Trying to secure the list server web page
Help? We have been running the list server on port 80 for ... years. Yesterday we created an ssl certificate, and move the http to https. Seems to be going fine, except for a few thing --
when a list owner tends to the moderator requests, and hits the Submit All Data button... depending on the browser, it says it is going to send the information over an insecure connection.... and nothing happens results-wise - the request is not handled.
Is there some config we need to change in mailman to secure it properly?
--
Jeff Westgate DIS UNIX/Linux System Administrator
Facebookhttps://mail.arkansas.gov/owa/redir.aspx?C=5LO1-Ca8cEq-DdT7YSljUIRyFa2JitUIW8YRL7Vukxjf2jpdd1rJWTJi7djOrwzJGmHeJP0j_Z0.&URL=https%3a%2f%2fwww.facebook.com%2fArkansas-Department-of-Information-Systems-DIS-189415217794025%2f|Twitterhttps://mail.arkansas.gov/owa/redir.aspx?C=5LO1-Ca8cEq-DdT7YSljUIRyFa2JitUIW8YRL7Vukxjf2jpdd1rJWTJi7djOrwzJGmHeJP0j_Z0.&URL=https%3a%2f%2ftwitter.com%2farkansasdis%3flang%3den|Linkedinhttps://mail.arkansas.gov/owa/redir.aspx?C=5LO1-Ca8cEq-DdT7YSljUIRyFa2JitUIW8YRL7Vukxjf2jpdd1rJWTJi7djOrwzJGmHeJP0j_Z0.&URL=https%3a%2f%2fwww.linkedin.com%2fin%2farkansas-department-of-information-systems-30813343%2f
On 2/27/2019 10:01 AM, Jeffrey Westgate wrote:
when a list owner tends to the moderator requests, and hits the Submit All Data button... depending on the browser, it says it is going to send the information over an insecure connection.... and nothing happens results-wise - the request is not handled.
Is there some config we need to change in mailman to secure it properly?
What is the DEFAULT_URL_PATTERN setting in mm_cfg.py?
I've got mine set to ...
DEFAULT_URL_PATTERN = 'https://%s/mailman/'
... so all URL's go to https.
david
-- IBM i on Power Systems: For when you can't afford to be out of business!
I'm riding 615 miles (Yes, you read that right) in the American Diabetes Association's Tour de Cure to raise money for diabetes research, education, advocacy, and awareness. You can make a tax-deductible donation to my ride by visiting https://mideml.diabetessucks.net.
You can see where my donations come from by visiting my interactive donation map ... https://mideml.diabetessucks.net/map (it's a geeky thing).
I may have diabetes, but diabetes doesn't have me!
Confession first -- I touch this server so seldom because it just runs... and I inherited it many moon orbits ago.
The setting I needed was actually in the Defaults.py, and not in the mm_cfg.py. And it was http. I did the change, pushed it out, and we're back in fine form again.
thanks for the quick response.
From: David Gibbs david@midrange.com Sent: Wednesday, February 27, 2019 10:13 AM To: Jeffrey Westgate; mailman-users@python.org Subject: Re: [Mailman-Users] Trying to secure the list server web page
On 2/27/2019 10:01 AM, Jeffrey Westgate wrote:
when a list owner tends to the moderator requests, and hits the Submit All Data button... depending on the browser, it says it is going to send the information over an insecure connection.... and nothing happens results-wise - the request is not handled.
Is there some config we need to change in mailman to secure it properly?
What is the DEFAULT_URL_PATTERN setting in mm_cfg.py?
I've got mine set to ...
DEFAULT_URL_PATTERN = 'https://%s/mailman/'
... so all URL's go to https.
david
-- IBM i on Power Systems: For when you can't afford to be out of business!
I'm riding 615 miles (Yes, you read that right) in the American Diabetes Association's Tour de Cure to raise money for diabetes research, education, advocacy, and awareness. You can make a tax-deductible donation to my ride by visiting https://mideml.diabetessucks.net.
You can see where my donations come from by visiting my interactive donation map ... https://mideml.diabetessucks.net/map (it's a geeky thing).
I may have diabetes, but diabetes doesn't have me!
On 2/27/19 8:48 AM, Jeffrey Westgate wrote:
Confession first -- I touch this server so seldom because it just runs... and I inherited it many moon orbits ago.
The setting I needed was actually in the Defaults.py, and not in the mm_cfg.py. And it was http. I did the change, pushed it out, and we're back in fine form again.
First, never change Defaults.py. Put overrides in mm_cfg.py. See https://wiki.list.org/x/4030588.
Also, for your original question, see all the steps at https://wiki.list.org/x/17892007.
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 27 Feb 2019, at 11:58, Mark Sapiro wrote:
On 2/27/19 8:48 AM, Jeffrey Westgate wrote:
Confession first -- I touch this server so seldom because it just runs... and I inherited it many moon orbits ago.
The setting I needed was actually in the Defaults.py, and not in the mm_cfg.py. And it was http. I did the change, pushed it out, and we're back in fine form again.
First, never change Defaults.py. Put overrides in mm_cfg.py. See https://wiki.list.org/x/4030588.
Also, for your original question, see all the steps at https://wiki.list.org/x/17892007.
Also note: if you do this on a machine managed by cPanel, you will need to redo the last step ($prefix/bin/withlist -l -r fix_url) daily after the nightly maintenance cron job, which reverts whatever fix_url does. There is an open bug at cPanel (opened last week) to fix that.
-- Bill Cole bill@scconsult.com or billcole@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Available For Hire: https://linkedin.com/in/billcole
On 2/27/2019 10:48 AM, Jeffrey Westgate wrote:
The setting I needed was actually in the Defaults.py, and not in the mm_cfg.py. And it was http. I did the change, pushed it out, and we're back in fine form again.
Don't change Defaults.py!
Only change mm_cfg.py.
mm_cfg.py imports Defaults.py, but it may get overwritten when you upgrade. mm_cfg.py never gets overwritten.
http://www.gnu.org/software/mailman/mailman-install/customizing.html
david
-- IBM i on Power Systems: For when you can't afford to be out of business!
I'm riding 615 miles (Yes, you read that right) in the American Diabetes Association's Tour de Cure to raise money for diabetes research, education, advocacy, and awareness. You can make a tax-deductible donation to my ride by visiting https://mideml.diabetessucks.net.
You can see where my donations come from by visiting my interactive donation map ... https://mideml.diabetessucks.net/map (it's a geeky thing).
I may have diabetes, but diabetes doesn't have me!
participants (4)
-
Bill Cole -
David Gibbs -
Jeffrey Westgate -
Mark Sapiro