Why would you double book port 80? That's really a bad idea and causes
issues like the one you see...
Your "EXTERNAL" server binds to port 80 on all IP addresses available.
Your "INTERNAL" server binds to 127.0.0.1 port 80, only.
Thus only connections to 127.0.0.1 on port 80 end on the internal
server, if the host requested is "localhost".
Everything else goes to the external server and is redirected there to
https.
Usually localhost in /etc/hosts resolves to 127.0.0.1 and ::1. Usually
IPv6 should be preferred.
Thus if you access http://localhost:80/ you will most likely end up in
the external server because it will use IPv6 which only binds on the
external server.
I highly recommend to use a different port, e.g. 8080, for the
"INTERNAL" server. That makes it so much simpler and easier to
understand than double booking port 80 and hoping everything goes the
way it should...
-Gerald
On 17.02.26 03:37, msok--- via Mailman-users wrote:
My NGINX configure redirect for HTTP to HTTPS.
For the domain below, mailman.example.com = my actual domain
-NGINX config
server {
# EXTERNAL: Redirects all port 80 traffic to HTTPS
listen 80 default_server;
listen [::]:80 default_server;
# server_name mailman.example.com;
server_name mailman.example.com; # no issue for accessing from outside,
it will redirect to https
return 301 https://$host$request_uri; # Redirect http to https
server_tokens off;
}
# INTERNAL: Listens ONLY on 127.0.0.1 to handle local HTTP requests
server {
listen 127.0.0.1:80;
server_name localhost;
location / {
include uwsgi_params;
uwsgi_pass unix:/run/mailman3-web/uwsgi.sock;
uwsgi_param HTTP_HOST $host;
}
location /mailman3/static {
alias /var/lib/mailman3/web/static;
}
location /mailman3/static/favicon.ico {
alias /var/lib/mailman3/web/static/postorius/img/favicon.ico;
}
-The URL syntax
https://mailman.example.com/mailman3/lists/list-id/confirm/?token=$token
-The error message when tried to add subscriber
HTTP Error 400: HTTPSConnectionPool(host='localhost', port=443): Max retries
exceeded with url:
/postorius/api/templates/list/list-id/list:user:action:subscribe (Caused by
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate
(_ssl.c:1029)')))
Please help!
Thanks,
Marin
_______________________________________________
Mailman-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
Archived at:
https://lists.mailman3.org/archives/list/[email protected]/message/KRZ4PWXJ36QQQ27QAFNSP67BTSTQQ3SO/
This message sent to [email protected]
_______________________________________________
Mailman-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
Archived at:
https://lists.mailman3.org/archives/list/[email protected]/message/IHESZCG6ZBFO44UV7DU2VSXZ3GD4YNKV/
This message sent to [email protected]
