mailman_reverse_proxy.conf.erb 1.32 KB
Edit Raw Blame History Permalink



1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42


upstream mailman {
  server <%= node['peers']['integration'] %>:80 fail_timeout=10s;
}

server {
  listen                *:80;

  server_name           <%= node['config']['lists_hostname'] %>;
  return                301 https://$server_name$request_uri;
}

server {
  listen                *:443 ssl;

  server_name           <%= node['config']['lists_hostname'] %>;

  ssl on;

  ssl_certificate           /etc/nginx/<%= node['config']['lists_hostname'] %>.crt;
  ssl_certificate_key       /etc/nginx/<%= node['config']['lists_hostname'] %>.key;
  ssl_session_cache         shared:SSL:10m;
  ssl_session_timeout       5m;
  ssl_protocols             SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers               HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;

  access_log            /var/log/nginx/ssl-<%= node['config']['lists_hostname'] %>.access.log;
  error_log             /var/log/nginx/ssl-<%= node['config']['lists_hostname'] %>.error.log;

  # TODO caching
  location / {
    proxy_pass              http://mailman;
    proxy_read_timeout      90;
    proxy_connect_timeout   90;
    proxy_redirect          off;
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto https;
  }
}