Dear all,
please accept my apologies for re-sending my question regarding mailman and https. But since the original posting has taken place, I have neither received an answer of found any further information.
----- Forwarded message from Lukas Ruf <ruf@rawip.org> -----
I run several mailing list on various virtual hosts with mailman 2.1.2 on a Linux 2.4 server. This works just great! (Thanks to the developers!).
However, I would like to secure all administrative web-pages by https. Searching the web and <http://list.org/docs.html> has not really led me to an understanding on how to achieve this.
I would be very happy if anyone could give me either pointers or concrete hints for this problems! Thanks in advance!
PS: https for the VirtualHosts in my Apache works already fine. I tried to achieve this by inserting 'redirect permanent /mailman "https://.."' -- without the intended effect, however.
----- End forwarded message -----
Thanks in advance,
wbr, Lukas
Lukas Ruf | Wanna know anything about raw | <http://www.lpr.ch> | IP? -> <http://www.rawip.org> | eMail Style Guide: <http://www.rawip.org/style.html>|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Lukas Ruf wrote:
I run several mailing list on various virtual hosts with mailman 2.1.2 on a Linux 2.4 server. This works just great! (Thanks to the developers!).
However, I would like to secure all administrative web-pages by https. Searching the web and <http://list.org/docs.html> has not really led me to an understanding on how to achieve this.
Set this in mm_cfg.py:
DEFAULT_URL_PATTERN = 'https://%s/mailman/'
Then restart the qrunners and use the fix_url.py script to update existing lists. You also need to run bin/arch as well to recreate the archives if there are attachments in the archives of any lists.
And see this excellent FAQ entry:
4.29. Where can I change a list or the default URL used for the
web interface?
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.029.htp
There's a section on using SSL which links to another FAQ entry which has more details. Combined, these two entries should answer your question pretty well.
PS: https for the VirtualHosts in my Apache works already fine. I tried to achieve this by inserting 'redirect permanent /mailman "https://.."' -- without the intended effect, however.
This doesn't work for the admin forms since the POST data doesn't get redirected.
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
When the people fear their government, there is tyranny; when the government fears the people, there is liberty.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iD8DBQE/wkIyuv+09NZUB1oRApoGAKDLfuvvw6va/QRIM+jdUBwC4BQzNQCcCYDH AUasajJJbdU19N6YatTdShg= =xa9M -----END PGP SIGNATURE-----
Todd <Freedom_Lover@pobox.com> [2003-11-24 18:55]:
Lukas Ruf wrote:
I run several mailing list on various virtual hosts with mailman 2.1.2 on a Linux 2.4 server. This works just great! (Thanks to the developers!).
However, I would like to secure all administrative web-pages by https. Searching the web and <http://list.org/docs.html> has not really led me to an understanding on how to achieve this.
Set this in mm_cfg.py:
DEFAULT_URL_PATTERN = 'https://%s/mailman/'
Then restart the qrunners and use the fix_url.py script to update existing lists. You also need to run bin/arch as well to recreate the archives if there are attachments in the archives of any lists.
And see this excellent FAQ entry:
4.29. Where can I change a list or the default URL used for the web interface? http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.029.htp
There's a section on using SSL which links to another FAQ entry which has more details. Combined, these two entries should answer your question pretty well.
Thanks for the answer! I have changed the settings. However, when I try running fix_url.py it does not work. I read the FAQ and googled the web...
Running fix_url.py resulted in
komsys-pc-ruf:/home/mailman/bin# ./withlist -l -r
/home/mailman/bin/fix_url.py any -u https://www.lpr.ch -v
Importing /home/mailman/bin/fix_url...
Traceback (most recent call last):
File "./withlist", line 275, in ?
main()
File "./withlist", line 247, in main
mod = __import__(module)
ImportError: No module named /home/mailman/bin/fix_url
Does anyone know what I am doing wrong???
Thanks!
wbr, Lukas
Lukas Ruf | Wanna know anything about raw | <http://www.lpr.ch> | IP? -> <http://www.rawip.org> | eMail Style Guide: <http://www.rawip.org/style.html>|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Lukas Ruf wrote:
Thanks for the answer! I have changed the settings. However, when I try running fix_url.py it does not work. I read the FAQ and googled the web...
Running fix_url.py resulted in
komsys-pc-ruf:/home/mailman/bin# ./withlist -l -r
/home/mailman/bin/fix_url.py any -u https://www.lpr.ch -v Importing /home/mailman/bin/fix_url... Traceback (most recent call last): File "./withlist", line 275, in ? main() File "./withlist", line 247, in main mod = __import__(module) ImportError: No module named /home/mailman/bin/fix_urlDoes anyone know what I am doing wrong???
