[nginx/mailman] Fix configuration

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-22 23:23:18 +01:00 · 2021-02-22 23:23:18 +01:00 · 6d35dcd7e8
parent 28a6fd4be6
commit 6d35dcd7e8
7 changed files with 41 additions and 8 deletions
--- a/group_vars/mailman.yml
+++ b/group_vars/mailman.yml
@ -18,21 +18,21 @@ loc_nginx:
        - filter: "/error/"
          params:
            - "internal"
-            - "alias /var/www/html"
+            - "alias /var/www/html/"
        - filter: "/create"
          params:
            - "default_type text/html"
-            - "alias /etc/mailman/create.txt"
+            - "alias /etc/mailman/create.html"
        - filter: "~ ^/$"
          params:
            - "return 302 https://lists.crans.org/listinfo"
        - filter: "/"
          params:
-            - "include \"/etc/nginx/snippets/fastcgi.conf\""
+            - "include \"/etc/nginx/snippets/fastcgi-mailman.conf\""
        - filter: "~ ^/listinfo"
          params:
            - "satisfy any"
-            - "include \"/etc/nginx/snippets/fastcgi.conf\""
+            - "include \"/etc/nginx/snippets/fastcgi-mailman.conf\""
            - "allow 185.230.76.0/22"
            - "allow 2a0c:700:0::/40"
            - "deny all"
@ -42,7 +42,7 @@ loc_nginx:
        - filter: "~ ^/admin"
          params:
            - "satisfy any"
-            - "include \"/etc/nginx/snippets/fastcgi.conf\""
+            - "include \"/etc/nginx/snippets/fastcgi-mailman.conf\""
            - "allow 185.230.76.0/22"
            - "allow 2a0c:700:0::/40"
            - "deny all"
--- a/host_vars/redisdead.adm.crans.org.yml
+++ b/host_vars/redisdead.adm.crans.org.yml
@ -33,3 +33,11 @@ to_backup:
  secrets_file: "/etc/rsyncd.secrets",
  hosts_allow: ["zephir.adm.crans.org", "10.231.136.6"],
  }
+
+loc_certbot:
+  - dns_rfc2136_server: '172.16.10.147'
+    dns_rfc2136_name: certbot_challenge.
+    dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
+    mail: root@crans.org
+    certname: crans.org
+    domains: "*.crans.org"
--- a/1
+++ b/1
@ -26,6 +26,7 @@ sputnik.adm.crans.org
 [certbot:children]
 dovecot
 git
+mailman
 radius  # We use certbot to manage LE certificates
 reverseproxy
 thelounge
--- a/roles/mailman/tasks/main.yml
+++ b/roles/mailman/tasks/main.yml
@ -19,6 +19,14 @@
    - create.html
  notify: Reload mailman

+- name: Deploy mailman snippet
+  template:
+    src: "nginx/snippets/fastcgi-mailman.conf.j2"
+    dest: "/etc/nginx/snippets/fastcgi-mailman.conf"
+    owner: root
+    group: root
+    mode: 0644
+
 # Fanciness
 - name: Deploy custom logo
  copy:
--- a/roles/mailman/templates/nginx/snippets/fastcgi-mailman.conf.j2
+++ b/roles/mailman/templates/nginx/snippets/fastcgi-mailman.conf.j2
@ -0,0 +1,18 @@
+{{ ansible_header | comment }}
+
+# regex to split $uri to $fastcgi_script_name and $fastcgi_path
+fastcgi_split_path_info (^/[^/]*)(.*)$;
+
+# check that the PHP script exists before passing it
+try_files $fastcgi_script_name =404;
+
+# Bypass the fact that try_files resets $fastcgi_path_info
+# see: http://trac.nginx.org/nginx/ticket/321
+set $path_info $fastcgi_path_info;
+fastcgi_param PATH_INFO $path_info;
+
+# Let NGINX handle errors
+fastcgi_intercept_errors on;
+
+include /etc/nginx/fastcgi.conf;
+fastcgi_pass unix:/var/run/fcgiwrap.socket;
--- a/roles/nginx/templates/nginx/passwd.j2
+++ b/roles/nginx/templates/nginx/passwd.j2
@ -1,4 +1,4 @@
 {{ ansible_header | comment }}
 {% for user, hash in nginx.auth_passwd.items() -%}
-{{ user }}: {{ hash }}
+{{ user }}:{{ hash }}
 {% endfor -%}
--- a/roles/nginx/templates/www/html/robots.txt.j2
+++ b/roles/nginx/templates/www/html/robots.txt.j2
@ -1,4 +1,2 @@
-{{ ansible_header | comment }}
-
 User-agent: *
 Disallow: /