[Mailman-Users] moderator page behind nginx with SSL
John Griessen
john at cibolo.com
Tue Jun 21 12:06:59 EDT 2016
On 06/18/2016 05:39 AM, Stephen J. Turnbull wrote:
> > The rest of mailman version 2.1.22
> > is working fine with SSL and some rewriting by nginx and yet
> > https://cibolo.us/mailman/admindb/open_electroporator gives a message
> > "will be sent over an insecure connection" when I seta button to
> > discard and then do the submit all data button.
>
> Do you have a proper certificate for the host, rooted in a well-known
> service? I suppose you do, but it's the first thing to check.
it is from letsencrypt.org
The
> second is whether that root service is listed in your browser's list
> of trusted roots.
It works fine for my webpages I set up such as
http://cibolo.us/mailman/listinfo/open_electroporator that URl is rewritten and permenanetly directed to below:
https://cibolo.us/mailman/listinfo/open_electroporator
>
> Third, is this actually SSL and not TLS? SSL is in fact considered
> insecure by many experts; many libraries implementing these protocols
> now refuse to use SSL (even v3), and some issue a warning if the
> server forces it.
I suppose it is TLS. I followed very recent guides to set it up.
Yes, as far as behind nginx it is TLS:
# SSL Settings
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_certificate /etc/ssl/xxxxxxxxxxxxxxxxxxx;
ssl_certificate_key /etc/ssl/xxxxxxxxxxxxxxxxxx;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/ssl/private/dhparam2048.pem;
Only admin of pending moderation is affected.
Maybe I have an operator error -- I'll check for setting the moderator name and password -- it may be blank or
from an older version of mailman that this installation was migrated from...
fix_url has been run on the affected list. That was after some restoring of data dirs and
there could be permissions problems...so maybe I still need to run fix_url again...
Thanks for the suggestions.
More information about the Mailman-Users
mailing list