hello, we access to our mailman webgui with rpoxy (nginx) hosted on our web server (web2) , mail server is on a different server (mail2). Mailman was ok before migrate, but no we got an Error 403 Forbidden. On web2 : Code: location / { proxy_pass http://10.10.10.32:80/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; } And on mail server mail2 (10.10.10.32): Code: # {{ ansible_managed }} server { listen 80; listen [::]:80 ; root /usr/lib; # Add index.php to the list if you are using PHP index index.html index.htm; server_name {{ inventory_hostname }}; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } location /cgi-bin/mailman { root /usr/lib/; fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_intercept_errors on; fastcgi_pass unix:/var/run/fcgiwrap.socket; } location /images/mailman { alias /usr/share/images/mailman; } location /pipermail { alias /var/lib/mailman/archives/public; autoindex on; } }
since update i discover : lrwxrwxrwx 1 root root 37 Mar 23 22:50 999-acme.vhost -> /etc/nginx/sites-available/acme.vhost Why update create an acme vhost on my mail server ? (this server do not do LE ??) SOLUTION on mail server (this server do not host any website !!!!!): Code: rm /etc/nginx/sites-enabled/999-acme.vhost rm /etc/nginx/sites-enabled/default nginx -t systemctl restart nginx
As there is now a function to issues a cert for the hostname through the installer, this vhost is necessary.
? in my case it will not be able to retrieve any cert, because a mail server has no 80 http port open on the web ... we only have 3 public ip , and those public ip are dedicated to our 3 web server, not to our 3 mail server.