postorius ssl-certificates for virtual hosts
Hello,
On my server are several virtual hosts running with different lists per host. The appropriate webaddress is in general: https://lists.[domain]/mailman3/postorius/lists/[listname].lists.[domain]. My domains: [domain-1] starts with a b* [domain-2] starts with a s* [domain-3] starts with a t*
If I use the webadress https://lists.[domain-1]/mailman3/postorius/lists/[listname].lists.[domain-1] and I do a click on the https-symbol in the address line of my browser I get the secury-information " every thing is ok" and the certificate-information is about the wildcard-certificate I just created for the right domain.
Different result is for the webadress https://lists.[domain-2]/mailman3/postorius/lists/[listname].lists.[domain-2]. In this case I get an information like "you are using a wrong certificate" clicking on the https-symbol references tot he certificate of [domain-1]
I set in my apache2 configuration a symbolic link to apache.conf in the /etc/mailman3/directory and made this active.
What did I wrong??
If I set use_https to yes in mailman.cfg I get on the website for all lists:
postorius: Something went wrong Mailman REST API not available. Please start Mailman core.
In the logs I found …
mailman.log Nov 14 23:04:25 2019 (28584) command runner started. Nov 14 23:20:41 2019 (28590) 127.0.0.1 - - "GET /3.0/lists?advertised=true&count=0&page=1 HTTP/1.1" 200 90 Nov 14 23:20:41 2019 (28590) 127.0.0.1 - - "GET /3.0/lists?advertised=true&count=10&page=1 HTTP/1.1" 200 606 Nov 14 23:20:41 2019 (28590) 127.0.0.1 - - "GET /3.1/domains HTTP/1.1" 200 1438 Nov 14 23:20:41 2019 (28590) 127.0.0.1 - - code 400, message Bad HTTP/0.9 request type ('\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x03\x00³m\x98¶\x02¨\\Å^\x11£ì{\x94«§*\x 9cÅýÎk\x9f¡ã\x89s/õë') Nov 14 23:20:41 2019 (28590) 127.0.0.1 - - "........ü...³m.¶.¨\Å^.£ì{.«§*.ÅýÎk.¡ã.s/õë .Ô$M...b¥øDR.Ï...G¹PpÖ.'W°û-Óìü¶.>......À,À0..̨̩̪À+À/..À$À(.kÀ#À'.gÀ" 400
mailman-web.log ERROR 2019-11-14 22:20:41,471 1405 postorius.middleware Mailman REST API not available Traceback (most recent call last): File "/usr/lib/python3/dist-packages/mailmanclient/restbase/connection.py", line 95, in call response, content = Http().request(url, method, data_str, headers) File "/usr/lib/python3/dist-packages/httplib2/__init__.py", line 1513, in request (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey) File "/usr/lib/python3/dist-packages/httplib2/__init__.py", line 1263, in _request (response, content) = self._conn_request(conn, request_uri, method, body, headers) File "/usr/lib/python3/dist-packages/httplib2/__init__.py", line 1186, in _conn_request conn.connect() File "/usr/lib/python3/dist-packages/httplib2/__init__.py", line 1012, in connect self.sock = self._context.wrap_socket(sock, server_hostname=self.host) File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket session=session File "/usr/lib/python3.7/ssl.py", line 853, in _create self.do_handshake() File "/usr/lib/python3.7/ssl.py", line 1117, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 185, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/usr/lib/python3/dist-packages/postorius/views/list.py", line 706, in list_index choosable_domains = _get_choosable_domains(request) File "/usr/lib/python3/dist-packages/postorius/views/list.py", line 560, in _get_choosable_domains return [(d.mail_host, d.mail_host) for d in domains] File "/usr/lib/python3/dist-packages/postorius/views/list.py", line 560, in <listcomp> return [(d.mail_host, d.mail_host) for d in domains] File "/usr/lib/python3/dist-packages/mailmanclient/restbase/base.py", line 121, in __getattr__ return self._get(name) File "/usr/lib/python3/dist-packages/mailmanclient/restbase/base.py", line 87, in _get return self.rest_data.get(key) File "/usr/lib/python3/dist-packages/mailmanclient/restbase/base.py", line 76, in rest_data response, content = self._connection.call(self._url) File "/usr/lib/python3/dist-packages/mailmanclient/restbase/connection.py", line 109, in call raise MailmanConnectionError('Could not connect to Mailman API') mailmanclient.restbase.connection.MailmanConnectionError: Could not connect to Mailman API [pid: 1405|app: 0|req: 963/963] 2a02:8108:483f:b9c0:94f1:d2bb:9642:b6d0 () {62 vars in 1310 bytes}
