Subject: The mailing list for listmasters using Sympa
List archive
- From: "C. Bernard" <address@concealed>
- To: "Christian H. Kuhn" <address@concealed>
- Cc: address@concealed
- Subject: Re: [en@sympa] Web access forbidden
- Date: Wed, 10 Sep 2025 16:43:36 +0200
Hi
see inline
On 2025-09-10 15:27, "Christian H. Kuhn" wrote:
Hi Stephen,
thx for your answer.
I forgot to include some informaton.
root@bywater ~ # lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 25.04
Release: 25.04
Codename: plucky
root@bywater ~ # sympa --version
Sympa 6.2.76
root@bywater ~ # apache2ctl -v
Server version: Apache/2.4.63 (Ubuntu)
Server built: 2025-07-14T15:12:31
root@bywater ~ # postconf mail_version
mail_version = 3.9.1
root@bywater ~ # ll /run/sympa/
total 20
drwxr-xr-x 2 sympa sympa 160 Sep 10 15:06 ./
drwxr-xr-x 45 root root 1360 Sep 10 06:33 ../
-rw-r--r-- 1 sympa sympa 8 Sep 9 22:29 archived.pid
-rw-r--r-- 1 sympa sympa 8 Sep 9 22:29 bounced.pid
-rw-r--r-- 1 sympa sympa 8 Sep 9 22:29 bulk.pid
-rw-r--r-- 1 sympa sympa 8 Sep 9 22:29 sympa_msg.pid
-rw-r--r-- 1 sympa sympa 8 Sep 9 22:29 task_manager.pid
srw-rw---- 1 www-data www-data 0 Sep 9 22:11 wwsympa.socket=
[root@beastly /usr/local/etc/apache24]# ls -al /var/run/sympa/
total 28
drwxr-xr-x 2 sympa sympa 512 Sep 10 16:00 .
drwxr-xr-x 20 root wheel 1024 Sep 10 03:48 ..
-rw-r--r-- 1 sympa sympa 6 Sep 8 21:51 archived.pid
-rw-r--r-- 1 sympa sympa 6 Sep 8 21:51 bounced.pid
-rw-r--r-- 1 sympa sympa 6 Sep 8 21:51 bulk.pid
-rw-r--r-- 1 sympa sympa 6 Sep 8 21:51 sympa_msg.pid
-rw-r--r-- 1 sympa sympa 6 Sep 8 21:51 task_manager.pid
srw------- 1 www www 0 Aug 9 13:01 wwsympa.socket
the "=" at the end of your last line is some "ls" linuxism?
And where is the "/run/sympa/sympasoap.socket" entry? (I would remove the soap config part / localtion for the moment, until the basic GUI works)
Testing location is https://sglasker.de/sympa
Am 10.09.2025 um 01:35 schrieb Stephen Jarjoura (via en Mailing List):
Your path is different, but here's the FCGI stanza in my Apache config file. [...]
<Location /sympa>
SetHandler "proxy:unix:/var/sympa/var/run/sympa/wwsympa.socket| fcgi://localhost"
Require all granted
</Location>
Have you tried the retype the "|" in your config? (Maybe pasting did something bad in any of the copied config).
The space after the pipe, I don't have that, but most probably it does not matter.
I have already retyped entries letter by letter and char for char and afterwards it worked...copy from web to config file is not alway working. Use a plain textg text app in between helps.
Do you have the proper module in httpd.conf...?:
LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so
Same here. I just copied from doc and replaced Variables:
<Location /sympa>
SetHandler "proxy:unix:/run/sympa/wwsympa.socket|fcgi://localhost"
# Don't forget to edit lines below!
# Require local
Require all granted
</Location>
# Lines below are needed for 6.2.28 or later.
<Location "/static-sympa/css">
Require all granted
</Location>
Alias /static-sympa/css /var/lib/sympa/css
# Lines below are needed for 6.2.28 or later.
<Location "/static-sympa/pictures">
Require all granted
</Location>
Alias /static-sympa/pictures /var/lib/sympa/pictures
<Location /static-sympa>
Require all granted
</Location>
Alias /static-sympa /usr/share/sympa/static_content
<Location /sympasoap>
SetHandler "proxy:unix:/run/sympa/sympasoap.socket|fcgi://localhost"
# Don't forget to edit lines below!
# Require local
Require all granted
</Location>
I have only one alias for the entire tree (and no optional soap API configured) :
# sympa
Alias /static-sympa /usr/local/share/sympa/static
...
