Example to use GNU mailman CGIs with caddy

Wiki
1

I have an older GNU mailman installation that should still be available if if served via caddy. As all the mailman stuff is CGI, I used xcaddy to build a version of caddy with cgi support:

xcaddy build --with github.com/aksdb/caddy-cgi/v2

Then I customized the caddy systemd service file using:

sudo systemctl edit caddy.service

to add the following as override parameters:

[Service]
ExecStart=
ExecReload=
ExecStart=/usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile
Group=www-data
SupplementaryGroups=list

This points to the locally installed caddy in /usr/local/bin as well as setting the primary group of the caddy server to www-data (default for my old Debian installation for the apache server, required for mailman). I also set a supplementary group of list to be able to access the mail archives. I use the following snipped In my Caddyfile:

	handle /cgi-bin/* {
		cgi /cgi-bin/mailman/admin* /usr/lib/cgi-bin/mailman/admin {
			script_name /cgi-bin/mailman/admin
		}
		cgi /cgi-bin/mailman/admindb* /usr/lib/cgi-bin/mailman/admindb {
			script_name /cgi-bin/mailman/admindb
		}
		cgi /cgi-bin/mailman/confirm* /usr/lib/cgi-bin/mailman/confirm {
			script_name /cgi-bin/mailman/confirm
		}
		cgi /cgi-bin/mailman/create* /usr/lib/cgi-bin/mailman/create {
			script_name /cgi-bin/mailman/create
		}
		cgi /cgi-bin/mailman/edithtml* /usr/lib/cgi-bin/mailman/edithtml {
			script_name /cgi-bin/mailman/edithtml
		}
		cgi /cgi-bin/mailman/listinfo* /usr/lib/cgi-bin/mailman/listinfo {
			script_name /cgi-bin/mailman/listinfo
		}
		cgi /cgi-bin/mailman/options* /usr/lib/cgi-bin/mailman/options {
			script_name /cgi-bin/mailman/options
		}
		cgi /cgi-bin/mailman/private* /usr/lib/cgi-bin/mailman/private {
			script_name /cgi-bin/mailman/private
		}
		cgi /cgi-bin/mailman/rmlist* /usr/lib/cgi-bin/mailman/rmlist {
			script_name /cgi-bin/mailman/rmlist
		}
		cgi /cgi-bin/mailman/roster* /usr/lib/cgi-bin/mailman/roster {
			script_name /cgi-bin/mailman/roster
		}
		cgi /cgi-bin/mailman/subscribe* /usr/lib/cgi-bin/mailman/subscribe {
			script_name /cgi-bin/mailman/subscribe
		}
	}
	handle_path /pipermail* {
		root * /var/lib/mailman/archives/public
		file_server
	}
	handle_path /images/mailman* {
		root * /usr/share/images/mailman
		file_server
	}
1 Like
2

A couple things.

You can follow these instructions to avoid needing to change the path to the Caddy binary:

Also the caddy user is already in the www-data group if you installed from the apt repo, so changing the group for the service shouldn’t be necessary. You could also add the list group to the caddy user if you need, I guess.

1 Like
3

Well, the password file entry is nice for documentation, but not really used due to caddy being started by systemd. The service file says this:

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

The primary groups thus will always be caddy using this service file, and my override is necessary.