Closed ArchangeGabriel closed 11 months ago
Hi @ArchangeGabriel ,
Please revert the changes to script which are not legitimate solution.
Please show us the configuration of HTTP server (maybe Apache httpd).
They are already reverted as you can see by getting at the address.
nginx configuration:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mta-sts.listes.prepas.org listes.prepas.org;
ssl_certificate /etc/acme/listes.prepas.org/fullchain.pem;
ssl_certificate_key /etc/acme/listes.prepas.org/privkey.pem;
ssl_stapling_file /etc/acme/listes.prepas.org/ocsp.der;
# mta-sts
location /.well-known/ {
root /srv/http/listes.prepas.org;
}
# sympa
location /wws {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/run/sympa/wwsympa.socket;
}
location /css-sympa/ {
alias /var/lib/sympa/css/;
}
location /pictures-sympa {
alias /var/lib/sympa/pictures;
}
location /static-sympa/ {
alias /usr/share/sympa/static_content/;
}
}
I think http2
in nginx configuration may be removed as it seems not particularly used. Other than that, there seems to be no particular problem (also, certificates and MTA-STS records look proper).
Is the 421 error being generated by nginx or by wwsympa? To know it:
log_level 1
in sympa.conf
to find out what CGI environment variables wwsympa is receiving?Actually, changing:
server_name mta-sts.listes.prepas.org listes.prepas.org;
to
server_name listes.prepas.org mta-sts.listes.prepas.org;
solved the issue.
log_level 1
was not useful (nothing added in sympa.log
), but I could see this in nginx error.log:
[…] server: mta-sts.listes.prepas.org, request: "GET /favicon.ico HTTP/2.0", host: "listes.prepas.org", referrer: "https://listes.prepas.org/wws"
So it seems nginx is passing the first one as server and the actually requested host only as host
.
I now have another issue, but opening a new ticket for that one.
(And thanks for your valuable input that put me on the right track!)
Version
6.2.70
Installation method
debian packages
Expected behavior
normal access to the web interface
Actual behavior
421 error
Additional information
Changing the script as in https://github.com/sympa-community/sympa/issues/1422#issuecomment-1305679309 or https://github.com/sympa-community/sympa/issues/1151#issuecomment-820526852 does work, although other pages than the home do not load (login does work though).
Excerpt from sympa.conf:
In case that’s relevant, please note that the certificate is also valid for mta-sts.listes.prepas.org as you can see by inspecting it.