Opened 6 years ago
#7765 new defect
Change mailman to use HTTPS by default
| Reported by: | llogan | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | website |
| Version: | unspecified | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Mailman web_page_url is set to HTTP, so mailing list URLs that are generated from this substitution are not using HTTPS. This can result in non-secure logins by users.
From Where can I change a list or the default URL used for the web interface?:
If you want to use Secure HTTP instead of regular HTTP you may also want to assign, again in
mm_cfg.py, different values for theDEFAULT_URL_PATTERNandPUBLIC_ARCHIVE_URLMM config variables.
Depending on how you want your site to operate you may change one or other or both of these patterns to use the 'https' scheme rather than the default 'http' scheme.
Check in
Defaults.pyfor the description and current values of the variables.
Then run
mailmanctl restart(or the changes will not take hold).
The archives should then be rebuilt to regenerate the URLs to attachments. See link above. Note that this may rebuild spam messages that were manually renamed: usually to something like 229996.html.spam.
Somewhat related to #7575.
