# This nginx config file is part of the mailman3-web package.
# This nginx configuration file is a vhost configuration. Hence, it comes with
# a server name which is set to You will have to change it
# properly.
# Please also note that Mailman3 is configured to expect the web interface
# at URL subdirectory '/mailman3' per default, but this Nginx configuration
# provides Mailman3 under the root directory of the vhost.
# For the Nginx vhost configuration (without '/mailman3' subdomain) to
# work, you will have to edit the URL in 'base-url' at
# '/etc/mailman3/mailman-hyperkitty.cfg' and in 'MAILMAN_ARCHIVER_FROM'
# at '/etc/mailman3/' accordingly.
upstream mailman3 {
server unix:/run/mailman3-web/uwsgi.sock fail_timeout=0;
#server {
# listen 80;
# listen [::]:80;
# server_name;
# server_tokens off;
# location / {
# uwsgi_pass mailman3;
# include /etc/nginx/uwsgi_params;
# }
# location /mailman3/static {
# alias /var/lib/mailman3/web/static;
# }
# location /mailman3/static/favicon.ico {
# alias /var/lib/mailman3/web/static/postorius/img/favicon.ico;
# }
## return 301 https://$server_name$request_uri;
# access_log /var/log/nginx/mailman3/access.log combined;
# error_log /var/log/nginx/mailman3/error.log;
# Nginx SSL snippet. To enable it, please uncomment and update the server_name and the
# ssl parameters for the certificate.
# Then, remove all location statements from the above configuration and uncomment
# the return 301 statement.
server {
listen 443 ssl http2;
# listen [::]:443 ssl http2;
server_name _;
server_tokens off;
## Strong SSL Security
## &
# ssl on;
ssl_certificate %%tls_cert_directory/revprox.crt;
ssl_certificate_key %%tls_key_directory/revprox.key;
ssl_client_certificate %%tls_ca_directory/InternalReverseProxy.crt;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
location / {
uwsgi_pass mailman3;
include /etc/nginx/uwsgi_params;
%set %%location = %%revprox_client_external_domainnames[0].revprox_client_location
%if not %%location.endswith('/')
%%location += '/'
%end if
location %%{location}static {
alias /var/lib/mailman3/web/static;
location %%{location}static/favicon.ico {
alias /var/lib/mailman3/web/static/postorius/img/favicon.ico;
# access_log /var/log/nginx/mailman3/access.log combined;
# error_log /var/log/nginx/mailman3/error.log;
#charset utf-8;
#client_max_body_size 75M;
#location /mailman/postorius_static {
# alias /usr/lib/python3.10/site-packages/postorius/static;
##FIXME user-profile seems to be in hyperkitty redirect in existing page
#location /mailman/user-profile {
# proxy_pass;
# proxy_set_header Host $http_host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Port $server_port;
# proxy_set_header X-Forwarded-Server $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
#%for %%location in ['accounts', 'admin', 'postorius']
#location /mailman/%%location {
# proxy_pass;
# proxy_set_header Host $http_host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Port $server_port;
# proxy_set_header X-Forwarded-Server $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
#%end for
#location /mailman {
# rewrite ^(/mailman/.*)$ /mailman/postorius/ permanent;