Mailman Htdig integration with Nginx - Path variables
Hi all,
Wonder if someone could take a look at this for me?
I have moved our Mailman installation to Nginx. Everything is working correctly, however, I am using the Htdig patch to get search functionality.
I got the split_path_info set up to work with Mailman, but I am having issues getting a working installation with the mmsearch script. The initial page loads up, but when you refine the search or go to the next page, I get an error with the path splitting which causes the CGI to error. I tried altering the path variable for the mmsearch script specifically, but the issue I am having is getting Nginx to split the path in the right place, since the scripts don't have an extension to work with (like I can use with PHP scripts etc.). It's probably a simple fix, and I can set the location for the mmsearch script so it doesn't mess up the path variable for the other Mailman scripts if required.
My config is below, sorry for the formatting in my mailer.
Andrew.
# HTTP redirects - I had to use separate servers for each domain to stop redirecting to the wrong host server { listen 80; server_name lists.domain1.com; access_log off; error_log off; rewrite ^ https://$server_name$request_uri?$query_string permanent; }
server { listen 80; server_name lists.domain2.com; access_log off; error_log off; rewrite ^ https://$server_name$request_uri?$query_string permanent; }
server { listen 443 ssl; server_name lists.domain1.com lists.domain2.com; access_log /var/log/nginx/lists-access.log main; error_log /var/log/nginx/lists-error.log warn; root /var/www/lists; ssl_certificate /path/to/cert.pem ssl_certificate_key /path/to/key.key ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; ssl_stapling on; ssl_stapling_verify on;
# Redirect to the listinfo page by default location = / { rewrite ^ /listinfo permanent; }
# Send the requests to the various scripts to the correct location. URL https://server/listinfo etc. location ~ ^/(admin|confirm|edithtml|listinfo|options|rmlist|subscribe|admindb|create|htdig|private|roster|mmsearch) { fastcgi_split_path_info (^/[^/]*)(.*)$; fastcgi_param SCRIPT_FILENAME /usr/local/mailman/cgi-bin/$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_pass unix:/var/run/fcgiwrap.socket; include /etc/nginx/fastcgi_params; }
location /icons {
alias /usr/local/mailman/icons;
}
location /pipermail {
alias /usr/local/mailman/archives/public;
}
location /htdigimages {
alias /var/lib/htdig/www;
}}
Hi,
Sorry to reply to my own post.
The issue was actually twofold:
There was an issue with the HTTP to HTTPS redirection on the site, and because I hadn't set the public archives parameter in mm_cfg.py to HTTPS, the system was offering up HTTP URLS. I did this and rebuilt the archives for all lists.
The second issue is that the htdig CGI needs to be using HTTP and not HTTPS. I made this available under the HTTP context so nightly_htdig can crawl the archives. The htdig script is now not available under HTTPS.
I can post my current config if required.
Thanks. Andrew.
On 10/23/2014 01:56 AM, Andrew Hodgson wrote:
The second issue is that the htdig CGI needs to be using HTTP and not HTTPS. I made this available under the HTTP context so nightly_htdig can crawl the archives. The htdig script is now not available under HTTPS.
At one point I ran into this on my own site when trying to unconditionally use HTTPS. I looked at it at the time, and I think htdig can be made to use HTTPS, but I never followed up with it.
Maybe I'll look again.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (2)
-
Andrew Hodgson -
Mark Sapiro