opendev/system-config
Code Issues Proposed changes
Files
b84bdffc08446e02100e36967ce9f77a9bf686ed
system-config/playbooks/roles/mailman-site/templates/mailman_multihost.vhost.j2
Jeremy Stanley b84bdffc08 Add mailman Web redirects for the moved staff list 
While the staff mailing list is hidden and private in production,
that configuration is set after creation, so in our deployment tests
we can absolutely verify that HTTP and HTTPS redirects for listinfo
and archives work anyway. This paves the way for any further
rewrites and associated testing we may need to do for other mailing
lists which move between domains, as well as testing redirects we
may set up as part of the v2 to v3 migration.

Change-Id: I68078554a72e3b59d8192ac4339e8654a8351f52
2021-12-21 03:37:10 +00:00

116 lines
3.9 KiB
Django/Jinja
Raw Blame History

<VirtualHost *:80>
ServerName {{ mailman_site.listdomain }}
ErrorLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-access.log combined
DocumentRoot /var/www
RewriteEngine on
# TODO(fungi): convert this vhost into a blanket redirect to HTTPS when ready
RewriteRule ^/$ /cgi-bin/mailman/listinfo [R]
RewriteCond %{HTTP_HOST} ^lists\.openstack\.org$ [nocase]
RewriteRule /(cgi-bin/mailman/listinfo|pipermail)/(staff)(/.*|$) %{REQUEST_SCHEME}://lists.openinfra.dev/$1/$2$3 [last,redirect=permanent]
# We can find mailman here:
ScriptAlias /cgi-bin/mailman/ /usr/lib/cgi-bin/mailman/
# And the public archives:
Alias /pipermail/ /srv/mailman/{{ mailman_site.name }}/archives/public/
# Logos:
Alias /images/mailman/ /usr/share/images/mailman/
# Use this if you don't want the "cgi-bin" component in your URL:
# In case you want to access mailman through a shorter URL you should enable
# this:
#ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/
# In this case you need to set the DEFAULT_URL_PATTERN in
# /etc/mailman/mm_cfg.py to http://%s/mailman/ for the cookie
# authentication code to work. Note that you need to change the base
# URL for all the already-created lists as well.
<Directory /usr/lib/cgi-bin/mailman/>
AllowOverride None
Options ExecCGI
AddHandler cgi-script .cgi
SetEnv HOST {{ mailman_site.listdomain }}
Order allow,deny
Allow from all
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
<Directory /srv/mailman/{{ mailman_site.name }}/archives/public/>
Options FollowSymlinks
AllowOverride None
Order allow,deny
Allow from all
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
<Directory /usr/share/images/mailman/>
AllowOverride None
Order allow,deny
Allow from all
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName {{ mailman_site.listdomain }}
ServerAdmin webmaster@openstack.org
ErrorLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer
RewriteEngine on
RewriteRule ^/$ /cgi-bin/mailman/listinfo [R]
RewriteCond %{HTTP_HOST} ^lists\.openstack\.org$ [nocase]
RewriteRule /(cgi-bin/mailman/listinfo|pipermail)/(staff)(/.*|$) %{REQUEST_SCHEME}://lists.openinfra.dev/$1/$2$3 [last,redirect=permanent]
ScriptAlias /cgi-bin/mailman/ /usr/lib/cgi-bin/mailman/
Alias /pipermail/ /srv/mailman/{{ mailman_site.name }}/archives/public/
Alias /images/mailman/ /usr/share/images/mailman/
<Directory /usr/lib/cgi-bin/mailman/>
AllowOverride None
Options ExecCGI
AddHandler cgi-script .cgi
SetEnv HOST {{ mailman_site.listdomain }}
Order allow,deny
Allow from all
Require all granted
</Directory>
<Directory /srv/mailman/{{ mailman_site.name }}/archives/public/>
Options FollowSymlinks
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
<Directory /usr/share/images/mailman/>
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
View Git Blame Copy Permalink