opendev/system-config
Code Issues Proposed changes
system-config/playbooks/roles/mailman-site/templates/mailman_multihost.vhost.j2
Jeremy Stanley 81f8cdfb7b Add HTTPS vhosts to mailman servers 
Add secondary vhosts for HTTPS to each mailman site, but don't
remove the plain HTTP ones for now. Before switching to Mailman 3
we'll replace the current HTTP vhosts with blanket redirects to
HTTPS.

Add tests to make sure this is working, and also add a command-line
test for the lists.openinfra.dev site now that it's got a first
non-default list of its own. Also collect Apache logs from the test
nodes so we can see for sure what might break.

Change-Id: I4d93d643381f17c9a968595587909f0ba3dd6f92
2021-12-20 20:35:14 +00:00

112 lines
3.5 KiB
Django/Jinja
Raw Blame History

<VirtualHost *:80>
ServerName {{ mailman_site.listdomain }}
ErrorLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-access.log combined
DocumentRoot /var/www
RewriteEngine on
# TODO(fungi): convert this vhost into a blanket redirect to HTTPS when ready
RewriteRule ^/$ /cgi-bin/mailman/listinfo [R]
# We can find mailman here:
ScriptAlias /cgi-bin/mailman/ /usr/lib/cgi-bin/mailman/
# And the public archives:
Alias /pipermail/ /srv/mailman/{{ mailman_site.name }}/archives/public/
# Logos:
Alias /images/mailman/ /usr/share/images/mailman/
# Use this if you don't want the "cgi-bin" component in your URL:
# In case you want to access mailman through a shorter URL you should enable
# this:
#ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/
# In this case you need to set the DEFAULT_URL_PATTERN in
# /etc/mailman/mm_cfg.py to http://%s/mailman/ for the cookie
# authentication code to work. Note that you need to change the base
# URL for all the already-created lists as well.
<Directory /usr/lib/cgi-bin/mailman/>
AllowOverride None
Options ExecCGI
AddHandler cgi-script .cgi
SetEnv HOST {{ mailman_site.listdomain }}
Order allow,deny
Allow from all
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
<Directory /srv/mailman/{{ mailman_site.name }}/archives/public/>
Options FollowSymlinks
AllowOverride None
Order allow,deny
Allow from all
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
<Directory /usr/share/images/mailman/>
AllowOverride None
Order allow,deny
Allow from all
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName {{ mailman_site.listdomain }}
ServerAdmin webmaster@openstack.org
ErrorLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/{{ mailman_site.listdomain }}-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer
RewriteEngine on
RewriteRule ^/$ /cgi-bin/mailman/listinfo [R]
ScriptAlias /cgi-bin/mailman/ /usr/lib/cgi-bin/mailman/
Alias /pipermail/ /srv/mailman/{{ mailman_site.name }}/archives/public/
Alias /images/mailman/ /usr/share/images/mailman/
<Directory /usr/lib/cgi-bin/mailman/>
AllowOverride None
Options ExecCGI
AddHandler cgi-script .cgi
SetEnv HOST {{ mailman_site.listdomain }}
Order allow,deny
Allow from all
Require all granted
</Directory>
<Directory /srv/mailman/{{ mailman_site.name }}/archives/public/>
Options FollowSymlinks
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
<Directory /usr/share/images/mailman/>
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
View Git Blame Copy Permalink