112 lines
3.5 KiB
Django/Jinja
112 lines
3.5 KiB
Django/Jinja
<VirtualHost *:80>
|
|
ServerName {{ mailman_site.listdomain }}
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-error.log
|
|
|
|
# Possible values include: debug, info, notice, warn, error, crit,
|
|
# alert, emerg.
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-access.log combined
|
|
|
|
DocumentRoot /var/www
|
|
|
|
RewriteEngine on
|
|
# TODO(fungi): convert this vhost into a blanket redirect to HTTPS when ready
|
|
RewriteRule ^/$ /cgi-bin/mailman/listinfo [R]
|
|
|
|
# We can find mailman here:
|
|
ScriptAlias /cgi-bin/mailman/ /usr/lib/cgi-bin/mailman/
|
|
# And the public archives:
|
|
Alias /pipermail/ /srv/mailman/{{ mailman_site.name }}/archives/public/
|
|
# Logos:
|
|
Alias /images/mailman/ /usr/share/images/mailman/
|
|
|
|
# Use this if you don't want the "cgi-bin" component in your URL:
|
|
# In case you want to access mailman through a shorter URL you should enable
|
|
# this:
|
|
#ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/
|
|
# In this case you need to set the DEFAULT_URL_PATTERN in
|
|
# /etc/mailman/mm_cfg.py to http://%s/mailman/ for the cookie
|
|
# authentication code to work. Note that you need to change the base
|
|
# URL for all the already-created lists as well.
|
|
|
|
<Directory /usr/lib/cgi-bin/mailman/>
|
|
AllowOverride None
|
|
Options ExecCGI
|
|
AddHandler cgi-script .cgi
|
|
SetEnv HOST {{ mailman_site.listdomain }}
|
|
Order allow,deny
|
|
Allow from all
|
|
<IfVersion >= 2.4>
|
|
Require all granted
|
|
</IfVersion>
|
|
</Directory>
|
|
<Directory /srv/mailman/{{ mailman_site.name }}/archives/public/>
|
|
Options FollowSymlinks
|
|
AllowOverride None
|
|
Order allow,deny
|
|
Allow from all
|
|
<IfVersion >= 2.4>
|
|
Require all granted
|
|
</IfVersion>
|
|
</Directory>
|
|
<Directory /usr/share/images/mailman/>
|
|
AllowOverride None
|
|
Order allow,deny
|
|
Allow from all
|
|
<IfVersion >= 2.4>
|
|
Require all granted
|
|
</IfVersion>
|
|
</Directory>
|
|
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:443>
|
|
ServerName {{ mailman_site.listdomain }}
|
|
ServerAdmin webmaster@openstack.org
|
|
ErrorLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-ssl-error.log
|
|
LogLevel warn
|
|
CustomLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-ssl-access.log combined
|
|
|
|
SSLEngine on
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Note: this list should ensure ciphers that provide forward secrecy
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
|
|
SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer
|
|
SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
|
|
SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer
|
|
|
|
RewriteEngine on
|
|
RewriteRule ^/$ /cgi-bin/mailman/listinfo [R]
|
|
|
|
ScriptAlias /cgi-bin/mailman/ /usr/lib/cgi-bin/mailman/
|
|
Alias /pipermail/ /srv/mailman/{{ mailman_site.name }}/archives/public/
|
|
Alias /images/mailman/ /usr/share/images/mailman/
|
|
|
|
<Directory /usr/lib/cgi-bin/mailman/>
|
|
AllowOverride None
|
|
Options ExecCGI
|
|
AddHandler cgi-script .cgi
|
|
SetEnv HOST {{ mailman_site.listdomain }}
|
|
Order allow,deny
|
|
Allow from all
|
|
Require all granted
|
|
</Directory>
|
|
<Directory /srv/mailman/{{ mailman_site.name }}/archives/public/>
|
|
Options FollowSymlinks
|
|
AllowOverride None
|
|
Order allow,deny
|
|
Allow from all
|
|
Require all granted
|
|
</Directory>
|
|
<Directory /usr/share/images/mailman/>
|
|
AllowOverride None
|
|
Order allow,deny
|
|
Allow from all
|
|
Require all granted
|
|
</Directory>
|
|
</VirtualHost>
|