mailman3 on new Debian 12 installation, got ssl apache working on all URLs except /mailman3
Hello to all:
Giant thank you to the community, Mark, Stephen, everyone. I have a lot of follow-up tasks in previous posts. Blazing forward on critical path flaws, first.
I require a Debian 12 VM that supports:
- Subversion
- Let's Encrypt and required challenges
- IMAP server
- mailman3
- DKIM server
I found this post helpful. https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/thread/Y...
I think I've noticed that posters avoid less than sign and express as html.
I hacked it into this, which I tried to anonymize. My alias /static/ had to point to different location for my installation. I have ssl working for Subversion and my Let's Encrypt challenges. And 6 of those ProxyPass seem to work through ssl, except for /mailman3. That fails. Surfing to example.com/mailman3 gets.
Service Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
<IfModule mod_ssl.c> <VirtualHost *:80> ServerName example.com
Redirect permanent / https://example.com/
DocumentRoot /var/www/html/example.com/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
ServerAdmin pjbondi@systemdatabase.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html/example.com/
ErrorLog ${APACHE_LOG_DIR}/example.com_error.log
CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com-0001/privkey.pem
Alias /static/ /opt/mailman/web/static/
<Directory "/opt/mailman/web/static/">
Require all granted
</Directory>
<IfModule mod_headers.c>
RequestHeader unset X-Forwarded-Proto
<If "%{HTTPS} =~ /on/">
RequestHeader set X-Forwarded-Proto "https"
</If>
</IfModule>
<IfModule mod_proxy.c>
ProxyPreserveHost On
ProxyPass "/postorius" "http://127.0.0.1:8000/postorius"
ProxyPass "/hyperkitty" "http://127.0.0.1:8000/hyperkitty"
ProxyPass "/accounts" "http://127.0.0.1:8000/accounts"
ProxyPass "/admin" "http://127.0.0.1:8000/admin"
ProxyPass "/user-profile" "http://127.0.0.1:8000/user-profile"
ProxyPass "/mailman3" "http://127.0.0.1:8000/mailman3"
ProxyPass "/archives" "http://127.0.0.1:8000/archives"
# https://github.com/maxking/docker-mailman/issues/525
#ProxyPass / unix:/run/mailman3-web/uwsgi.sock|uwsgi://localhost/
#ProxyPassReverse / unix:/run/mailman3-web/uwsgi.sock|uwsgi://localhost/
#ProxyPassMatch "^/$" "http://127.0.0.1:8000/mailman3"
</IfModule>
</VirtualHost></IfModule>
I was noticing that there's no mailman3 sub-dir, here. I tried changing to http://127.0.0.1:8000/django-mailman3, but that didn't work.
(venv) mailman@shackleton12:~$ ls -alF /opt/mailman/web/static/ total 40 drwxr-xr-x 10 mailman mailman 4096 Mar 24 16:03 ./ drwxr-xr-x 4 root root 4096 Mar 24 16:01 ../ drwxr-xr-x 3 mailman mailman 4096 Mar 24 16:03 account/ drwxr-xr-x 5 mailman mailman 4096 Mar 24 16:03 admin/ drwxr-xr-x 4 mailman mailman 4096 Mar 25 08:07 CACHE/ drwxr-xr-x 5 mailman mailman 4096 Mar 24 16:03 django_extensions/ drwxr-xr-x 5 mailman mailman 4096 Mar 24 16:03 django-mailman3/ drwxr-xr-x 6 mailman mailman 4096 Mar 24 16:03 hyperkitty/ drwxr-xr-x 6 mailman mailman 4096 Mar 24 16:03 postorius/ drwxr-xr-x 7 mailman mailman 4096 Mar 24 16:03 rest_framework/
Any ideas? What log file should I share? I've looked at apache and uwsgi logs, but I don't know what's relevant. I cannot seem to find an error in logs around mailman3 URL
On Thu, Mar 27, 2025 at 10:58 PM Philip Bondi <pjbondi@systemdatabase.com> wrote:
Hello to all:
Giant thank you to the community, Mark, Stephen, everyone. I have a lot of follow-up tasks in previous posts. Blazing forward on critical path flaws, first.
I require a Debian 12 VM that supports:
- Subversion
- Let's Encrypt and required challenges
- IMAP server
- mailman3
- DKIM server
I found this post helpful. https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/thread/Y...
I think I've noticed that posters avoid less than sign and express as html.
Let's ignore everything else and focus on Mailman3. Please follow the steps outlined at https://docs.mailman3.org/en/latest/install/virtualenv.html to get MM3 running. We will then help you add the SSL certificates to Apache.
