Troubles with web interface

sympa-community / sympa

Sympa, Mailing List Management Software

https://www.sympa.community/sympa

GNU General Public License v2.0

237 stars 95 forks source link

Troubles with web interface #1707

Closed ArchangeGabriel closed 11 months ago

ArchangeGabriel commented 11 months ago

Version

6.2.70

Installation method

debian packages

Expected behavior

normal access to the web interface

Actual behavior

421 error

Additional information

Changing the script as in https://github.com/sympa-community/sympa/issues/1422#issuecomment-1305679309 or https://github.com/sympa-community/sympa/issues/1151#issuecomment-820526852 does work, although other pages than the home do not load (login does work though).

Excerpt from sympa.conf:

domain  listes.prepas.org
wwsympa_url https://listes.prepas.org/wws

In case that’s relevant, please note that the certificate is also valid for mta-sts.listes.prepas.org as you can see by inspecting it.

ikedas commented 11 months ago

Hi @ArchangeGabriel ,

Please revert the changes to script which are not legitimate solution.

Please show us the configuration of HTTP server (maybe Apache httpd).

ArchangeGabriel commented 11 months ago

They are already reverted as you can see by getting at the address.

nginx configuration:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name mta-sts.listes.prepas.org listes.prepas.org;
    ssl_certificate /etc/acme/listes.prepas.org/fullchain.pem;
    ssl_certificate_key /etc/acme/listes.prepas.org/privkey.pem;
    ssl_stapling_file /etc/acme/listes.prepas.org/ocsp.der;

    # mta-sts
    location /.well-known/ {
        root /srv/http/listes.prepas.org;
    }

    # sympa
    location /wws {
        include       /etc/nginx/fastcgi_params;
        fastcgi_pass  unix:/run/sympa/wwsympa.socket;
    }
    location /css-sympa/ {
        alias /var/lib/sympa/css/;
    }
    location /pictures-sympa {
        alias /var/lib/sympa/pictures;
    }
    location /static-sympa/ {
        alias /usr/share/sympa/static_content/;
    }
}

ikedas commented 11 months ago

I think http2 in nginx configuration may be removed as it seems not particularly used. Other than that, there seems to be no particular problem (also, certificates and MTA-STS records look proper).

Is the 421 error being generated by nginx or by wwsympa? To know it:

Is anything logged in the nginx error log?
Can you set log_level 1 in sympa.conf to find out what CGI environment variables wwsympa is receiving?

ArchangeGabriel commented 11 months ago

Actually, changing:

    server_name mta-sts.listes.prepas.org listes.prepas.org;

    server_name listes.prepas.org mta-sts.listes.prepas.org;

solved the issue.

log_level 1 was not useful (nothing added in sympa.log), but I could see this in nginx error.log:

[…] server: mta-sts.listes.prepas.org, request: "GET /favicon.ico HTTP/2.0", host: "listes.prepas.org", referrer: "https://listes.prepas.org/wws"

So it seems nginx is passing the first one as server and the actually requested host only as host.

I now have another issue, but opening a new ticket for that one.

ArchangeGabriel commented 11 months ago

(And thanks for your valuable input that put me on the right track!)