<VirtualHost *:80>
ServerName {{ mailman_site.listdomain }}
ErrorLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-access.log combined
DocumentRoot /var/www
RewriteEngine on
# TODO(fungi): convert this vhost into a blanket redirect to HTTPS when ready
RewriteRule ^/$ /cgi-bin/mailman/listinfo [R]
RewriteCond %{HTTP_HOST} ^lists\.openstack\.org$ [nocase]
RewriteRule /(cgi-bin/mailman/listinfo|pipermail)/(community|foundation|foundation-board|foundation-board-confidential|goldmembers|marketing|staff|summitsponsors)(/.*|$) %{REQUEST_SCHEME}://lists.openinfra.dev/$1/$2$3 [last,redirect=permanent]
# We can find mailman here:
ScriptAlias /cgi-bin/mailman/ /usr/lib/cgi-bin/mailman/
# And the public archives:
Alias /pipermail/ /srv/mailman/{{ mailman_site.name }}/archives/public/
# Logos:
Alias /images/mailman/ /usr/share/images/mailman/
# Use this if you don't want the "cgi-bin" component in your URL:
# In case you want to access mailman through a shorter URL you should enable
# this:
#ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/
# In this case you need to set the DEFAULT_URL_PATTERN in
# /etc/mailman/mm_cfg.py to http://%s/mailman/ for the cookie
# authentication code to work. Note that you need to change the base
# URL for all the already-created lists as well.
<Directory /usr/lib/cgi-bin/mailman/>
AllowOverride None
Options ExecCGI
AddHandler cgi-script .cgi
SetEnv HOST {{ mailman_site.listdomain }}
Order allow,deny
Allow from all
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
<Directory /srv/mailman/{{ mailman_site.name }}/archives/public/>
Options FollowSymlinks
AllowOverride None
Order allow,deny
Allow from all
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
<Directory /usr/share/images/mailman/>
AllowOverride None
Order allow,deny
Allow from all
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName {{ mailman_site.listdomain }}
ServerAdmin webmaster@openstack.org
ErrorLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer
RewriteEngine on
RewriteRule ^/$ /cgi-bin/mailman/listinfo [R]
RewriteCond %{HTTP_HOST} ^lists\.openstack\.org$ [nocase]
RewriteRule /(cgi-bin/mailman/listinfo|pipermail)/(community|foundation|foundation-board|foundation-board-confidential|goldmembers|marketing|staff|summitsponsors)(/.*|$) %{REQUEST_SCHEME}://lists.openinfra.dev/$1/$2$3 [last,redirect=permanent]
ScriptAlias /cgi-bin/mailman/ /usr/lib/cgi-bin/mailman/
Alias /pipermail/ /srv/mailman/{{ mailman_site.name }}/archives/public/
Alias /images/mailman/ /usr/share/images/mailman/
<Directory /usr/lib/cgi-bin/mailman/>
AllowOverride None
Options ExecCGI
AddHandler cgi-script .cgi
SetEnv HOST {{ mailman_site.listdomain }}
Order allow,deny
Allow from all
Require all granted
</Directory>
<Directory /srv/mailman/{{ mailman_site.name }}/archives/public/>
Options FollowSymlinks
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
<Directory /usr/share/images/mailman/>
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>