SSLCertificateFile /etc/letsencrypt/live/example.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com-0001/privkey.pem
I find the above two quite strange. Certbot doesn't create certificate paths like you are showing. If your domain is lists.example.com, I expect /etc/letsencrypt/live/ example.com/fullchain.pem and /etc/letsencrypt/live/example.com/privkey.pem respectively.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
LE and certbot created those paths for me, somehow. Both on CentOS and Debian. Don't know why. Checked my putty logs. Cannot find the first emergence of strange path. You guys are superheroes.
Debian 12:
<PRE> pjbondi@shackleton12:~$ sudo -i root@shackleton12:~# cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 12 (bookworm)" NAME="Debian GNU/Linux" VERSION_ID="12" VERSION="12 (bookworm)" VERSION_CODENAME=bookworm ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" root@shackleton12:~# ls -alF /etc/letsencrypt/live/ total 32 drwx------ 7 root root 4096 Nov 29 07:57 ./ drwxr-xr-x 9 root root 4096 Mar 27 15:02 ../ -rw-r--r-- 1 root root 740 Nov 27 10:27 README drwxr-xr-x 2 root root 4096 Mar 6 09:03 systemdatabase.ca/ drwxr-xr-x 2 root root 4096 Mar 6 09:03 systemdatabase.ca-0001/ drwxr-xr-x 2 root root 4096 Mar 6 09:04 systemdatabase.com/ drwxr-xr-x 2 root root 4096 Mar 6 09:04 systemdatabase.com-0001/ drwxr-xr-x 2 root root 4096 Mar 6 09:04 systemdatabase.homelinux.com/ root@shackleton12:~# </PRE>
CentOS 7:
<PRE> [1004] $ cat /etc/os-release NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7"
[1005] $ ls -alF /etc/letsencrypt/live/ total 4 drwx------. 7 root root 168 Aug 15 2023 ./ drwxr-xr-x. 9 root root 108 Jan 19 03:22 ../ -rw-r--r--. 1 root root 740 Jul 2 2020 README drwxr-xr-x. 2 root root 93 Jan 19 2023 systemdatabase.ca/ drwxr-xr-x. 2 root root 112 Jan 19 03:22 systemdatabase.ca-0001/ drwxr-xr-x. 2 root root 112 Feb 5 2021 systemdatabase.com/ drwxr-xr-x. 2 root root 112 Jan 19 03:21 systemdatabase.com-0001/ drwxr-xr-x. 2 root root 112 Jan 19 03:20 systemdatabase.homelinux.com/ </PRE>
Again. We're almost there with ssl apache configs.
- works for LE challenge and Subversion https://systemdatabase.ca/
- 6 paths work for MM3 https://systemdatabase.ca/postorius/, etc
- But https://systemdatabase.ca/mailman3 fails
Philip Bondi writes:
Again. We're almost there with ssl apache configs.
You're done with the Apache configuration for Mailman suite, it's working. That's what the error message "Service Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later." means: "We got through to your server, but it is having problems right now."
The problem arises after successfully connecting to the WSGI service. Since everything but location /mailman3 (including /postorius, which invokes the same views as /mailman3) is working, then most likely the configuration for /mailman3 in urls.py is either missing or corrupted.
Steve
On Fri, Mar 28, 2025 at 12:06 AM Philip Bondi <pjbondi@systemdatabase.com> wrote:
LE and certbot created those paths for me, somehow. Both on CentOS and Debian. Don't know why. Checked my putty logs. Cannot find the first emergence of strange path. You guys are superheroes.
Debian 12:
<PRE> pjbondi@shackleton12:~$ sudo -i root@shackleton12:~# cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 12 (bookworm)" NAME="Debian GNU/Linux" VERSION_ID="12" VERSION="12 (bookworm)" VERSION_CODENAME=bookworm ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" root@shackleton12:~# ls -alF /etc/letsencrypt/live/ total 32 drwx------ 7 root root 4096 Nov 29 07:57 ./ drwxr-xr-x 9 root root 4096 Mar 27 15:02 ../ -rw-r--r-- 1 root root 740 Nov 27 10:27 README drwxr-xr-x 2 root root 4096 Mar 6 09:03 systemdatabase.ca/ drwxr-xr-x 2 root root 4096 Mar 6 09:03 systemdatabase.ca-0001/ drwxr-xr-x 2 root root 4096 Mar 6 09:04 systemdatabase.com/ drwxr-xr-x 2 root root 4096 Mar 6 09:04 systemdatabase.com-0001/ drwxr-xr-x 2 root root 4096 Mar 6 09:04 systemdatabase.homelinux.com/ root@shackleton12:~# </PRE>
CentOS 7:
<PRE> [1004] $ cat /etc/os-release NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7"
[1005] $ ls -alF /etc/letsencrypt/live/ total 4 drwx------. 7 root root 168 Aug 15 2023 ./ drwxr-xr-x. 9 root root 108 Jan 19 03:22 ../ -rw-r--r--. 1 root root 740 Jul 2 2020 README drwxr-xr-x. 2 root root 93 Jan 19 2023 systemdatabase.ca/ drwxr-xr-x. 2 root root 112 Jan 19 03:22 systemdatabase.ca-0001/ drwxr-xr-x. 2 root root 112 Feb 5 2021 systemdatabase.com/ drwxr-xr-x. 2 root root 112 Jan 19 03:21 systemdatabase.com-0001/ drwxr-xr-x. 2 root root 112 Jan 19 03:20 systemdatabase.homelinux.com/ </PRE>
Again. We're almost there with ssl apache configs.
