1
0
forked from infra/ansible

Enable SSL for mailman vhost.

This commit is contained in:
Markus 2016-03-01 07:56:37 +01:00
parent 3eafb60eba
commit 056c86a7ea
4 changed files with 28 additions and 2 deletions

View File

@ -104,6 +104,10 @@
template: src=certs.j2 dest=/etc/acme/domains.d/{{ ansible_fqdn }}_mail.conf
tags: mail
- name: Configure certificate manager for mailman
template: src=mailman/certs.j2 dest=/etc/acme/domains.d/{{ mailman_domain }}_mailman.conf
tags: mail
- name: Create razor directory structure
command: razor-admin -create chdir=/var/lib/amavis creates=/var/lib/amavis/.razor
become: yes

View File

@ -0,0 +1,15 @@
---
{{ mailman_domain }}:
- path: /etc/nginx/ssl/{{ mailman_domain }}.crt
user: nginx
group: nginx
perm: '400'
format: crt
notify: 'service nginx reload'
- path: /etc/nginx/ssl/{{ mailman_domain }}.key
user: nginx
group: nginx
perm: '400'
format: key
notify: 'service nginx reload'

View File

@ -58,7 +58,7 @@ MAILMAN_SITE_LIST = 'mailman'
# If you change these, you have to configure your http server
# accordingly (Alias and ScriptAlias directives in most httpds)
#DEFAULT_URL_PATTERN = 'http://%s/cgi-bin/mailman/'
DEFAULT_URL_PATTERN = 'http://%s/'
DEFAULT_URL_PATTERN = 'https://%s/'
IMAGE_LOGOS = '/images/mailman/'
#-------------------------------------------------------------

View File

@ -1,13 +1,20 @@
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/ssl/{{ mailman_domain }}.crt;
ssl_certificate_key /etc/nginx/ssl/{{ mailman_domain }}.key;
server_name {{ mailman_domain }};
root /usr/lib/cgi-bin/mailman/;
location = / {
rewrite ^ /listinfo permanent;
}
location / {
root /usr/lib/cgi-bin/mailman/;
fastcgi_split_path_info (^/[^/]*)(.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;