On 03/20/2016 07:22 PM, mailman@mailman3.org wrote:
The last post with SSL = True and latest core still hits the same underlying exception both in trying to get the archive URL and in trying to archive the message. The core now handles these exceptions and continues so the message goes to the list, but isn't archived and has no archive headers.
This is a post from hyperkitty which will probably be handled the same, so we have to go back to SSL = False until we can fix the certificate issue.
Yes. Bottom line. With USE_SSL = True, core connects to hyperkitty via SSL to 127.0.0.1 and the certificates I installed don't include 127.0.0.1 in their domains, so urllib3 or requests (depending on where we're coming from) throws SSLError: hostname '127.0.0.1' doesn't match either of 'lists.mailman3.org', 'mirror.list.org', 'mirror.mailman3.org'. The core now handles the exceptions and the message is ultimately delivered but not archived. regardless of where it originated. We're back to USE_SSL = False now so this post should be archived, albeit the archive URLs will have 127.0.0.1 ast the host and not lists.mailman3.org. -- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 03/20/2016 07:22 PM, mailman(a)mailman3.org wrote:
We're back to USE_SSL = False now so this post should be archived, albeit the archive URLs will have 127.0.0.1 ast the host and not lists.mailman3.org.
I was wrong about this last bit. The headers are Archived-At: <https://lists.mailman3.org/archives/list/test@mailman3.org/message/2UHDSI34V...> List-Archive: <https://lists.mailman3.org/archives/list/test@mailman3.org/> which are good URLs, but the core is still using 127.0.0.1 to communicate with hyperkitty.
On 03/21/2016 03:36 AM, Mark Sapiro wrote:
On 03/20/2016 07:22 PM, mailman@mailman3.org wrote:
The last post with SSL = True and latest core still hits the same underlying exception both in trying to get the archive URL and in trying to archive the message. The core now handles these exceptions and continues so the message goes to the list, but isn't archived and has no archive headers.
This is a post from hyperkitty which will probably be handled the same, so we have to go back to SSL = False until we can fix the certificate issue.
Yes.
Bottom line. With USE_SSL = True, core connects to hyperkitty via SSL to 127.0.0.1 and the certificates I installed don't include 127.0.0.1 in their domains, so urllib3 or requests (depending on where we're coming from) throws SSLError: hostname '127.0.0.1' doesn't match either of 'lists.mailman3.org', 'mirror.list.org', 'mirror.mailman3.org'.
The core now handles the exceptions and the message is ultimately delivered but not archived. regardless of where it originated.
We're back to USE_SSL = False now so this post should be archived, albeit the archive URLs will have 127.0.0.1 ast the host and not lists.mailman3.org.
IMHO you shouldn't use USE_SSL at all. It just redirects to ssl pages on certain urls in hyperkitty. What you should be doing is having your webserver (nginx, apache, ...) redirect all trafic from http to https. I'm doing this and have the following settings: # django settings USE_SSL = False # Put external IP in this tuple MAILMAN_ARCHIVER_FROM = ('x.x.x.x', '127.0.0.1', '::1') # hyperkitty archiver plugin # this is the url to the base page of hyperkitty # in your case this would be # base_url: https://lists.mailman3.org/archives/ base_url: https://example.com/hyperkitty/ It's working like a charm with no errors at all
participants (3)
-
mailman@mailman3.org -
Mark Sapiro -
Simon Hanna