- works for LE challenge and Subversion https://systemdatabase.ca/
- 6 paths work for MM3 https://systemdatabase.ca/postorius/, etc
- But https://systemdatabase.ca/mailman3 fails
So, might you be having a file named /etc/mailman3/urls.py and what does it contain?
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
My /etc/mailman3/urls.py is empty.
Should I, like it indicates in https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
cp /opt/mailman/venv/lib/python3.11/site-packages/mailman_web/urls.py /etc/mailman3/urls.py chown mailman:mailman /etc/mailman3/urls.py and add to /etc/mailman3/settings.py
ROOT_URLCONF = 'urls'
After completing above, https://systemdatabase.ca/mailman3 still gives Service Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Apache/2.4.62 (Debian) Server at systemdatabase.ca Port 443
On 3/31/25 06:26, Philip Bondi wrote:
My /etc/mailman3/urls.py is empty.
Should I, like it indicates in https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
cp /opt/mailman/venv/lib/python3.11/site-packages/mailman_web/urls.py /etc/mailman3/urls.py chown mailman:mailman /etc/mailman3/urls.py and add to /etc/mailman3/settings.py
ROOT_URLCONF = 'urls'
You can do all of that, but it's probably unnecessary. What is in /opt/mailman/venv/lib/python3.11/site-packages/mailman_web/urls.py? compare it to https://gitlab.com/mailman/mailman-web/-/blob/master/mailman_web/urls.py
After completing above, https://systemdatabase.ca/mailman3 still gives Service Unavailable
It appears that https://systemdatabase.ca/postorius works so the issue is almost certainly that your urls.py is missing
path('mailman3/', include('postorius.urls')),-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Thank you, Mark, and the whole community for your help, so far. Gosh, it feels so close.
It works from browser on Debian virtual machine:
But still fails through Apache:
root@shackleton12:~# *cat /etc/mailman3/urls.py* #
# # $Id: urls.py 165750 2025-03-31 18:19:32Z svn_beechwood $ # $URL: https://systemdatabase.com/svn/svn-sdi/sdi-sysadmin/trunk/SHACKLETON12-root/... $ # $Date: 2025-03-31 14:19:32 -0400 (Mon, 31 Mar 2025) $ # # Description: https://gitlab.com/mailman/mailman-web/-/blob/master/mailman_web/urls.py # #
# -*- coding: utf-8 -*- # Copyright (C) 2023 by the Free Software Foundation, Inc. # # This file is part of mailman-web. # # Postorius is free software: you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free # Software Foundation, either version 3 of the License, or (at your option) # any later version. # # Postorius is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for # more details. # # You should have received a copy of the GNU General Public License along with # Postorius. If not, see <http://www.gnu.org/licenses/>.
