ServerName {{ mailman_listdomain }} ErrorLog ${APACHE_LOG_DIR}/{{ mailman_listdomain }}-error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/{{ mailman_listdomain }}-access.log combined RedirectPermanent / https://{{ mailman_listdomain }}/ ServerName {{ mailman_listdomain }} ServerAdmin webmaster@openstack.org ErrorLog ${APACHE_LOG_DIR}/{{ mailman_listdomain }}-ssl-error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/{{ mailman_listdomain }}-ssl-access.log combined SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # Note: this list should ensure ciphers that provide forward secrecy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP SSLHonorCipherOrder on SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer RewriteEngine on RewriteRule ^/$ /cgi-bin/mailman/listinfo [R] ScriptAlias /cgi-bin/mailman/ /usr/lib/cgi-bin/mailman/ Alias /pipermail/ /var/lib/mailman/archives/public/ Alias /images/mailman/ /usr/share/images/mailman/ Alias /robots.txt /var/www/robots.txt AllowOverride None Options ExecCGI AddHandler cgi-script .cgi Order allow,deny Allow from all Require all granted Options FollowSymlinks AllowOverride None Order allow,deny Allow from all Require all granted AllowOverride None Order allow,deny Allow from all Require all granted