Mailman is loading

Signed-off-by: James Ketrenos <james_git@ketrenos.com>

README.md

@@ -1,18 +1,45 @@
 # ketreweb containers
 
-The cron job to update certificates isn't quite working yet.
+| Container             | Purpose                                        |
+|:----------------------|:-----------------------------------------------|
+| ketrenet-web          | Main webserver entry for https://ketrenos.com  | 
+| ketrenet-mail         | Email MTA and mailbox management               |
+| ketrenet-roundcube    | Email web interface. https://mail.ketrenos.com |
+| ketrenet-cron         | Update letsencrypt keys, etc.                  |
+| ketrenet-dns          | DNS server                                     |
+| ketrenet-mailman-core | Mailman3 Core backend                          |
+| ketrenet-mailman-web  | Mailman3 Web frontend                          |
+| ketrenet-database     | Mailman3 Postgres DB                           |
 
-To update certificates:
+## Disk structure
+
+| Directory             | Purpose                                        |
+|:----------------------|:-----------------------------------------------|
+| $PWD/data/$SERVICE    | Logs, error reporting, databases               |
+| $SERVICE/etc          | Configuration files for $SERVICE               |
+| $PWD/www              | Web content hosted by ketrenet-web directly    |
+
+## Update certificates
+
+The cron job to update certificates isn't quite working yet. To update 
+certificates:
 
 ```bash
 docker exec -it ketrenet-cron /bin/bash
-/usr/bin/certbot renew --no-self-upgrade --webroot -w /var/www/ketrenos.com
-/usr/bin/scp -q -i /keys/opnsense-letsencrypt /etc/letsencrypt/live/ketrenos.com/{fullchain,privkey}.pem letsencrypt@opnsense.ketrenos.com:.
-/usr/bin/ssh -i /keys/opnsense-letsencrypt letsencrypt@opnsense.ketrenos.com sudo ./update-cert.sh fullchain.pem privkey.pem
+/usr/bin/certbot renew --no-self-upgrade --webroot \
+    -w /var/www/ketrenos.com
+/usr/bin/scp -q \
+    -i /keys/opnsense-letsencrypt \
+    /etc/letsencrypt/live/ketrenos.com/{fullchain,privkey}.pem \
+    letsencrypt@opnsense.ketrenos.com:.
+/usr/bin/ssh \
+    -i /keys/opnsense-letsencrypt \
+    letsencrypt@opnsense.ketrenos.com \
+    sudo ./update-cert.sh fullchain.pem privkey.pem
 ```
 
-After that completes (without errors) outside the container use `./sync-certs` to push
-the updated certificates to all the service containers and servers.
+After that completes (without errors) outside the container use `./sync-certs` 
+to push the updated certificates to all the service containers and servers.
 
 ## ketreweb
 
@@ -23,7 +50,7 @@ apache2 is only being used for mailman, which is currently offline
 
 ## ketreweb-roundcube
 
-default container for roundcube
+default container for roundcube. Provides https://mail.ketrenos.com
 
 ## ketreweb-cron
 

docker-compose.yml

@@ -19,9 +19,13 @@ services:
       - /home/jketreno/docker/webserver/web/entrypoint.sh:/entrypoint.sh:ro
       - /home/jketreno/docker/webserver/data/log:/var/log:rw
       - /home/jketreno/docker/webserver/www:/var/www:ro
+      - /home/jketreno/docker/webserver/data/mailman/web/data/static:/opt/mailman/static:ro
     ports:
       - 80:80
       - 443:443
+    networks:
+      ketrenet-mailman:
+
 
   ketrenet-mail:
     image: ketrenet-mail
@@ -91,6 +95,9 @@ services:
       - /home/jketreno/docker/webserver/roundcube/var/roundcube:/var/roundcube/config:ro
       - /home/jketreno/docker/webserver/data/roundcube/db:/var/roundcube/db:rw
       - /home/jketreno/docker/webserver/data/roundcube/html:/var/www/html:rw
+    networks:
+      ketrenet-mailman:
+
 
   ketrenet-cron:
     image: ketrenet-cron
@@ -140,11 +147,11 @@ services:
       - /home/jketreno/docker/webserver/data/mailman/core:/opt/mailman/
     stop_grace_period: 30s
     links:
-      - database:database
+      - ketrenet-database:ketrenet-database
     depends_on:
-      - database
+      - ketrenet-database
     environment:
-      - DATABASE_URL=postgresql://mailman:1mailm3np2ss@database/mailmandb
+      - DATABASE_URL=postgresql://mailman:mailmanpass@ketrenet-database/mailmandb
       - DATABASE_TYPE=postgres
       - DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
       - HYPERKITTY_API_KEY=s0meap1k3y
@@ -161,16 +168,20 @@ services:
     hostname: mailman-web
     restart: unless-stopped
     depends_on:
-      - database
+      - ketrenet-database
     links:
-      - mailman-core:mailman-core
-      - database:database
+      - ketrenet-mailman-core:ketrenet-mailman-core
+      - ketrenet-database:ketrenet-database
     volumes:
-      - /home/jketreno/docker/webserver/data/mailman/web:/opt/mailman-web-data
+      - /home/jketreno/docker/webserver/data/mailman/web/data:/opt/mailman-web-data
+      - /home/jketreno/docker/webserver/data/mailman/web/config:/opt/mailman-web
     environment:
       - DATABASE_TYPE=postgres
-      - DATABASE_URL=postgresql://mailman:1mailm3np2ss@database/mailmandb
+      - DATABASE_URL=postgresql://mailman:mailmanpass@ketrenet-database/mailmandb
       - HYPERKITTY_API_KEY=s0meap1k3y
+      - SECRET_KEY=s7p4rs3kr1t
+      - SERVE_FROM_DOMAIN=ketrenos.com
+      - UWSGI_STATIC_MAP=/mailman/static=/opt/mailman-web-data/static
     ports:
       - "127.0.0.1:8000:8000" # HTTP
       - "127.0.0.1:8080:8080" # uwsgi
@@ -179,10 +190,11 @@ services:
 
