crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Cransible mailman nginx configuration 

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
certbot_on_virtu
ynerant 2021-02-17 20:28:26 +01:00
parent 84fb96eab6
commit 244e1c284b
3 changed files with 66 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
group_vars/mailman.yml 100644
View File

@ -0,0 +1,54 @@
---
loc_nginx:
default_server: lists.crans.org
default_ssl_server: lists.crans.org
servers:
- server_name:
- lists.crans.org
ssl: true
root: "/usr/lib/cgi-bin/mailman/"
index:
- index.htm
- index.html
locations:
- filter: "/error/"
params:
- "internal"
- "alias /var/www"
- filter: "/create"
params:
- "default_type text/html"
- "alias /etc/mailman/create.txt"
- filter: "~ ^/$"
params:
- "return 302 https://lists.crans.org/listinfo"
- filter: "~ ^/admin"
params:
- "satisfy any"
- "include \"/etc/nginx/snippets/fastcgi.conf\""
- "allow 185.230.76.0/22"
- "allow 2a0c:700:0::/40"
- "deny all"
- "auth_basic \"On n'aime pas les spambots, donc on a mis un mot de passe. Le login est Stop et le mot de passe est Spam.\""
- "auth_basic_user_file /etc/nginx/passwd"
- "error_page 401 /error/custom_401.html"
- filter: "~ ^/admin"
params:
- "satisfy any"
- "include \"/etc/nginx/snippets/fastcgi.conf\""
- "allow 185.230.76.0/22"
- "allow 2a0c:700:0::/40"
- "deny all"
- "auth_basic \"On n'aime pas les spambots, donc on a mis un mot de passe. Le login est Stop et le mot de passe est Spam.\""
- "auth_basic_user_file /etc/nginx/passwd"
- "error_page 401 /error/custom_401.html"
- filter: "/images/mailman"
params:
- "alias /usr/share/images/mailman"
- filter: "/robots.txt"
params:
- "alias /var/www/robots.txt"
- filter: "/archives"
params:
- "alias /var/lib/mailman/archives/public"
- "autoindex on"

3
hosts
View File

@ -77,6 +77,9 @@ sputnik.adm.crans.org
[linx] [linx]
linx.adm.crans.org linx.adm.crans.org
[mailman]
redisdead.adm.crans.org
[monitoring] [monitoring]
monitoring.adm.crans.org monitoring.adm.crans.org

16
roles/nginx/templates/nginx/sites-available/service.j2
View File

@ -14,32 +14,32 @@ server {
listen [::]:443 default_server ssl; listen [::]:443 default_server ssl;
include "/etc/nginx/snippets/options-ssl.conf"; include "/etc/nginx/snippets/options-ssl.conf";
server_name {{ ngix.default_ssl_host }}; server_name {{ ngix.default_ssl_server }};
charset utf-8; charset utf-8;
# Hide Nginx version # Hide Nginx version
server_tokens off; server_tokens off;
location / { location / {
return 302 https://{{ nginx.default_ssl_host }}$request_uri; return 302 https://{{ nginx.default_ssl_server }}$request_uri;
} }
} }
{% endif -%} {% endif -%}
{% if nginx.default_host -%} {% if nginx.default_server -%}
# Redirect all services to the main site # Redirect all services to the main site
server { server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;
server_name {{ nginx.default_host }}; server_name {{ nginx.default_server }};
charset utf-8; charset utf-8;
# Hide Nginx version # Hide Nginx version
server_tokens off; server_tokens off;
location / { location / {
return 302 http://{{ nginx.default_host }}$request_uri; return 302 http://{{ nginx.default_server }}$request_uri;
} }
} }
{% endif -%} {% endif -%}
@ -83,7 +83,7 @@ server {
root {{ server.root }}; root {{ server.root }};
{% endif -%} {% endif -%}
{% if server.index -%} {% if server.index -%}
index {{ server.index }}; index {{ server.index|join:" " }};
{% endif -%} {% endif -%}
{% if server.access_log -%} {% if server.access_log -%}
@ -95,7 +95,9 @@ server {
{% for location in server.locations -%} {% for location in server.locations -%}
location {{ location.filter }} { location {{ location.filter }} {
{{ location.params|join:"\n "|unsafe }} {% for param in params -%}
{{ param }};
{% endfor -%}
} }
{% endfor -%} {% endfor -%}
} }