<Location /sy>
#SetHandler fcgid-script
#SetHandler fastcgi-script
#Options +ExecCGI
SetHandler "proxy:unix:/var/run/sympa/wwsympa.socket|fcgi://localhost"
# Don't forget to edit lines below!
#Require all denied
Require all granted
</Location>
<Location /static-sympa>
# Don't forget to edit lines below!
#Require local
Require all granted
</Location>
[root@beastly /usr/local/etc/apache24/extra]# ls -al /usr/local/share/sympa/static/
total 28
drwxr-xr-x 7 sympa sympa 512 Sep 8 21:51 .
drwxr-xr-x 7 root wheel 512 Sep 8 21:51 ..
drwxr-xr-x 5 sympa sympa 512 Oct 31 2023 css
drwxr-xr-x 4 root sympa 512 Sep 8 21:51 fonts
drwxr-xr-x 2 root sympa 512 Sep 8 21:51 icons
drwxr-xr-x 8 root sympa 512 Sep 8 21:51 js
drwxr-xr-x 2 sympa sympa 512 Sep 8 21:50 pictures
I would also check your selinux settings; we're running with it disabled, but I've seen the security context cause errors like that.I don’t do SELinux.
BTW: I can’t write FCGI_OPTS anywhere. In wwsympa.service, the log comlains about undefined option. /etc/sysconfig/dir not exists.
I use spawn (I am on freebsd so no selinux or systemd - all such daemon/startup conf lies in /etc/rc.conf:
[root@beastly /usr/local/etc/apache24]# grep -E 'spawn|sympa' /etc/rc.conf
sympa_enable="YES"
#sympa_enable="NO"
spawn_fcgi_enable="YES"
#spawn_fcgi_enable="NO"
spawn_fcgi_app="/usr/local/bin/perl"
spawn_fcgi_app_args="/usr/local/libexec/sympa/wwsympa.fcgi"
spawn_fcgi_bindsocket="/var/run/sympa/wwsympa.socket"
spawn_fcgi_bindsocket_mode="0600 -U www"
spawn_fcgi_username="sympa"
spawn_fcgi_groupname="sympa"
apache runs as user "www" here. (instead of www-data)
And now, after changing the order of ServerAliases, i even get a 404 :-(
80.187.86.76 - - [10/Sep/2025:15:19:27 +0200] "POST /sympa?_=9a59d083-34bf-4166-b312-e0573ff93fbe HTTP/1.1" 404 590 "https://www.sglasker.de/sympa"; "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:142.0) Gecko/20100101 Firefox/142.0"
85.xy.yx.49 - - [07/Sep/2025:21:55:23 +0200] "POST /sy HTTP/2.0" 200 200 58112 TLSv1.3 TLS_AES_256_GCM_SHA384 "https://myown.domain/sy"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:142.0) Gecko/20100101 Firefox/142.0"
I have 'h2' in apache24 configured and my url is /sy instead of /sympa (and no http only https)
hth
cheers
cmb
log_level 3
log_facility = syslog = LOCAL2 with respective conf of rsyslog.
sympa logs mail events, but not web events.
The solution will be sth very simple, but atm the bug (that one that sits in front of the pc) feels a bit stupid and tired. Any further help?
TIA
QNo
-
[en@sympa] Web access forbidden,
Christian H. Kuhn, 09/09/2025
-
Re: [en@sympa] Web access forbidden,
Stephen Jarjoura, 09/09/2025
-
Re: [en@sympa] Web access forbidden,
Christian H. Kuhn, 09/10/2025
- Re: [en@sympa] Web access forbidden, Stephen Jarjoura, 09/10/2025
-
Re: [en@sympa] Web access forbidden,
C. Bernard, 09/10/2025
- Re: [en@sympa] Web access forbidden, Christian H. Kuhn, 09/11/2025
-
Re: [en@sympa] Web access forbidden,
Christian H. Kuhn, 09/10/2025
-
Re: [en@sympa] Web access forbidden,
Stephen Jarjoura, 09/09/2025
Archive powered by MHonArc 2.6.19+.