Help for deployment

[H3ct0r55]

Hey there, after successfully installing listmonk and running it as localhost, I would like to connect it to a subdomain which would be listmonk.mydomain.com for example. I currently run Nginx on the same server that I have listmonk installed on but I am unsure on how to go about setting everything up. I also would like to run it over SSL given that it is dealing with peoples emails and admin credentials.

From a quick google search I can't find much information about deployment to the web and it would be great if someone could help me through this. The only thing that I vaguely saw was using a proxy that points incoming connections for listnomk.mydomain.com to localhost:9000 but I'm not entirely sure of the security implications of opening a connection to a localhost port.

Any help would be much appreciated.

Br.

[muehlburger]

There are basically 3 steps to work through:

1. Setup Nginx to serve a basic subdomain such as http://news.it-zt.at
2. Setup and configure Certbot for Nginx to serve traffic through TLS/SSL
3. Configure a proxy_pass in your nginx configuration file to pass traffic from your subdomain to your upstream listmonk app running on localhost

Here is my nginx configuration file that serves listmonk with nginx through my subdomain https://news.it-zt.at

server {
     listen 80;
     listen [::]:80;
     server_tokens off;
     server_name news.it-zt.at;
     return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name news.it-zt.at;
    server_tokens off;

    root /srv/www/news.it-zt.at/public_html;

    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
    ssl_certificate /etc/letsencrypt/live/it-zt.at/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/it-zt.at/privkey.pem; # managed by Certbot    

    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
    ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';

    # add security headers
    add_header Strict-Transport-Security max-age=15768000; # six months
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-Content-Type-Options "nosniff";
    add_header X-XSS-Protection  "1; mode=block";

    # use this only if all subdomains support HTTPS!
    # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";

    ssl_dhparam /etc/nginx/ssl/dhparams.pem;
    #ssl_ecdh_curve secp384r1;

    access_log /var/log/nginx/news.it-zt.at_access.log;
    error_log /var/log/nginx/news.it-zt.at_error.log;

    include /etc/nginx/conf.d/global/restrictions.conf;

    location / {
        proxy_pass http://localhost:9000;

        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;

        access_log off;
    }
}

Please note: this is just an example and should be tailored to your needs regarding TLS/SSL parameters.

Hope this helps!

[H3ct0r55]

Thanks for the help, ill take a look later, seems like nothing complicated, just needed to be told what to do

[H3ct0r55]

what does the root folder contain?

root /srv/www/news.it-zt.at/public_html;

or is it just a blank directory for the sake of nginx?

[muehlburger]

it is just a blank directory

[H3ct0r55]

I figured

Thanks again for the info, installing certbot now to generate the SSL certificate and Key and hopefully ill have it up soon

[H3ct0r55]

all sorted, got it all running.

last issue is that when I run systemctl restart Listmonk, there is no service for Listmonk, I've looked through the list of service and I can't find a Listmonk service, how do I restart Listmonk when I make a modification to the config.toml for example

[muehlburger]

Currently I have no listmonk systemd service configured, but I could probably be configured like that:

/lib/systemd/system/listmonk.service

[Unit]
Description=Listmonk
Wants=network.target
After=network.target

[Service]
Type=simple
User=listmonk
Group=listmonk

WorkingDirectory=/path/to/working/directory
ExecStart=/path/to/listmonk-binary
Restart=on-abort

Environment=LISTMONK_app__address="0.0.0.0:9000"

[Install]
WantedBy=multi-user.target

The env variable is probably not necessary if you use a config.yaml.

[itzomen]

This was very helpful, Thanks
Everything works well with no password enabled, What are the steps to do before login in?
For example https://news.it-zt.at @muehlburger how do you login

I see a popup for the password but it disappears immediately

[knadh]

You login with the username and password you have configured in config.toml.

I see a popup for the password but it disappears immediately

hm, that shouldn't happen. That's the browser's built in HTTP BasicAuth prompt. What browser are you using?

[itzomen]

I'm using chrome

[knadh]

Please don't leave the username and password empty in config.toml on a public instance! I'm unsure why the Chrome prompt disappears though. That's browser behaviour. Could you try another browser?

[itzomen]

Yeah thanks for pointing that..
It works with Firefox