opendev/system-config
Code Issues Proposed changes
system-config/playbooks/roles/mailman3/templates/mailman.vhost.j2
Jeremy Stanley 066ab8bbb1 Fix old openinfra.dev Pipermail archive rewrites 
Move the legacy archive rewrite rules after the openinfra.dev domain
rewrites so that the get processed correctly.

Change-Id: Id756785b4f334865d50b819579c0a44eeafec1b5
2024-12-02 17:02:04 +00:00

98 lines
3.3 KiB
Django/Jinja
Raw Permalink Blame History

<VirtualHost *:80>
ServerName {{ mailman_sites.0.listdomain }}
{% for site in mailman_sites[1:] -%}
ServerAlias {{ site.listdomain }}
{% endfor -%}
ErrorLog ${APACHE_LOG_DIR}/{{ mailman_sites.0.listdomain }}-error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/{{ mailman_sites.0.listdomain }}-access.log combined
Use UserAgentFilter
RewriteEngine On
# The lists.openinfra.dev site has moved to lists.openinfra.org
ServerAlias lists.openinfra.dev
RewriteCond %{SERVER_NAME} =lists.openinfra.dev
RewriteRule "/(.*)lists.openinfra.dev(.*)" "$1lists.openinfra.org$2"
RewriteCond %{SERVER_NAME} =lists.openinfra.dev
RewriteRule "/(.*)" "https://lists.openinfra.org/$1" [L,R=301]
# Use mod rewrite to redirect as we want to preserve the FQDN for each
# mm3 vhost.
RewriteRule "/(.*)" "https://%{HTTP_HOST}/$1" [R=301]
</VirtualHost>
<VirtualHost *:443>
ServerName {{ mailman_sites.0.listdomain }}
{% for site in mailman_sites[1:] -%}
ServerAlias {{ site.listdomain }}
{% endfor -%}
ServerAdmin webmaster@openstack.org
ErrorLog ${APACHE_LOG_DIR}/{{ mailman_sites.0.listdomain }}-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/{{ mailman_sites.0.listdomain }}-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer
Alias /static /var/lib/mailman/web-data/static
Alias /favicon.ico /var/lib/mailman/web-data/static/archives/img/favicon.ico
<Location "/admin">
Require local
</Location>
# This macro relies on mod rewrite rules so put it before any of the
# actual rewrites we want to perform.
Use UserAgentFilter
RewriteEngine On
RewriteRule ^/robots.txt$ /var/www/robots/robots.txt [L]
# The lists.openinfra.dev site has moved to lists.openinfra.org
ServerAlias lists.openinfra.dev
RewriteCond %{SERVER_NAME} =lists.openinfra.dev
RewriteRule "/(.*)lists.openinfra.dev(.*)" "$1lists.openinfra.org$2"
RewriteCond %{SERVER_NAME} =lists.openinfra.dev
RewriteRule "/(.*)" "https://lists.openinfra.org/$1" [L,R=301]
# Handle old Mailman v2/pipermail links
RewriteRule "/pipermail/(.*)" "/var/lib/mailman/web-data/mm2archives/%{HTTP_HOST}/public/$1"
RewriteRule "/cgi-bin/mailman/listinfo/(.*)" "https://%{HTTP_HOST}/mailman3/lists/$1.%{HTTP_HOST}/"
RewriteRule "/cgi-bin/mailman/listinfo" "https://%{HTTP_HOST}/mailman3/lists/"
ProxyPassMatch ^/static/ !
ProxyPass "/" "uwsgi://localhost:8080/"
<Directory /var/lib/mailman/web-data/static/>
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
<Directory /var/lib/mailman/web-data/mm2archives/>
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
<Directory "/var/www/robots">
Require all granted
</Directory>
</VirtualHost>
View Git Blame Copy Permalink