LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show HTML Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Re: ssl setup for webui
Nathan Brindle <[log in to unmask]>
Mon, 9 Apr 2018 19:37:08 +0000
text/plain (5 kB) , text/html (19 kB)
You're probably looking for go.user, since I assume (given no site.cfg file) this is unix.  FWIW, don't edit sitecfg.file by hand.

The document root for unix is ~listserv/home , but go.user is found in ~listserv/ .

As Michael noted, you want the SKIN template.  Its "friendly title" in the web interface dropdown list box he pointed you to is "Global Skins [SKIN]".

Nathan

From: LISTSERV Site Administrators' Forum <[log in to unmask]> On Behalf Of Jon Schwendemann
Sent: Monday, April 09, 2018 3:26 PM
To: [log in to unmask]
Subject: Re: ssl setup for webui

Hmmm, not finding a site.cfg, I do find a sitecfg.file, but it does not contain WWW_ARCHIVE_CGI

Also, which template should I be selecting to find +SE WWWHOST and =SE HTMLIMAGES?

What would the document root be on a standalone setup?

From: LISTSERV Site Administrators' Forum [mailto:[log in to unmask]] On Behalf Of Plowinske, Michael
Sent: Monday, April 9, 2018 12:43 PM
To: [log in to unmask]<mailto:[log in to unmask]>
Subject: Re: ssl setup for webui

You need to change WWW_ARCHIVE_CGI variable in the site.cfg to use https:

WWW_ARCHIVE_CGI= https://www.somehost.com/scripts/wa.exe

and restart LISTSERV.

Also you can edit the SKIN web template from Server
Administration/Customization/Web Templates and set WWWHOST and HTMLIMAGES to https//:

+SE WWWHOST https://&+MYHOST;&+SCRIPT
+SE HTMLIMAGES https://&+MYHOST;/archives/htmlmail

I didn't edit any additional templates.
-Mike


From: LISTSERV Site Administrators' Forum <[log in to unmask]<mailto:[log in to unmask]>> On Behalf Of Jim Liebgott
Sent: Monday, April 09, 2018 1:10 PM
To: [log in to unmask]<mailto:[log in to unmask]>
Subject: Re: ssl setup for webui


My employer recently forced me to stop all unsecured web traffic to my listserv host.  I did what you did, enabling the SSL virtualhost appropriately within apache.  To eliminate the unsecured web connections, I added this to the beginning of the virtualhost that handles all traffic to port 80:


RewriteEngine on
RewriteRule (.*) https://%{SERVER_NAME}/$1<https://%25%7bSERVER_NAME%7d/$1> [R,L]

this forces all unsecured connections to return an HTTP redirect to the equivalent connection in HTTPS.  This works reasonably well, with a few caveats.  Listserv uses hyperlinks in emails that specify the http protocol.  At least some of those must be fixed to use https instead; otherwise, the query portion of the URL can get mangled too much.  Here's how I did it:



1) fixed the line in mail template $WWW_IMAGE_URL that sets the value of WWWHOST



old line:

.SE WWWHOST http://&MYHOST



new line:

.SE WWWHOST https://&MYHOST



2) added a line right after setting WWWHOST that sets WA_URL:



.SE WA_URL &WWWHOST/cgi-bin/wa



These two changes must be done in the site mail templates (site.mailtpl, if you care to look at the file).  I used the web interface to make the changes.  If you have any lists that defined $WWW_IMAGE_URL, you must fix it there, too.



3) once I changed $WWW_IMAGE_URL to set WWWHOST and WA_URL correctly, I had to insure that $WWW_IMAGE_URL is imbedded in a couple templates.  Specifically, I added this line:



.IM $WWW_IMAGE_URL



at the top of these templates:



CONFIRM1

SUBSCRIBE_CONFIRM1

ADDREQ1



again, I did this in the web interface for site mail templates and for any list that defined these templates.



The three templates in which I had to include the imbed for $WWW_IMAGE_URL all use the URLENCODE() function.  If you do a url-encoding on a value, then you pass that to apache and it returns a redirect, the query gets encoded twice, which mangles it so that it doesn't work.  Thus, the solution is to make sure to use https directly in those templates that use URLENCODE().



I would like to find a way to define WA_URL correctly without having to imbed.  So far, I can't figure out how to do that, but I'm still working on it.





Jim Liebgott

UNL UNIX admin



________________________________
From: LISTSERV Site Administrators' Forum <[log in to unmask]<mailto:[log in to unmask]>> on behalf of Jon Schwendemann <[log in to unmask]<mailto:[log in to unmask]>>
Sent: Monday, April 9, 2018 11:22:23 AM
To: [log in to unmask]<mailto:[log in to unmask]>
Subject: ssl setup for webui


I need to set up ssl fo that the webui is secured.

Openssl and mod ssl is installed. I madethe certs and keys.

I am working on the changes to ssl.conf, mainly the virtual host entry.

I am trying to figure out what my document root is, so I can put it into the virtualhost entry.

I have tried a couple of things, and on restarting httpd, I get an error that it cannot find with doc root location.

The webui still works, it just is not secure.

This rhel6 server serves no other webpages, just my listserv. Which was installed without any special changes.


________________________________

To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1
***CAUTION: This email originated from an outside source. DO NOT CLICK LINKS OR OPEN ATTACHMENTS UNLESS YOU KNOW THEY ARE SAFE.***

________________________________

To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1

############################

To unsubscribe from the LSTSRV-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1
ATOM RSS1 RSS2
COMMUNITY.EMAILOGY.COM