X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/b98a1b8f0ddc17ebf934add6fc310931d72805c8..7171b94a0526152910353dbf1f07a0ee597976da:/cookbooks/mailman/templates/default/apache.erb diff --git a/cookbooks/mailman/templates/default/apache.erb b/cookbooks/mailman/templates/default/apache.erb index 7e4007962..7b4037c48 100644 --- a/cookbooks/mailman/templates/default/apache.erb +++ b/cookbooks/mailman/templates/default/apache.erb @@ -1,61 +1,91 @@ # DO NOT EDIT - This file is being maintained by Chef - ServerName <%= @name %> - ServerAdmin postmaster@openstreetmap.org + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin postmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - RedirectPermanent / https://<%= @name %>/ + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ +<% unless @aliases.empty? -%> - ServerName <%= @name %> - ServerAdmin postmaster@openstreetmap.org - ServerSignature On + ServerName <%= @aliases.first %> +<% @aliases.drop(1).each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org - SSLEngine on + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - LogLevel warn + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - AddDefaultCharset off + RedirectPermanent / https://<%= @name %>/ + +<% end -%> + + + ServerName <%= @name %> + ServerAdmin postmaster@openstreetmap.org + ServerSignature On + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + LogLevel warn + + AddDefaultCharset off + + DocumentRoot <%= @directory %> - DocumentRoot <%= @directory %> + RewriteEngine on - RewriteEngine on + RewriteCond %{HTTP_REFERER} www\.mailbait\.info + RewriteRule . - [F,L] - RewriteCond %{HTTP_REFERER} www\.mailbait\.info - RewriteRule . - [F,L] + RedirectMatch ^/$ /listinfo + RedirectMatch ^/cgi-bin/mailman/(.*)$ /$1 - RedirectMatch ^/$ /listinfo - RedirectMatch ^/cgi-bin/mailman/(.*)$ /$1 + # Redact list archive entries per request of talk moderators + RedirectMatch 451 ^/pipermail/talk/2022-July/(087645|087647)\.html$ - - Options Indexes FollowSymLinks - AllowOverride None - + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + - Alias /pipermail/ /var/lib/mailman/archives/public/ - Alias /images/ /usr/share/images/mailman/ + Alias /pipermail/ /var/lib/mailman/archives/public/ + Alias /images/mailman/ /usr/share/images/mailman/ + Alias /images/ /usr/share/images/mailman/ - ScriptAlias /admin /usr/lib/cgi-bin/mailman/admin - ScriptAlias /admindb /usr/lib/cgi-bin/mailman/admindb - ScriptAlias /confirm /usr/lib/cgi-bin/mailman/confirm - ScriptAlias /create /usr/lib/cgi-bin/mailman/create - ScriptAlias /edithtml /usr/lib/cgi-bin/mailman/edithtml - ScriptAlias /listinfo /usr/lib/cgi-bin/mailman/listinfo - ScriptAlias /options /usr/lib/cgi-bin/mailman/options - ScriptAlias /private /usr/lib/cgi-bin/mailman/private - ScriptAlias /rmlist /usr/lib/cgi-bin/mailman/rmlist - ScriptAlias /roster /usr/lib/cgi-bin/mailman/roster - ScriptAlias /subscribe /usr/lib/cgi-bin/mailman/subscribe - ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/ + ScriptAlias /admin /usr/lib/cgi-bin/mailman/admin + ScriptAlias /admindb /usr/lib/cgi-bin/mailman/admindb + ScriptAlias /confirm /usr/lib/cgi-bin/mailman/confirm + ScriptAlias /create /usr/lib/cgi-bin/mailman/create + ScriptAlias /edithtml /usr/lib/cgi-bin/mailman/edithtml + ScriptAlias /listinfo /usr/lib/cgi-bin/mailman/listinfo + ScriptAlias /options /usr/lib/cgi-bin/mailman/options + ScriptAlias /private /usr/lib/cgi-bin/mailman/private + ScriptAlias /rmlist /usr/lib/cgi-bin/mailman/rmlist + ScriptAlias /roster /usr/lib/cgi-bin/mailman/roster + ScriptAlias /subscribe /usr/lib/cgi-bin/mailman/subscribe + ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/ - - ExpiresActive On - ExpiresDefault "access plus 180 days" - + + ExpiresActive On + ExpiresDefault "access plus 180 days" +