22:20:41 2019] GET /mailman3/postorius/lists/ => generated 3901 bytes in 89 msecs (HTTP/1.1 503) 5 headers in 180 bytes (1 switches on core 0)
On 11/14/19 3:05 PM, Wolfgang Bock via Mailman-users wrote:
Hello,
On my server are several virtual hosts running with different lists per host. The appropriate webaddress is in general: https://lists.[domain]/mailman3/postorius/lists/[listname].lists.[domain]. My domains: [domain-1] starts with a b* [domain-2] starts with a s* [domain-3] starts with a t*
If I use the webadress https://lists.[domain-1]/mailman3/postorius/lists/[listname].lists.[domain-1] and I do a click on the https-symbol in the address line of my browser I get the secury-information " every thing is ok" and the certificate-information is about the wildcard-certificate I just created for the right domain.
Different result is for the webadress https://lists.[domain-2]/mailman3/postorius/lists/[listname].lists.[domain-2]. In this case I get an information like "you are using a wrong certificate" clicking on the https-symbol references tot he certificate of [domain-1]
I set in my apache2 configuration a symbolic link to apache.conf in the /etc/mailman3/directory and made this active.
What did I wrong??
Your Apache config needs to define separate a VirtualHost for each domain, either by IP address or ServerName, and each VirtualHost points to its own SSL certificates.
If I set use_https to yes in mailman.cfg I get on the website for all lists:
postorius: Something went wrong Mailman REST API not available. Please start Mailman core.
In the logs I found … ... mailman-web.log ERROR 2019-11-14 22:20:41,471 1405 postorius.middleware Mailman REST API not available Traceback (most recent call last): File "/usr/lib/python3/dist-packages/mailmanclient/restbase/connection.py", line 95, in call response, content = Http().request(url, method, data_str, headers) File "/usr/lib/python3/dist-packages/httplib2/__init__.py", line 1513, in request (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey) File "/usr/lib/python3/dist-packages/httplib2/__init__.py", line 1263, in _request (response, content) = self._conn_request(conn, request_uri, method, body, headers) File "/usr/lib/python3/dist-packages/httplib2/__init__.py", line 1186, in _conn_request conn.connect() File "/usr/lib/python3/dist-packages/httplib2/__init__.py", line 1012, in connect self.sock = self._context.wrap_socket(sock, server_hostname=self.host) File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket session=session File "/usr/lib/python3.7/ssl.py", line 853, in _create self.do_handshake() File "/usr/lib/python3.7/ssl.py", line 1117, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)
Does your setting in settings(_local).py for MAILMAN_REST_API_URL have an https scheme?
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Am 15.11.2019 um 02:21 schrieb Mark Sapiro:
Your Apache config needs to define separate a VirtualHost for each domain, either by IP address or ServerName, and each VirtualHost points to its own SSL certificates.
Thanks for your info, that did it. I had to include the text of the apache.conf in all my apache-config-files for my virtual-domains.
If I set use_https to yes in mailman.cfg I get on the website for all lists:
postorius: Something went wrong Mailman REST API not available. Please start Mailman core.
Does your setting in settings(_local).py for MAILMAN_REST_API_URL have an https scheme?
