Switch lists.osm.org to letsencrypt

[chef.git] / cookbooks / mailman / templates / default / apache.erb

diff --git a/cookbooks/mailman/templates/default/apache.erb b/cookbooks/mailman/templates/default/apache.erb
index 396bcd56d85dd7d10590f2590eb3626e67682e5d..1c0f7ff8e96f67c13588270dbde6b629e8a6b106 100644 (file)
--- a/cookbooks/mailman/templates/default/apache.erb
+++ b/cookbooks/mailman/templates/default/apache.erb
@@ -1,10 +1,25 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
 <VirtualHost *:80>
+        ServerName <%= @name %>
+        ServerAdmin postmaster@openstreetmap.org
+
+        CustomLog /var/log/apache2/<%= @name %>-access.log combined
+        ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+        RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
+
+<VirtualHost *:443>
        ServerName <%= @name %>
        ServerAdmin postmaster@openstreetmap.org
        ServerSignature On
 
+        SSLEngine on
+        SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+        SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
        CustomLog /var/log/apache2/<%= @name %>-access.log combined
        ErrorLog /var/log/apache2/<%= @name %>-error.log
        LogLevel warn
@@ -24,6 +39,7 @@
        <Directory /var/lib/mailman/archives/>
                Options Indexes FollowSymLinks
                AllowOverride None
+               Require all granted
        </Directory>
 
        Alias /pipermail/ /var/lib/mailman/archives/public/
@@ -42,7 +58,7 @@
        ScriptAlias /subscribe /usr/lib/cgi-bin/mailman/subscribe
        ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/
 
-       <Location ~ "/pipermail/([^/]+)/(2004|2005|2006|2007|2008|2009)">
+       <Location ~ "/pipermail/([^/]+)/(2004|2005|2006|2007|2008|2009|2010|2011|2012|2013|2014)">
                ExpiresActive On
                ExpiresDefault "access plus 180 days"
        </Location>