server {
listen 80;
listen [::]:80;
server_name {{ lists_domain }};
access_log /var/log/nginx/{{ lists_domain }}/access.log main;
access_log /var/log/nginx/{{ lists_domain }}/access.log.json json_main;
error_log /var/log/nginx/{{ lists_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
access_log off;
return 301 https://$server_name$request_uri;
}
}
map $uri $migrated_uri {
include maps/migrated-lists.map;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ lists_domain }};
access_log /var/log/nginx/{{ lists_domain }}/access.log main;
access_log /var/log/nginx/{{ lists_domain }}/access.log.json json_main;
error_log /var/log/nginx/{{ lists_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ lists_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ lists_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ lists_domain }}/chain.pem;
if ($migrated_uri) {
return 302 $migrated_uri;
}
location = / {
return 302 /mailman3/lists/;
}
# redirect old urls
location /mailman/ {
rewrite ^/mailman/(.*) /$1 permanent;
}
location /icons/ {
alias /usr/lib/mailman/icons/;
}
location ~ ^/pipermail(?:/(.*))?$ {
alias /var/lib/mailman/archives/public/$1;
add_header Cache-Control "public, no-cache";
autoindex on;
}
location / {
root /usr/lib/mailman/cgi-bin/;
index listinfo;
include uwsgi_params;
uwsgi_modifier1 9;
uwsgi_pass unix:/run/uwsgi/mailman.sock;
}
location ~ ^/(static|mailman3|archives|user-profile|accounts|admin3)($|/) {
proxy_pass http://{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }};
proxy_set_header Host {{ lists_domain }};
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}