<VirtualHost *:80> ServerName {{ mailman_listdomain }} ErrorLog ${APACHE_LOG_DIR}/{{ mailman_listdomain }}-error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/{{ mailman_listdomain }}-access.log combined RedirectPermanent / https://{{ mailman_listdomain }}/ </VirtualHost> <VirtualHost *:443> ServerName {{ mailman_listdomain }} ServerAdmin webmaster@openstack.org ErrorLog ${APACHE_LOG_DIR}/{{ mailman_listdomain }}-ssl-error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/{{ mailman_listdomain }}-ssl-access.log combined SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # Note: this list should ensure ciphers that provide forward secrecy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP SSLHonorCipherOrder on SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer RewriteEngine on RewriteRule ^/$ /cgi-bin/mailman/listinfo [R] ScriptAlias /cgi-bin/mailman/ /usr/lib/cgi-bin/mailman/ Alias /pipermail/ /var/lib/mailman/archives/public/ Alias /images/mailman/ /usr/share/images/mailman/ <Directory /usr/lib/cgi-bin/mailman/> AllowOverride None Options ExecCGI AddHandler cgi-script .cgi Order allow,deny Allow from all Require all granted </Directory> <Directory /var/lib/mailman/archives/public/> Options FollowSymlinks AllowOverride None Order allow,deny Allow from all Require all granted </Directory> <Directory /usr/share/images/mailman/> AllowOverride None Order allow,deny Allow from all Require all granted </Directory> </VirtualHost>