X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/5aa1c0ada526fc73d87e859e09a0a977092ebac3..200f486870c88f3916ede7bcb36b47b374a63901:/cookbooks/mailman/templates/default/apache.erb diff --git a/cookbooks/mailman/templates/default/apache.erb b/cookbooks/mailman/templates/default/apache.erb index f5d61b17f..42cdf2092 100644 --- a/cookbooks/mailman/templates/default/apache.erb +++ b/cookbooks/mailman/templates/default/apache.erb @@ -1,65 +1,92 @@ # DO NOT EDIT - This file is being maintained by Chef - ServerName <%= @name %> - ServerAdmin postmaster@openstreetmap.org + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin postmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended + ErrorLog /var/log/apache2/<%= @name %>-error.log - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://<%= @name %>/ + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ +<% unless @aliases.empty? -%> - ServerName <%= @name %> - ServerAdmin postmaster@openstreetmap.org - ServerSignature On - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - LogLevel warn - - AddDefaultCharset off - - DocumentRoot <%= @directory %> - - RewriteEngine on - - RewriteCond %{HTTP_REFERER} www\.mailbait\.info - RewriteRule . - [F,L] - - RedirectMatch ^/$ /listinfo - RedirectMatch ^/cgi-bin/mailman/(.*)$ /$1 - - - Options Indexes FollowSymLinks - AllowOverride None - Require all granted - - - Alias /pipermail/ /var/lib/mailman/archives/public/ - Alias /images/ /usr/share/images/mailman/ - - ScriptAlias /admin /usr/lib/cgi-bin/mailman/admin - ScriptAlias /admindb /usr/lib/cgi-bin/mailman/admindb - ScriptAlias /confirm /usr/lib/cgi-bin/mailman/confirm - ScriptAlias /create /usr/lib/cgi-bin/mailman/create - ScriptAlias /edithtml /usr/lib/cgi-bin/mailman/edithtml - ScriptAlias /listinfo /usr/lib/cgi-bin/mailman/listinfo - ScriptAlias /options /usr/lib/cgi-bin/mailman/options - ScriptAlias /private /usr/lib/cgi-bin/mailman/private - ScriptAlias /rmlist /usr/lib/cgi-bin/mailman/rmlist - ScriptAlias /roster /usr/lib/cgi-bin/mailman/roster - ScriptAlias /subscribe /usr/lib/cgi-bin/mailman/subscribe - ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/ - - - ExpiresActive On - ExpiresDefault "access plus 180 days" - + ServerName <%= @aliases.first %> +<% @aliases.drop(1).each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended + ErrorLog /var/log/apache2/<%= @name %>-error.log + + RedirectPermanent / https://<%= @name %>/ + +<% end -%> + + + ServerName <%= @name %> + ServerAdmin postmaster@openstreetmap.org + ServerSignature On + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended + ErrorLog /var/log/apache2/<%= @name %>-error.log + LogLevel warn + + AddDefaultCharset off + + DocumentRoot <%= @directory %> + + RewriteEngine on + + RewriteCond %{HTTP_REFERER} www\.mailbait\.info + RewriteRule . - [F,L] + + RedirectMatch ^/$ /listinfo + RedirectMatch ^/cgi-bin/mailman/(.*)$ /$1 + + # Redact list archive entries per request of talk moderators + RedirectMatch 451 ^/pipermail/talk/2022-July/(087645|087647)\.html$ + + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + + Alias /pipermail/ /var/lib/mailman/archives/public/ + Alias /images/mailman/ /usr/share/images/mailman/ + Alias /images/ /usr/share/images/mailman/ + + ScriptAlias /admin /usr/lib/cgi-bin/mailman/admin + ScriptAlias /admindb /usr/lib/cgi-bin/mailman/admindb + ScriptAlias /confirm /usr/lib/cgi-bin/mailman/confirm + ScriptAlias /create /usr/lib/cgi-bin/mailman/create + ScriptAlias /edithtml /usr/lib/cgi-bin/mailman/edithtml + ScriptAlias /listinfo /usr/lib/cgi-bin/mailman/listinfo + ScriptAlias /options /usr/lib/cgi-bin/mailman/options + ScriptAlias /private /usr/lib/cgi-bin/mailman/private + ScriptAlias /rmlist /usr/lib/cgi-bin/mailman/rmlist + ScriptAlias /roster /usr/lib/cgi-bin/mailman/roster + ScriptAlias /subscribe /usr/lib/cgi-bin/mailman/subscribe + ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/ + + <% last_year = year = Time.now.year - 1 %> + )"> + ExpiresActive On + ExpiresDefault "access plus 180 days" +