I'll take a stab at it even though I should know better than to answer anything at this ungodly hour...
I think you just need to change your withlist invocation to:
./withlist -l -r fix_url any -u www.lpr.ch -v
I'm assuming that 'any' is a real list name. If it's not and you just want to run this for all lists, then the -a/--all option for withlist might be what you want. The reason you just use fix_url instead of the full path to the fix_url script is that the -r option to withlist wants it's argument in the form [module.]callable, not as a path to a file.
I also think you don't want to use the https:// with the -u option. You just want to use the FQDN that you would supply to add_virtualhost() in mm_cfg.py. And if www.lpr.ch is the DEFAULT_URL_HOST, you don't even need to use that option at all. You might just have it there from experimenting to see why the withlist call was failing.
Hopefully I haven't given you any really bad or incomplete information here. If so, I'll be too busy sleeping soundly now to hear you muttering my name when it doesn't work still. :)
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
I am willing to make the mistakes if someone else is willing to learn from them.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iD8DBQE/4Eaouv+09NZUB1oRAqN8AJ9+gLTyzZ0YhWlD2rv6FcvwLoi3gQCgqc6p lCvoyrfDanW0gUR4HH/8Kdc= =pVNv -----END PGP SIGNATURE-----
Hi Todd,
thanks for the reply.
Todd <Freedom_Lover@pobox.com> [2003-12-17 13:06]:
Lukas Ruf wrote:
Thanks for the answer! I have changed the settings. However, when I try running fix_url.py it does not work. I read the FAQ and googled the web...
Running fix_url.py resulted in
komsys-pc-ruf:/home/mailman/bin# ./withlist -l -r
/home/mailman/bin/fix_url.py any -u https://www.lpr.ch -v [...]I'll take a stab at it even though I should know better than to answer anything at this ungodly hour...
well, yeah ,-)
I think you just need to change your withlist invocation to:
./withlist -l -r fix_url any -u www.lpr.ch -v
this exactly did, what I expected it to do!
I'm assuming that 'any' is a real list name.
that's true.
If it's not and you just want to run this for all lists, then the -a/--all option for withlist might be what you want.
I assume this is not possible for multiple virtual domains!
The reason you just use fix_url instead of the full path to the fix_url script is that the -r option to withlist wants it's argument in the form [module.]callable, not as a path to a file.
ok, I understand!
I also think you don't want to use the https:// with the -u option. You just want to use the FQDN that you would supply to add_virtualhost() in mm_cfg.py.
I wanted https to work....
And if www.lpr.ch is the DEFAULT_URL_HOST, you don't even need to use that option at all. You might just have it there from experimenting to see why the withlist call was failing.
unfortunately, it isn't.
Hopefully I haven't given you any really bad or incomplete information here. If so, I'll be too busy sleeping soundly now to hear you muttering my name when it doesn't work still. :)
Have a good sleep! It has worked as expected ;-)
Thanks!
wbr, Lukas
Lukas Ruf | Wanna know anything about raw | <http://www.lpr.ch> | IP? -> <http://www.rawip.org> | eMail Style Guide: <http://www.rawip.org/style.html>|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Lukas Ruf wrote:
Todd <Freedom_Lover@pobox.com> [2003-12-17 13:06]: [...]
If it's not and you just want to run this for all lists, then the -a/--all option for withlist might be what you want.
I assume this is not possible for multiple virtual domains!
No, I wouldn't think it would do what you wanted in that case. :)
I also think you don't want to use the https:// with the -u option. You just want to use the FQDN that you would supply to add_virtualhost() in mm_cfg.py.
I wanted https to work....
That part gets picked up from DEFAULT_URL_PATTERN. You said later that it worked as expected, so I assume that means even the https part.
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
The power of accurate observation is frequently called cynicism by those who don't have it. -- George Bernard Shaw
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iD8DBQE/4K3Fuv+09NZUB1oRAgH1AKCkHXmQmWLL/I2iQfiBVxJbyBNNEwCg7cp7 2Z7vFw0bwAhj9DvTHndLetE= =VI7L -----END PGP SIGNATURE-----
Todd <Freedom_Lover@pobox.com> [2003-12-17 20:26]:
I wanted https to work....
That part gets picked up from DEFAULT_URL_PATTERN. You said later that it worked as expected, so I assume that means even the https part.
yes!
wbr, Lukas
Lukas Ruf | Wanna know anything about raw | <http://www.lpr.ch> | IP? -> <http://www.rawip.org> | eMail Style Guide: <http://www.rawip.org/style.html>|
participants (2)
-
Lukas Ruf
-
Todd