[mailman3] Add ssl configuration for apache
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
This commit is contained in:
Michal Konecny
parent
35a2da98e7
commit
ed6e67512e
2 changed files with 52 additions and 2 deletions
|
|
@ -373,8 +373,11 @@
|
||||||
# Httpd
|
# Httpd
|
||||||
- name: Import needed httpd configurations
|
- name: Import needed httpd configurations
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "mailmanweb.conf.j2"
|
src: "{{item}}.j2"
|
||||||
dest: "/etc/httpd/conf.d/mailmanweb.conf"
|
dest: "/etc/httpd/conf.d/{{item}}"
|
||||||
|
with_items:
|
||||||
|
- mailmanweb.conf
|
||||||
|
- ssl-mailmanweb.conf
|
||||||
notify:
|
notify:
|
||||||
- reload apache
|
- reload apache
|
||||||
tags:
|
tags:
|
||||||
|
|
|
||||||
47
roles/mailman3/templates/ssl-mailmanweb.conf.j2
Normal file
47
roles/mailman3/templates/ssl-mailmanweb.conf.j2
Normal file
|
|
@ -0,0 +1,47 @@
|
||||||
|
<VirtualHost *:443>
|
||||||
|
ServerAdmin admin@fedoraproject.org
|
||||||
|
ServerName {{ mailman_httpd_hostname }}
|
||||||
|
DocumentRoot /var/www/html
|
||||||
|
|
||||||
|
Header always set Strict-Transport-Security "max-age=31536000"
|
||||||
|
Header always set X-Frame-Options "SAMEORIGIN"
|
||||||
|
Header always set X-Xss-Protection "1; mode=block"
|
||||||
|
Header always set X-Content-Type-Options "nosniff"
|
||||||
|
Header always set Referrer-Policy "same-origin"
|
||||||
|
RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
|
||||||
|
|
||||||
|
# Web ui
|
||||||
|
Alias /favicon.ico {{ mailman_webui_basedir }}/static/favicon.ico
|
||||||
|
Alias /robots.txt {{ mailman_webui_basedir }}/static-fedora/robots.txt
|
||||||
|
Alias /static {{ mailman_webui_basedir }}/static/
|
||||||
|
|
||||||
|
# Imported mailman2 archives/html files (aka pipermail)
|
||||||
|
Alias /pipermail {{ mailman_webui_basedir }}/old-archives/pipermail
|
||||||
|
|
||||||
|
# Redirecting to hyperkitty if nothing is specified
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteRule ^/$ /hyperkitty [R,L]
|
||||||
|
|
||||||
|
ProxyPreserveHost On
|
||||||
|
ProxyRequests off
|
||||||
|
|
||||||
|
# Not redirecting/proxying static content (served locally)
|
||||||
|
ProxyPass /static !
|
||||||
|
ProxyPass /pipermail !
|
||||||
|
|
||||||
|
# Proxying to gunicorn mailmanweb backend
|
||||||
|
ProxyPass / http://127.0.0.1:8000/
|
||||||
|
ProxyPassReverse / http://127.0.0.1:8000/
|
||||||
|
|
||||||
|
<Directory "{{ mailman_webui_basedir }}/static">
|
||||||
|
Order deny,allow
|
||||||
|
Allow from all
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
<Directory "{{ mailman_webui_basedir }}/old-archives/pipermail">
|
||||||
|
Order deny,allow
|
||||||
|
Allow from all
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
</VirtualHost>
|
||||||
Loading…
Add table
Add a link
Reference in a new issue