opendev/system-config
Code Issues Proposed changes
8ccab5e967
system-config/playbooks/roles/mailman-site/templates/mailman_multihost.vhost.j2
Ian Wienand 8bf3bbba93
mailman: add variable for matching UAs in Apache 
This allows us to quickly create a list of user agents we may not want
to crawl the site.

Change-Id: Ibbc84e0f7b529cd029770cc8ec3a3d82477734ce
2023-01-11 15:47:20 +11:00

75 lines
2.8 KiB
Django/Jinja
Raw Blame History

<VirtualHost *:80>
ServerName {{ mailman_site.listdomain }}
ErrorLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-access.log combined
RedirectPermanent / https://{{ mailman_site.listdomain }}/
</VirtualHost>
<VirtualHost *:443>
ServerName {{ mailman_site.listdomain }}
ServerAdmin webmaster@openstack.org
ErrorLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer
RewriteEngine on
{% if mailman_block_ua %}{% for ua in mailman_block_ua %}
RewriteCond %{HTTP_USER_AGENT} "{{ ua }}" {{ loop.last | ternary('', '[OR]') }}
{% endfor %}
RewriteRule .- [R=403,L]
{% endif %}
RewriteRule ^/$ /cgi-bin/mailman/listinfo [R]
RewriteCond %{HTTP_HOST} ^lists\.openstack\.org$ [nocase]
RewriteRule /(cgi-bin/mailman/listinfo|pipermail)/(community|foundation|foundation-board|foundation-board-confidential|goldmembers|marketing|staff|summitsponsors)(/.*|$) %{REQUEST_SCHEME}://lists.openinfra.dev/$1/$2$3 [last,redirect=permanent]
RewriteCond %{HTTP_HOST} ^lists\.openstack\.org$ [nocase]
RewriteRule /(cgi-bin/mailman/listinfo|pipermail)/(edge-computing)(/.*|$) %{REQUEST_SCHEME}://lists.opendev.org/$1/$2$3 [last,redirect=permanent]
ScriptAlias /cgi-bin/mailman/ /usr/lib/cgi-bin/mailman/
Alias /pipermail/ /srv/mailman/{{ mailman_site.name }}/archives/public/
Alias /images/mailman/ /usr/share/images/mailman/
Alias /archives.yaml /var/www/archives.yaml
Alias /robots.txt /var/www/robots.txt
<Directory /usr/lib/cgi-bin/mailman/>
AllowOverride None
Options ExecCGI
AddHandler cgi-script .cgi
SetEnv HOST {{ mailman_site.listdomain }}
Order allow,deny
Allow from all
Require all granted
</Directory>
<Directory /srv/mailman/{{ mailman_site.name }}/archives/public/>
Options FollowSymlinks
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
<Directory /usr/share/images/mailman/>
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
View Git Blame Copy Permalink