201', )
ACCOUNT_DEFAULT_HTTP_PROTOCOL = 'https'
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
I suspect then that my MAILMAN_ARCHIVER_FROM setting is deficient or... that ACCOUNT_DEFAULT_HTTP_PROTOCOL variable is a new one to me - I don't think I have that set anyplace. Perhaps that would have helped? I'm going to leave it be for now since the listener did the trick, but I will also copy these remarks into my Ubuntu 18.04 Mailman3 setup guide which just keeps getting better over time! Thanks.
~Kelly
K. Kelly Close, P. E. Senior Project Manager | Water Rights Engineer | Technology Team Lead Office: 303-455-9589 | Direct: 303-867-7665 Kelly.Close@LREwater.com <http://www.lrewater.com/> LREWATER.COM <http://lrewater.com/> 1221 Auraria Parkway, Denver, CO 80204
On 6/24/20 8:30 AM, Kelly Close wrote:
I suspect then that my MAILMAN_ARCHIVER_FROM setting is deficient or... that ACCOUNT_DEFAULT_HTTP_PROTOCOL variable is a new one to me - I don't think I have that set anyplace. Perhaps that would have helped?
I don't think so. ACCOUNT_DEFAULT_HTTP_PROTOCOL is a Django allauth setting and I think only affects things like logging in to Django.
MAILMAN_ARCHIVER_FROM is definitely relevant.
I'm going to leave it be for now since the listener did the trick, but I will also copy these remarks into my Ubuntu 18.04 Mailman3 setup guide which just keeps getting better over time! Thanks.
The bottom line here is if the only thing that changed that allowed things to work was creating a virtual host in Apache for 127.0.0.1:80 to not redirect to https, then Mailman core must have been (must be) going to port 80 (http). You've probably already done this more than once, but I suggest giving the following command
mailman conf -s archiver.hyperkitty -k configuration
This will print the path to the mailman-hyperkitty configuration file.
Look in that file for the base_url: setting and verify that it has an https scheme.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
I'm adding to this thread because I'm running into the 403 HyperKitty failure (Access is forbidden) and adding my public ip address to the MAILMAN_ARCHIVER_FROM variable did not do the trick. I'm at a loss as to what might be going on so I'm hoping someone is willing to put fresh eyes on this.
All other aspects of this new are site working. It's worth noting that I set up this new install and then restored database backups of mailman3 and mailman3web from my previous install, and also copied over the /var/lib/mailman3 folders (but I left behind the contents of the cache folder).
I can see in the apache access log that the attempts are coming from the public IP, and it shows the archive key I'm using also: 54.71.5.180 - - [20/Jun/2020:09:51:01 -0600] "POST /mailman3/hyperkitty/api/mailman/archive?key=<mykey> HTTP/1.1" 403 4151 "-" "python-requests/2.18.4"
Here's my ARCHIVER_FROM variable setting: MAILMAN_ARCHIVER_FROM = ('127.0.0.1','::1','54.71.5.180')
The apache error log has "broken pipe" messages which Mark said in are just the normal outcome of the failure and not a clue.
The mailman.log had both 403 (Access is forbidden) and 503 (Service Unavailable) errors, but the 403 errors come first and I think the 503 is just the result of not having access = here's what the 403 error looks like, right after the successful message posting:
Jun 20 09:50:59 2020 (29587) ACCEPT: <20200620155058.1324.27893@mailman3> Jun 20 09:51:00 2020 (29591) HyperKitty failure on https://udfcd-lists.org/mailman3/hyperkitty/api/mailman/urls: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403)
I verified (like a thousand times) that: MAILMAN_ARCHIVER_KEY (with quotes, in mailman-web.py) = api_key (without quotes, in mailman-hyperkitty.cfg)
And for fun, here's my base_url.
base_url: https://udfcd-lists.org/mailman3/hyperkitty/
I've tried it with http instead of https, and also and with the original //localhost/. With it set to localhost I get an ssl.CertificateError stating that localhost does not match any of the certified domains, which I think is because certbot sets you up with Virtual Hosts when you install the certificates so I need to have the base_url set to my actual domain and use the ARCHIVER_FROM variable to allow the IP address - I think I have all that set up right but still...forbidden.
I've run out of things to check - any thoughts out there? Thanks!
~Kelly
I got this one figured out - earlier in this post Robert Lister provided the answer in fact, but I didn't quite "get" what he was saying at first. Please see my reply to his post in this thread. ~Kelly
participants (6)
-
Abhilash Raj -
Kelly Close -
kelly.close@lrewater.com
-
Mark Sapiro -
Phil Thompson -
Robert Lister