diff --git a/roles/mailman3/tasks/main.yml b/roles/mailman3/tasks/main.yml index 95ad76ecf3..cb6aaf62c8 100644 --- a/roles/mailman3/tasks/main.yml +++ b/roles/mailman3/tasks/main.yml @@ -373,8 +373,11 @@ # Httpd - name: Import needed httpd configurations ansible.builtin.template: - src: "mailmanweb.conf.j2" - dest: "/etc/httpd/conf.d/mailmanweb.conf" + src: "{{item}}.j2" + dest: "/etc/httpd/conf.d/{{item}}" + with_items: + - mailmanweb.conf + - ssl-mailmanweb.conf notify: - reload apache tags: diff --git a/roles/mailman3/templates/ssl-mailmanweb.conf.j2 b/roles/mailman3/templates/ssl-mailmanweb.conf.j2 new file mode 100644 index 0000000000..5ab3a145ed --- /dev/null +++ b/roles/mailman3/templates/ssl-mailmanweb.conf.j2 @@ -0,0 +1,47 @@ + + ServerAdmin admin@fedoraproject.org + ServerName {{ mailman_httpd_hostname }} + DocumentRoot /var/www/html + + Header always set Strict-Transport-Security "max-age=31536000" + Header always set X-Frame-Options "SAMEORIGIN" + Header always set X-Xss-Protection "1; mode=block" + Header always set X-Content-Type-Options "nosniff" + Header always set Referrer-Policy "same-origin" + RequestHeader set X-Forwarded-Proto 'https' env=HTTPS + + # Web ui + Alias /favicon.ico {{ mailman_webui_basedir }}/static/favicon.ico + Alias /robots.txt {{ mailman_webui_basedir }}/static-fedora/robots.txt + Alias /static {{ mailman_webui_basedir }}/static/ + + # Imported mailman2 archives/html files (aka pipermail) + Alias /pipermail {{ mailman_webui_basedir }}/old-archives/pipermail + + # Redirecting to hyperkitty if nothing is specified + RewriteEngine on + RewriteRule ^/$ /hyperkitty [R,L] + + ProxyPreserveHost On + ProxyRequests off + + # Not redirecting/proxying static content (served locally) + ProxyPass /static ! + ProxyPass /pipermail ! + + # Proxying to gunicorn mailmanweb backend + ProxyPass / http://127.0.0.1:8000/ + ProxyPassReverse / http://127.0.0.1:8000/ + + + Order deny,allow + Allow from all + Require all granted + + + + Order deny,allow + Allow from all + Require all granted + +