[Gluster-infra] Switching mailman to https only

Wed Jul 4 10:05:30 UTC 2018

Le mardi 03 juillet 2018 à 14:20 +0200, Michael Scherer a écrit :
> Le lundi 02 juillet 2018 à 19:16 +0200, Niels de Vos a écrit :
> > On Mon, Jul 02, 2018 at 05:32:42PM +0200, Michael Scherer wrote:
> > > Le lundi 02 juillet 2018 à 17:13 +0200, Niels de Vos a écrit :
> > > > On Mon, Jul 02, 2018 at 04:55:22PM +0200, Michael Scherer
> > > > wrote:
> > > > > Hi,
> > > > > 
> > > > > as part of a long due cleanup on our playbook, I moved
> > > > > mailman
> > > > > to
> > > > > be
> > > > > https only, and removed some hack due to supercolony being
> > > > > EL6
> > > > > (so
> > > > > not
> > > > > certbot, etc, etc). I will continue to do clean that server
> > > > > so
> > > > > we
> > > > > can
> > > > > one day hope to switch a more modern stack and finally get
> > > > > ride
> > > > > of
> > > > > all
> > > > > exceptions we have around EL6 in our playbooks.
> > > > > 
> > > > > So if you see anything weird wrt the web interface of
> > > > > mailman,
> > > > > please
> > > > > open a bug against infra component so we can take a look.
> > > > 
> > > > When I moderate some messages, I get the following warning from
> > > > Firefox:
> > > > 
> > > >     The information you have entered on this page will be sent
> > > > over
> > > > an
> > > >     insecure connection and could be read by a third party.
> > > >     
> > > >     Are you sure you want to send this information?
> > > > 
> > > > There might be a mailman config option that makes the forms
> > > > post
> > > > to
> > > > https?
> > > 
> > > Yup, I have seen the bug that you opened (and seen that bug too),
> > > and I
> > > didn't found the option :/ 
> > > 
> > > That is what prompted me to dig a bit on the current setup, and
> > > well,
> > > it was a bit more rusty than I would have liked...
> > > 
> > > I will dig mailman source code to understand what is going on.
> > 
> > Ok, thanks!
> 
> So, seems I had the solution right under my nose the whole time.
> There
> is a setting for the web interface url, but all example gave it
> without
> the protocol. But after reading the code, I figured that I could just
> force https here and be fine.

And no.

So mailman has a setting, but it also copy the variable in the
configuration per list. And that this is not exposed in the CLI tool.

So I have to shutdown mailman, switch the web_page_url in the pickle
dump, and restart.

I remember it already took time 2 years ago for the vhost change to
figure that :/

-- 
Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.gluster.org/pipermail/gluster-infra/attachments/20180704/9bc0151b/attachment.sig>