from django.conf.urls import include from django.contrib import admin from django.urls import path, reverse_lazy from django.views.generic import RedirectView
urlpatterns = [ path( '', RedirectView.as_view(url=reverse_lazy('list_index'), permanent=True), ), # Include alternate Postorius and HyperKitty URLs. path('postorius/', include('postorius.urls')), path('hyperkitty/', include('hyperkitty.urls')), # Order counts for various links. Put the above first and the following # after so the suggested Apache config still works. *path('mailman3/', include('postorius.urls')),* path('archives/', include('hyperkitty.urls')), path('', include('django_mailman3.urls')), path('accounts/', include('allauth.urls')), path('admin/', admin.site.urls), ]
When I hit https://systemdatabase.ca/mailman3, I see the following in /var/log/apache2/systemdatabase.ca_error.log
[Mon Mar 31 13:48:21.074890 2025] [proxy:error] [pid 3075263:tid 3075272] (2)No such file or directory: AH02454: uwsgi: attempt to connect to Unix domain socket */run/mailman3-web/uwsgi.sock* (localhost:0) failed [Mon Mar 31 13:48:21.075258 2025] [:error] [pid 3075263:tid 3075272] [client 192.168.1.1:48063] AH10101: failed to make connection to backend: localhost:0
This is my /etc/apache2/sites-available/systemdatabase.ca-le-ssl.conf
#
# # $Id: systemdatabase.ca-le-ssl.conf 165634 2025-03-27 20:07:40Z svn_beechwood $ # $URL: https://systemdatabase.com/svn/svn-sdi/sdi-sysadmin/trunk/SHACKLETON12-root/... $ # $Date: 2025-03-27 16:07:40 -0400 (Thu, 27 Mar 2025) $ # # Description: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/thread/Y... # #
<IfModule mod_ssl.c> <VirtualHost *:80> ServerName systemdatabase.ca
Redirect permanent / https://systemdatabase.ca/ DocumentRoot /var/www/html/systemdatabase.ca/ </VirtualHost>
<VirtualHost *:443> SSLEngine on ServerAdmin pjbondi@systemdatabase.com ServerName systemdatabase.ca ServerAlias www.systemdatabase.ca DocumentRoot /var/www/html/systemdatabase.ca/ ErrorLog ${APACHE_LOG_DIR}/systemdatabase.ca_error.log CustomLog ${APACHE_LOG_DIR}/systemdatabase.ca_access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/systemdatabase.ca-0001/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/systemdatabase.ca-0001/privkey.pem
Alias /static/ /opt/mailman/web/static/ <Directory "/opt/mailman/web/static/"> Require all granted </Directory>
<IfModule mod_headers.c> RequestHeader unset X-Forwarded-Proto <If "%{HTTPS} =~ /on/"> RequestHeader set X-Forwarded-Proto "https" </If> </IfModule>
<IfModule mod_proxy.c> ProxyPreserveHost On ProxyPass "/postorius" "http://127.0.0.1:8000/postorius" ProxyPass "/hyperkitty" "http://127.0.0.1:8000/hyperkitty" ProxyPass "/accounts" "http://127.0.0.1:8000/accounts" ProxyPass "/admin" "http://127.0.0.1:8000/admin" ProxyPass "/user-profile" "http://127.0.0.1:8000/user-profile" ProxyPass "/mailman3" "http://127.0.0.1:8000/mailman3" ProxyPass "/archives" "http://127.0.0.1:8000/archives" # https://github.com/maxking/docker-mailman/issues/525 #ProxyPass / unix:/run/mailman3-web/uwsgi.sock|uwsgi://localhost/ #ProxyPassReverse / unix:/run/mailman3-web/uwsgi.sock|uwsgi://localhost/ ProxyPassMatch "^/$" "http://127.0.0.1:8000/mailman3" </IfModule> </VirtualHost>
</IfModule>
-- Philip Bondi,pjbondi@SystemDatabase.com cell: +1 -416 540-2869
Mailman's content filtering has removed the following MIME parts from this message.
Content-Type: image/png Name: 07YHHkaJc8flnc8d.png
Content-Type: image/png Name: tBLp6tc9U7kLbxko.png
Replaced multipart/alternative part with first alternative.
On Mon, Mar 31, 2025 at 9:32 PM Philip Bondi <pjbondi@systemdatabase.com> wrote:
Thank you, Mark, and the whole community for your help, so far. Gosh, it feels so close.
It works from browser on Debian virtual machine:
But still fails through Apache:
root@shackleton12:~# *cat /etc/mailman3/urls.py* #
# # $Id: urls.py 165750 2025-03-31 18:19:32Z svn_beechwood $ # $URL:
https://systemdatabase.com/svn/svn-sdi/sdi-sysadmin/trunk/SHACKLETON12-root/... $ # $Date: 2025-03-31 14:19:32 -0400 (Mon, 31 Mar 2025) $ # # Description: https://gitlab.com/mailman/mailman-web/-/blob/master/mailman_web/urls.py # #
# -*- coding: utf-8 -*- # Copyright (C) 2023 by the Free Software Foundation, Inc. # # This file is part of mailman-web. # # Postorius is free software: you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free # Software Foundation, either version 3 of the License, or (at your option) # any later version. # # Postorius is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for # more details. # # You should have received a copy of the GNU General Public License along with # Postorius. If not, see <http://www.gnu.org/licenses/>.