 
   ketrenet-database:
+    container_name: ketrenet-database
     environment:
       - POSTGRES_DB=mailmandb
       - POSTGRES_USER=mailman
-      - POSTGRES_PASSWORD=1mailm@np@ss
+      - POSTGRES_PASSWORD=mailmanpass
     image: postgres:12-alpine
     volumes:
       - /home/jketreno/docker/webserver/data/mailman/database:/var/lib/postgresql/data

mailman/web/mailman-web/settings.py

@@ -40,7 +40,7 @@ SECRET_KEY = os.environ.get('SECRET_KEY')
 DEBUG = False
 
 ADMINS = (
-     ('Mailman Suite Admin', 'root@localhost'),
+     ('Mailman Suite Admin', 'james_mailman@ketrenos.com'),
 )
 
 SITE_ID = 1
@@ -48,24 +48,26 @@ SITE_ID = 1
 # Hosts/domain names that are valid for this site; required if DEBUG is False
 # See https://docs.djangoproject.com/en/3.1/ref/settings/#allowed-hosts
 ALLOWED_HOSTS = [
+    "127.0.0.1",
     "localhost",  # Archiving API from Mailman, keep it.
     "mailman-web",
+    "ketrenet-mailman-web",
     os.environ.get('SERVE_FROM_DOMAIN'),
 ]
 
 try:
-    ALLOWED_HOSTS.append(gethostbyname("mailman-web")) # only add if this resolves
+    ALLOWED_HOSTS.append(gethostbyname("ketrenet-mailman-web")) # only add if this resolves
 except gaierror:
     pass
 
 ALLOWED_HOSTS.extend(os.getenv("DJANGO_ALLOWED_HOSTS", "").split(","))
 
 # Mailman API credentials
-MAILMAN_REST_API_URL = os.environ.get('MAILMAN_REST_URL', 'http://mailman-core:8001')
+MAILMAN_REST_API_URL = os.environ.get('MAILMAN_REST_URL', 'http://ketrenet-mailman-core:8001')
 MAILMAN_REST_API_USER = os.environ.get('MAILMAN_REST_USER', 'restadmin')
 MAILMAN_REST_API_PASS = os.environ.get('MAILMAN_REST_PASSWORD', 'restpass')
 MAILMAN_ARCHIVER_KEY = os.environ.get('HYPERKITTY_API_KEY')
-MAILMAN_ARCHIVER_FROM = (os.environ.get('MAILMAN_HOST_IP', gethostbyname(os.environ.get('MAILMAN_HOSTNAME', 'mailman-core'))),)
+MAILMAN_ARCHIVER_FROM = (os.environ.get('MAILMAN_HOST_IP', gethostbyname(os.environ.get('MAILMAN_HOSTNAME', 'ketrenet-mailman-core'))),)
 
 # Application definition
 
@@ -198,7 +200,7 @@ USE_TZ = True
 
 STATIC_ROOT = '/opt/mailman-web-data/static'
 
-STATIC_URL = '/static/'
+STATIC_URL = '/mailman/static/'
 
 # Additional locations of static files
 
@@ -399,7 +401,7 @@ Q_CLUSTER = {
     'orm': 'default',
 }
 
-POSTORIUS_TEMPLATE_BASE_URL =  os.environ.get('POSTORIUS_TEMPLATE_BASE_URL', 'http://mailman-web:8000')
+POSTORIUS_TEMPLATE_BASE_URL =  os.environ.get('POSTORIUS_TEMPLATE_BASE_URL', 'http://ketrenet-mailman-web:8000')
 
 DISKCACHE_PATH = os.environ.get('DISKCACHE_PATH', '/opt/mailman-web-data/diskcache')
 DISKCACHE_SIZE = os.environ.get('DISKCACHE_SIZE', 2 ** 30) # 1 gigabyte

web/etc/nginx/sites-available/default

@@ -16,6 +16,19 @@ server {
     ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem;
 
+    location /mailman/static {
+        alias /opt/mailman/static;
+    }
+
+    location /mailman {
+        # First attempt to serve request as file, then
+        uwsgi_pass ketrenet-mailman-web:8080;
+        include uwsgi_params;
+        uwsgi_read_timeout 300;
+        uwsgi_param SCRIPT_NAME /mailman;
+        uwsgi_modifier1 30;
+    }
+
     location /keys {
         auth_basic "Restricted";
         auth_basic_user_file /var/www/ketrenos.com/keys/.htpasswd;
@@ -225,21 +238,6 @@ server {
         try_files /horde-deprecated.html =404;
     }
 
-	location ~* ^(/mailman) {
-	    proxy_set_header X-Real-IP $remote_addr;
-	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-	    proxy_set_header X-Forwarded-Proto $scheme;
-	    proxy_set_header Host $http_host;
-	    proxy_set_header X-NginX-Proxy true;
-	    proxy_pass_header Set-Cookie;
-	    proxy_pass_header P3P;
-	    proxy_http_version 1.1;
-	    proxy_set_header Upgrade $http_upgrade;
-	    proxy_set_header Connection "upgrade";
-	    proxy_pass https://localhost:4430;
-	    proxy_redirect https://localhost:4430 https://ketrenos.com;
-	}
-
     # TODO: Move these to nginx directly as apache2 is no longer
     # functional
     location ~* ^(/site|/recipes|/~jketreno/.*|/~christopher) {