nginx.d.conf.j2 2 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
server {
    listen       80;
    listen       [::]:80;
    server_name  {{ lists_domain }};

    access_log   /var/log/nginx/{{ lists_domain }}/access.log main;
    access_log   /var/log/nginx/{{ lists_domain }}/access.log.json json_main;
    error_log    /var/log/nginx/{{ lists_domain }}/error.log;

    include snippets/letsencrypt.conf;

    location / {
        access_log off;
        return 301 https://$server_name$request_uri;
    }
}

18
19
20
21
map $uri $migrated_uri {
    include maps/migrated-lists.map;
}

22
23
24
25
26
27
28
29
30
31
32
33
34
server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name  {{ lists_domain }};

    access_log   /var/log/nginx/{{ lists_domain }}/access.log main;
    access_log   /var/log/nginx/{{ lists_domain }}/access.log.json json_main;
    error_log    /var/log/nginx/{{ lists_domain }}/error.log;

    ssl_certificate      /etc/letsencrypt/live/{{ lists_domain }}/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/{{ lists_domain }}/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/{{ lists_domain }}/chain.pem;

35
36
37
38
    if ($migrated_uri) {
        return 302 $migrated_uri;
    }

39
    # redirect old urls
40
    location /mailman/ {
41
42
43
        rewrite ^/mailman/(.*) /$1 permanent;
    }

44
45
    location /icons/ {
        alias /usr/lib/mailman/icons/;
46
47
    }

48
49
    location ~ ^/pipermail(?:/(.*))?$ {
        alias /var/lib/mailman/archives/public/$1;
50
        add_header Cache-Control "public, no-cache";
51
52
53
54
55
56
57
58
59
60
61
        autoindex on;
    }

    location / {
        root            /usr/lib/mailman/cgi-bin/;
        index           listinfo;
        include         uwsgi_params;
        uwsgi_modifier1 9;
        uwsgi_pass      unix:/run/uwsgi/mailman.sock;
    }

Kristian Klausen's avatar
Kristian Klausen committed
62
63
64
65
66
67
    location ~ ^/(static|mailman3|archives|user-profile|accounts|admin3)($|/) {
        proxy_pass http://{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }};
        proxy_set_header Host {{ lists_domain }};
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
68
}