That doesn't solve the problem. I changed that in mailman-web.py (MAILMAN_REST_API_URL = https://localhost:8001) and after that in mailman.cfg (use_https: yes). But got the same errormessage on postorius website.
Regards
Wolfgang
On 11/15/19 3:45 AM, Wolfgang Bock via Mailman-users wrote:
That doesn't solve the problem. I changed that in mailman-web.py (MAILMAN_REST_API_URL = https://localhost:8001) and after that in mailman.cfg (use_https: yes). But got the same errormessage on postorius website.
You posted this log excerpt:
Nov 14 23:20:41 2019 (28590) 127.0.0.1 - - "GET /3.0/lists?advertised=true&count=0&page=1 HTTP/1.1" 200 90 Nov 14 23:20:41 2019 (28590) 127.0.0.1 - - "GET /3.0/lists?advertised=true&count=10&page=1 HTTP/1.1" 200 606 Nov 14 23:20:41 2019 (28590) 127.0.0.1 - - "GET /3.1/domains HTTP/1.1" 200 1438 Nov 14 23:20:41 2019 (28590) 127.0.0.1 - - code 400, message Bad HTTP/0.9 request type
The first 3 GETs are a normal sequence of GETs from Postorius when you go to the Mailing Lists view. That should be followed by a GET like "GET /3.1/domains/domain.tld HTTP/1.1" where domain.tld is a configured domain. Do you have any domains configured?/0.9'?
I'm not sure what the issue is. You have an older version of mailmanclient < 3.2.3a1 which uses httplib2 rather than requests. https://pypi.org/project/httplib2/ says:
HTTP and HTTPS HTTPS support is only available if the socket module was compiled with SSL support.
but I don't think this can be the issue because the first 3 GETs work.
You might try upgrading mailmanclient to 3.3.0. I don't know if that will help, but it may.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Hello,
I configuered 3 domains in postorius https://[mydomain]/mailman3/postorius/domains/ ... also shown here: https://[mydomain]/mailman3/admin/sites/site/ (django)
I installed mailman3 with debian command apt-get install mailman3-full. The package mailman3-full is described as follows:
Paket: mailman3-full (3.2.1-1) (for debian-buster, W.B.) ... Betreuer:
- Debian Mailman Team <mailto:pkg-mailman-hackers@lists.alioth.debian.org> (QS-Seite <https://qa.debian.org/developer.php?login=pkg-mailman-hackers%40lists.alioth.debian.org>, E-Mail-Archiv <https://lists.alioth.debian.org/pipermail/pkg-mailman-hackers/>)
- Pierre-Elliott Bécue <mailto:peb@debian.org> (QS-Seite <https://qa.debian.org/developer.php?login=peb%40debian.org>)
- Jonas Meurer <mailto:jonas@freesources.org> (QS-Seite <https://qa.debian.org/developer.php?login=jonas%40freesources.org>)
Full Mailman3 mailing list management suite (metapackage)
This is GNU Mailman, a mailing list management system. This metapackage depends on all components of the full Mailman3 suite:
- mailman3: The core Mailman3 delivery engine
- mailman3-web: Django project integrating Mailman3 postorius and hyperkitty
- python3-mailman-hyperkitty: Mailman3 server plugin for Hyperkitty archiver .....
That's the output of # mailman info GNU Mailman 3.2.1 (La Villa Strangiato) Python 3.7.3 (default, Apr 3 2019, 05:39:12) [GCC 8.3.0] config file: /etc/mailman3/mailman.cfg db url: mysql+pymysql://[-secret-][mydomain]/mailman3?charset=utf8&use_unicode=1 devmode: DISABLED REST root url: http://localhost:8001/3.1/ REST credentials: restadmin:[-secret-]
I dont know what version of mailman client is included in the package. Should I wait until an update includes a higher Version of the mailman-client?