from django.conf.urls import include from django.contrib import admin from django.urls import path, reverse_lazy from django.views.generic import RedirectView
urlpatterns = [ path( '', RedirectView.as_view(url=reverse_lazy('list_index'), permanent=True), ), # Include alternate Postorius and HyperKitty URLs. path('postorius/', include('postorius.urls')), path('hyperkitty/', include('hyperkitty.urls')), # Order counts for various links. Put the above first and the following # after so the suggested Apache config still works. *path('mailman3/', include('postorius.urls')),* path('archives/', include('hyperkitty.urls')), path('', include('django_mailman3.urls')), path('accounts/', include('allauth.urls')), path('admin/', admin.site.urls), ]
When I hit https://systemdatabase.ca/mailman3, I see the following in /var/log/apache2/systemdatabase.ca_error.log
[Mon Mar 31 13:48:21.074890 2025] [proxy:error] [pid 3075263:tid 3075272] (2)No such file or directory: AH02454: uwsgi: attempt to connect to Unix domain socket */run/mailman3-web/uwsgi.sock*
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ uwsgi running outside virtualenv??
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
Odhiambo Washington via Mailman-users writes:
connect to Unix domain socket */run/mailman3-web/uwsgi.sock*
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ uwsgi running outside virtualenv??
I don't think that's a problem, unless also running in a chroot, which would be confusing no matter where uswgi is running.
"Cannot connect" might mean
- uwsgi is running chrooted, and mailman-web should be looking in /path/to/chroot/run/mailman3-web/uwsgi.sock (mentioned first only because I have chroot on the brain because Debian Postfix config)
- uwsgi isn't running (this is my bet, because all the mailman-web URLs except mailman3/ were working and they all go through that socket -- I bet they're not working now!)
- /run/mailman3-web/uwsgi.sock got deleted
- /run/mailman3-web/uwsgi.sock got wrong permissions
- the socket is actually /run/mailman3_web/uwsgi.sock or similar (with an underscore!) and mailman-web is misconfigured
But as Mark said, the problem you have with "mailman3/" is urls.py.
Personally, I think you *should* do the things that Mark said are unnecessary. He's right, but I strongly prefer to keep all my changes to default configuration in one place, and that's /etc/mailman3 for you if I recall correctly. The very fact that you have /etc/mailman3/urls.py screams "I have changed this file" and that's often useful.
Steve
Hello to all:
I believe that the community should consider mailman3 with ssl a "standard configuration". Feels like most admins would like Let's Encrypt certs and ssl secured access.
Thank you very much. Thread is closed. You can see in a previous post that I had an error in my /etc/apache2/sites-available/systemdatabase.ca-le-ssl.conf
I think the "standard config" is supposed to avoid unix sockets. But I had something about sockets that has since been removed. You are all superheroes.
<IfModule mod_ssl.c> <VirtualHost *:80> ServerName systemdatabase.ca
Redirect permanent / https://systemdatabase.ca/
DocumentRoot /var/www/html/systemdatabase.ca/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
ServerAdmin pjbondi@systemdatabase.com
ServerName systemdatabase.ca
ServerAlias www.systemdatabase.ca
DocumentRoot /var/www/html/systemdatabase.ca/
ErrorLog ${APACHE_LOG_DIR}/systemdatabase.ca_error.log
CustomLog ${APACHE_LOG_DIR}/systemdatabase.ca_access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/systemdatabase.ca-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/systemdatabase.ca-0001/privkey.pem
Alias /static/ /opt/mailman/web/static/
<Directory "/opt/mailman/web/static/">
Require all granted
</Directory>
<IfModule mod_headers.c>
RequestHeader unset X-Forwarded-Proto
<If "%{HTTPS} =~ /on/">
RequestHeader set X-Forwarded-Proto "https"
</If>
</IfModule>
<IfModule mod_proxy.c>
ProxyPreserveHost On
ProxyPass "/postorius" "http://127.0.0.1:8000/postorius"
ProxyPass "/hyperkitty" "http://127.0.0.1:8000/hyperkitty"
ProxyPass "/accounts" "http://127.0.0.1:8000/accounts"
ProxyPass "/admin" "http://127.0.0.1:8000/admin"
ProxyPass "/user-profile" "http://127.0.0.1:8000/user-profile"
ProxyPass "/mailman3" "http://127.0.0.1:8000/mailman3"
ProxyPass "/archives" "http://127.0.0.1:8000/archives"
ProxyPassMatch "^/$" "http://127.0.0.1:8000/mailman3"
</IfModule>
</VirtualHost></IfModule>
participants (4)
-
Mark Sapiro -
Odhiambo Washington -
Philip Bondi -
Stephen J. Turnbull