{{ ansible_header | comment }}
server {
	listen 80 default;
	listen [::]:80 default;

	server_name _;

	location / {
	    return 302 https://{{ mailman.default_host }}$request_uri;
	}
}

# Redirect everybody to mailing lists
server {
	listen 443 default_server ssl;
	listen [::]:443 default_server ssl;
	server_name _;

	include "/etc/nginx/snippets/options-ssl.conf";

	location / {
		 return 302 https://{{ mailman.default_host }}$request_uri;
	}
}

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name {{ mailman.default_host }};

	include "/etc/nginx/snippets/options-ssl.conf";

	root /usr/lib/cgi-bin/mailman/;
	index index.htm index.html;

        location /error/ {
		internal;
		alias /var/www/;
        }

	location /create {
		default_type text/html;
		alias /etc/mailman/create.html;
	}

	location ~ ^/$ {
		return 302 https://{{ mailman.default_host }}/listinfo;
	}

	location / {
		include "/etc/nginx/snippets/fastcgi-mailman.conf";
	}

        location ~ ^/listinfo {
                satisfy any;
		include "/etc/nginx/snippets/fastcgi-mailman.conf";

		{% for net in mynetworks -%}
                allow {{ net }};
		{% endfor -%}
                deny all;

	        auth_basic {{ mailman.auth_basic }}
		auth_basic_user_file /etc/nginx/mailman_passwd;

		error_page 401 /error/custom_401.html;
        }

        location ~ ^/admin {
                satisfy any;

		include "/etc/nginx/snippets/fastcgi-mailman.conf";

		{% for net in mynetworks -%}
                allow {{ net }};
		{% endfor -%}
                deny all;

	        auth_basic {{ mailman.auth_basic }}
		auth_basic_user_file /etc/nginx/mailman_passwd;
		error_page 401 /error/custom_401.html;
        }


	location /images/mailman { alias /usr/share/images/mailman;}

	location /robots.txt { alias /var/www/robots.txt;}

	location /archives {
		alias /var/lib/mailman/archives/public;
		autoindex on;
	}

}