In this context I faced a strange behavior:
In the database mailman3web in table django_site are listed several domains, either in the django-domain-management site https://[mydomain]/mailman3/admin/sites/site/
id domain name 1 example.com Example.com 2 [mydomain-1] [mydomain_name_1] 3 [mydomain-2] [mydomain_name_2] 4 [mydomain-3] [mydomain_name_3]
In case I delete line 1 with the id 1, in the database or in the django-web-site, postorius fails to work. After re-inserting this line, postorius works again.
Regards
Wolfgang
Am 16.11.2019 um 01:02 schrieb Mark Sapiro:
On 11/15/19 3:45 AM, Wolfgang Bock via Mailman-users wrote:
That doesn't solve the problem. I changed that in mailman-web.py (MAILMAN_REST_API_URL = https://localhost:8001) and after that in mailman.cfg (use_https: yes). But got the same errormessage on postorius website.
You posted this log excerpt:
Nov 14 23:20:41 2019 (28590) 127.0.0.1 - - "GET /3.0/lists?advertised=true&count=0&page=1 HTTP/1.1" 200 90 Nov 14 23:20:41 2019 (28590) 127.0.0.1 - - "GET /3.0/lists?advertised=true&count=10&page=1 HTTP/1.1" 200 606 Nov 14 23:20:41 2019 (28590) 127.0.0.1 - - "GET /3.1/domains HTTP/1.1" 200 1438 Nov 14 23:20:41 2019 (28590) 127.0.0.1 - - code 400, message Bad HTTP/0.9 request type
The first 3 GETs are a normal sequence of GETs from Postorius when you go to the Mailing Lists view. That should be followed by a GET like "GET /3.1/domains/domain.tld HTTP/1.1" where domain.tld is a configured domain. Do you have any domains configured?/0.9'?
I'm not sure what the issue is. You have an older version of mailmanclient < 3.2.3a1 which uses httplib2 rather than requests. https://pypi.org/project/httplib2/ says:
HTTP and HTTPS HTTPS support is only available if the socket module was compiled with SSL support.
but I don't think this can be the issue because the first 3 GETs work.
You might try upgrading mailmanclient to 3.3.0. I don't know if that will help, but it may.
On 11/16/19 4:54 AM, Wolfgang Bock via Mailman-users wrote:
I will look at the https issue further when I get time.
In this context I faced a strange behavior:
In the database mailman3web in table django_site are listed several domains, either in the django-domain-management site https://[mydomain]/mailman3/admin/sites/site/
id domain name 1 example.com Example.com 2 [mydomain-1] [mydomain_name_1] 3 [mydomain-2] [mydomain_name_2] 4 [mydomain-3] [mydomain_name_3]
In case I delete line 1 with the id 1, in the database or in the django-web-site, postorius fails to work. After re-inserting this line, postorius works again.
In your settings.py, you probably have SITE_ID = 1. Thus, when you delete the site with id = 1, Postorius fails. You need to set SITE_ID to an existing site in settings_local.py.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Hi again,
in this case I'll check out either and report.
Regards Wolfgang
Am 18.11.2019 um 05:06 schrieb Mark Sapiro:
On 11/16/19 4:54 AM, Wolfgang Bock via Mailman-users wrote: I will look at the https issue further when I get time.
In this context I faced a strange behavior:
In the database mailman3web in table django_site are listed several domains, either in the django-domain-management site https://[mydomain]/mailman3/admin/sites/site/
id domain name 1 example.com Example.com 2 [mydomain-1] [mydomain_name_1] 3 [mydomain-2] [mydomain_name_2] 4 [mydomain-3] [mydomain_name_3]
In case I delete line 1 with the id 1, in the database or in the django-web-site, postorius fails to work. After re-inserting this line, postorius works again.
In your settings.py, you probably have SITE_ID = 1. Thus, when you delete the site with id = 1, Postorius fails. You need to set SITE_ID to an existing site in settings_local.py.
participants (2)
-
Mark Sapiro -
Wolfgang Bock