dataset/seed/mailman/templates/config-nginx.conf

122 lines
4.6 KiB
Text
Raw Normal View History

2023-02-14 14:24:16 +01:00
# This nginx config file is part of the mailman3-web package.
#
# This nginx configuration file is a vhost configuration. Hence, it comes with
# a server name which is set to mailman.example.com. You will have to change it
# properly.
#
# Please also note that Mailman3 is configured to expect the web interface
# at URL subdirectory '/mailman3' per default, but this Nginx configuration
# provides Mailman3 under the root directory of the vhost.
#
# For the Nginx vhost configuration (without '/mailman3' subdomain) to
# work, you will have to edit the URL in 'base-url' at
# '/etc/mailman3/mailman-hyperkitty.cfg' and in 'MAILMAN_ARCHIVER_FROM'
# at '/etc/mailman3/mailman-web.py' accordingly.
upstream mailman3 {
server unix:/run/mailman3-web/uwsgi.sock fail_timeout=0;
2022-08-19 20:30:13 +02:00
}
2023-02-14 14:24:16 +01:00
#server {
# listen 80;
# listen [::]:80;
# server_name mailman.example.com;
# server_tokens off;
#
# location / {
# uwsgi_pass mailman3;
# include /etc/nginx/uwsgi_params;
# }
#
# location /mailman3/static {
# alias /var/lib/mailman3/web/static;
# }
#
# location /mailman3/static/favicon.ico {
# alias /var/lib/mailman3/web/static/postorius/img/favicon.ico;
# }
#
## return 301 https://$server_name$request_uri;
# access_log /var/log/nginx/mailman3/access.log combined;
# error_log /var/log/nginx/mailman3/error.log;
#}
# Nginx SSL snippet. To enable it, please uncomment and update the server_name and the
# ssl parameters for the certificate.
# Then, remove all location statements from the above configuration and uncomment
# the return 301 statement.
server {
listen 443 ssl http2;
# listen [::]:443 ssl http2;
server_name _;
server_tokens off;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
# ssl on;
2023-06-23 08:12:05 +02:00
ssl_certificate {{ general.tls_cert_directory }}/revprox.crt;
ssl_certificate_key {{ general.tls_key_directory }}/revprox.key;
ssl_client_certificate {{ general.tls_ca_directory }}/InternalReverseProxy.crt;
2023-02-14 14:24:16 +01:00
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
location / {
uwsgi_pass mailman3;
include /etc/nginx/uwsgi_params;
}
2023-06-23 08:12:05 +02:00
{% set location = general.revprox.revprox_client.revprox_client_external_domainnames[0].revprox_client_location %}
{% if not location.endswith('/') %}
{% set location = location + '/' %}
{% endif %}
location {{ location }}static {
2023-02-14 14:24:16 +01:00
alias /var/lib/mailman3/web/static;
}
2023-06-23 08:12:05 +02:00
location {{ location }}static/favicon.ico {
2023-02-14 14:24:16 +01:00
alias /var/lib/mailman3/web/static/postorius/img/favicon.ico;
}
#
# access_log /var/log/nginx/mailman3/access.log combined;
# error_log /var/log/nginx/mailman3/error.log;
2022-03-08 19:42:28 +01:00
}
2023-02-14 14:24:16 +01:00
#charset utf-8;
#client_max_body_size 75M;
#location /mailman/postorius_static {
# alias /usr/lib/python3.10/site-packages/postorius/static;
#}
##FIXME user-profile seems to be in hyperkitty redirect in existing page
#location /mailman/user-profile {
# proxy_pass http://127.0.0.1:8002/postorius/users;
# proxy_set_header Host $http_host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Port $server_port;
# proxy_set_header X-Forwarded-Server $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
#}
#%for %%location in ['accounts', 'admin', 'postorius']
#location /mailman/%%location {
# proxy_pass http://127.0.0.1:8002/%%location;
# proxy_set_header Host $http_host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Port $server_port;
# proxy_set_header X-Forwarded-Server $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
#}
#%end for
#location /mailman {
# rewrite ^(/mailman/.*)$ /mailman/postorius/ permanent;
#}