docker-mailman icon indicating copy to clipboard operation
docker-mailman copied to clipboard

Published 20 hours ago verified publisher icon maxking

Include example config for Apache in instructions

Open elyograg opened this issue 4 years ago • 3 comments

The instructions include an example config for nginx, but not one for Apache. Below is the config I ended up with. This was cobbled together from a number of mailman configuration guides and some info about the uwsgi proxy that I learned while working on another piece of software:

<VirtualHost *:81>
        ServerName lists.DOMAIN.TLD
        ServerAdmin webmaster@localhost
        DocumentRoot /opt/mailman/web

        ErrorLog ${APACHE_LOG_DIR}/domains/lists.DOMAIN.TLD/error.log
        CustomLog ${APACHE_LOG_DIR}/domains/lists.DOMAIN.TLD/access.log combined

        Alias /static /opt/mailman/web/static
        Alias /favicon.ico /opt/mailman/web/static/hyperkitty/img/favicon.ico
        ProxyPassMatch ^/static/ !
        ProxyPassMatch ^/favicon.ico !
        ProxyPass / uwsgi://localhost:8080/
        ProxyPassReverse / uwsgi:/localhost:8080/
        WSGITrustedProxyHeaders X-Forwarded-For X-Forwarded-Proto

        <Directory /opt/mailman/web/static/hyperkitty/img/>
                Allow from all
                Require all granted
                Options FollowSymLinks
        </Directory>

        <Directory /opt/mailman/web/static/>
                Options FollowSymLinks
                Allow from all
                Require all granted
        </Directory>
</VirtualHost>

It was necessary to install and enable mod-proxy-uwsgi and mod_proxy for this config to work. On my system, SSL is handled by haproxy, and requests are sent cleartext to Apache on localhost port 81. I have haproxy setting the X-Forwarded-Proto header to https and it is also setting X-Forwarded-For as most proxies do. The inclusion of WSGITrustedProxyHeaders X-Forwarded-For X-Forwarded-Proto in the config ensures that uwsgi is informed that https is being used even though Apache is not doing SSL.

I don't know if what I came up with is suitable for inclusion in the README or not.

elyograg avatar Oct 29 '21 03:10 elyograg

Thank you, this is the first config that really works! Only two lines are different in my setup:

        ProxyPass / unix:/run/mailman3-web/uwsgi.sock|uwsgi://localhost/
        ProxyPassReverse / unix:/run/mailman3-web/uwsgi.sock|uwsgi://localhost/

Instead the port 8080 setup in your file.

Idon't understand why there is no common config example like this somewhere in the documentation.

eehmke avatar May 03 '22 14:05 eehmke

Instead the port 8080 setup in your file.

That's cool. I actually didn't know there was a socket, but I did know that the app was exposed on port 8080. I generally prefer network communication to sockets, though there are certainly uses for sockets.

elyograg avatar May 03 '22 15:05 elyograg

I am trying to create a push request for the doc.

eehmke avatar May 03 '22 19:05 eehmke

This issue has not been updated for more than 1year

github-actions[bot] avatar May 03 '23 22:05 github-actions[bot]