system-config/playbooks/roles/mailman3/templates/mailman.vhost.j2

<VirtualHost *:80>
  ServerName {{ mailman_sites.0.listdomain }}
  {% for site in mailman_sites[1:] -%}
  ServerAlias {{ site.listdomain }}
  {% endfor -%}

  ErrorLog ${APACHE_LOG_DIR}/{{ mailman_sites.0.listdomain }}-error.log

  # Possible values include: debug, info, notice, warn, error, crit,
  # alert, emerg.
  LogLevel warn

  CustomLog ${APACHE_LOG_DIR}/{{ mailman_sites.0.listdomain }}-access.log combined

  # Use mod rewrite to redirect as we want to preserve the FQDN for each
  # mm3 vhost.
  RewriteEngine On
  RewriteRule "/(.*)" "https://%{HTTP_HOST}/$1" [R=301]
</VirtualHost>

<VirtualHost *:443>
  ServerName {{ mailman_sites.0.listdomain }}
  {% for site in mailman_sites[1:] -%}
  ServerAlias {{ site.listdomain }}
  {% endfor -%}
  ServerAdmin webmaster@openstack.org
  ErrorLog ${APACHE_LOG_DIR}/{{ mailman_sites.0.listdomain }}-ssl-error.log
  LogLevel warn
  CustomLog ${APACHE_LOG_DIR}/{{ mailman_sites.0.listdomain }}-ssl-access.log combined

  SSLEngine on
  SSLProtocol All -SSLv2 -SSLv3
  # Note: this list should ensure ciphers that provide forward secrecy
  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
  SSLHonorCipherOrder on

  SSLCertificateFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer
  SSLCertificateKeyFile /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key
  SSLCertificateChainFile /etc/letsencrypt-certs/{{ inventory_hostname }}/ca.cer

  Alias /static /var/lib/mailman/web-data/static
  Alias /favicon.ico /var/lib/mailman/web-data/static/archives/img/favicon.ico

  <Location "/admin">
    Require local
  </Location>

  RewriteEngine On
  RewriteRule "/pipermail/(.*)" "/var/lib/mailman/web-data/mm2archives/%{HTTP_HOST}/public/$1"
  RewriteRule "/cgi-bin/mailman/listinfo/(.*)" "https://%{HTTP_HOST}/mailman3/lists/$1.%{HTTP_HOST}/"
  RewriteRule "/cgi-bin/mailman/listinfo" "https://%{HTTP_HOST}/mailman3/lists/"

  ProxyPassMatch ^/static/ !
  ProxyPass "/" "uwsgi://localhost:8080/"

  <Directory /var/lib/mailman/web-data/static/>
    AllowOverride None
    Order allow,deny
    Allow from all
    Require all granted
  </Directory>

  <Directory /var/lib/mailman/web-data/mm2archives/>
    AllowOverride None
    Order allow,deny
    Allow from all
    Require all granted
  </Directory>
</VirtualHost>