ServerName {{ mailman_sites.0.listdomain }} {% for site in mailman_sites[1:] -%} ServerAlias {{ site.listdomain }} {% endfor -%} ErrorLog ${APACHE_LOG_DIR}/{{ mailman_sites.0.listdomain }}-error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/{{ mailman_sites.0.listdomain }}-access.log combined # Use mod rewrite to redirect as we want to preserve the FQDN for each # mm3 vhost. RewriteEngine On RewriteRule "/(.*)" "https://%{HTTP_HOST}/$1" [R=301] ServerName {{ mailman_sites.0.listdomain }} {% for site in mailman_sites[1:] -%} ServerAlias {{ site.listdomain }} {% endfor -%} ServerAdmin webmaster@openstack.org ErrorLog ${APACHE_LOG_DIR}/{{ mailman_sites.0.listdomain }}-ssl-error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/{{ mailman_sites.0.listdomain }}-ssl-access.log combined SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # Note: this list should ensure ciphers that provide forward secrecy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP SSLHonorCipherOrder on SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer Alias /static /var/lib/mailman/web-data/static Alias /favicon.ico /var/lib/mailman/web-data/static/archives/img/favicon.ico Require local RewriteEngine On RewriteRule "/pipermail/(.*)" "/var/lib/mailman/web-data/mm2archives/%{HTTP_HOST}/public/$1" RewriteRule "/cgi-bin/mailman/listinfo/(.*)" "https://%{HTTP_HOST}/mailman3/lists/$1.%{HTTP_HOST}/" RewriteRule "/cgi-bin/mailman/listinfo" "https://%{HTTP_HOST}/mailman3/lists/" ProxyPassMatch ^/static/ ! ProxyPass "/" "uwsgi://localhost:8080/" AllowOverride None Order allow,deny Allow from all Require all granted AllowOverride None Order allow,deny Allow from all Require all granted