121 lines
4.5 KiB
Text
121 lines
4.5 KiB
Text
# This nginx config file is part of the mailman3-web package.
|
|
#
|
|
# This nginx configuration file is a vhost configuration. Hence, it comes with
|
|
# a server name which is set to mailman.example.com. You will have to change it
|
|
# properly.
|
|
#
|
|
# Please also note that Mailman3 is configured to expect the web interface
|
|
# at URL subdirectory '/mailman3' per default, but this Nginx configuration
|
|
# provides Mailman3 under the root directory of the vhost.
|
|
#
|
|
# For the Nginx vhost configuration (without '/mailman3' subdomain) to
|
|
# work, you will have to edit the URL in 'base-url' at
|
|
# '/etc/mailman3/mailman-hyperkitty.cfg' and in 'MAILMAN_ARCHIVER_FROM'
|
|
# at '/etc/mailman3/mailman-web.py' accordingly.
|
|
|
|
upstream mailman3 {
|
|
server unix:/run/mailman3-web/uwsgi.sock fail_timeout=0;
|
|
}
|
|
|
|
#server {
|
|
# listen 80;
|
|
# listen [::]:80;
|
|
# server_name mailman.example.com;
|
|
# server_tokens off;
|
|
#
|
|
# location / {
|
|
# uwsgi_pass mailman3;
|
|
# include /etc/nginx/uwsgi_params;
|
|
# }
|
|
#
|
|
# location /mailman3/static {
|
|
# alias /var/lib/mailman3/web/static;
|
|
# }
|
|
#
|
|
# location /mailman3/static/favicon.ico {
|
|
# alias /var/lib/mailman3/web/static/postorius/img/favicon.ico;
|
|
# }
|
|
#
|
|
## return 301 https://$server_name$request_uri;
|
|
# access_log /var/log/nginx/mailman3/access.log combined;
|
|
# error_log /var/log/nginx/mailman3/error.log;
|
|
#}
|
|
|
|
# Nginx SSL snippet. To enable it, please uncomment and update the server_name and the
|
|
# ssl parameters for the certificate.
|
|
# Then, remove all location statements from the above configuration and uncomment
|
|
# the return 301 statement.
|
|
server {
|
|
listen 443 ssl http2;
|
|
# listen [::]:443 ssl http2;
|
|
server_name _;
|
|
server_tokens off;
|
|
|
|
## Strong SSL Security
|
|
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
|
|
# ssl on;
|
|
ssl_certificate %%tls_cert_directory/revprox.crt;
|
|
ssl_certificate_key %%tls_key_directory/revprox.key;
|
|
ssl_client_certificate %%tls_ca_directory/InternalReverseProxy.crt;
|
|
|
|
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_timeout 5m;
|
|
|
|
location / {
|
|
uwsgi_pass mailman3;
|
|
include /etc/nginx/uwsgi_params;
|
|
}
|
|
|
|
%set %%location = %%revprox_client_external_domainnames[0].revprox_client_location
|
|
%if not %%location.endswith('/')
|
|
%%location += '/'
|
|
%end if
|
|
location %%{location}static {
|
|
alias /var/lib/mailman3/web/static;
|
|
}
|
|
|
|
location %%{location}static/favicon.ico {
|
|
alias /var/lib/mailman3/web/static/postorius/img/favicon.ico;
|
|
}
|
|
#
|
|
# access_log /var/log/nginx/mailman3/access.log combined;
|
|
# error_log /var/log/nginx/mailman3/error.log;
|
|
}
|
|
|
|
|
|
|
|
|
|
#charset utf-8;
|
|
#client_max_body_size 75M;
|
|
#location /mailman/postorius_static {
|
|
# alias /usr/lib/python3.10/site-packages/postorius/static;
|
|
#}
|
|
##FIXME user-profile seems to be in hyperkitty redirect in existing page
|
|
#location /mailman/user-profile {
|
|
# proxy_pass http://127.0.0.1:8002/postorius/users;
|
|
# proxy_set_header Host $http_host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-Host $host;
|
|
# proxy_set_header X-Forwarded-Port $server_port;
|
|
# proxy_set_header X-Forwarded-Server $host;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
#}
|
|
#%for %%location in ['accounts', 'admin', 'postorius']
|
|
#location /mailman/%%location {
|
|
# proxy_pass http://127.0.0.1:8002/%%location;
|
|
# proxy_set_header Host $http_host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-Host $host;
|
|
# proxy_set_header X-Forwarded-Port $server_port;
|
|
# proxy_set_header X-Forwarded-Server $host;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
#}
|
|
#%end for
|
|
#location /mailman {
|
|
# rewrite ^(/mailman/.*)$ /mailman/postorius/ permanent;
|
|
#}
|