diff --git a/config/roles/reverse_proxy_server.rb b/config/roles/reverse_proxy_server.rb
index cb48b4e..48f8bf6 100644
--- a/config/roles/reverse_proxy_server.rb
+++ b/config/roles/reverse_proxy_server.rb
@@ -1,3 +1,3 @@
name 'database_server'
description 'Reverse proxy server'
-run_list 'recipe[basics::nginx]', 'recipe[reverse_proxy]'
+run_list 'recipe[basics::nginx]', 'recipe[reverse_proxy]', 'recipe[reverse_proxy::mailman]'
diff --git a/cookbooks/reverse_proxy/files/host-reverseproxy/listas.softwarepublico.dev.crt b/cookbooks/reverse_proxy/files/host-reverseproxy/listas.softwarepublico.dev.crt
new file mode 100644
index 0000000..5a3ebb1
--- /dev/null
+++ b/cookbooks/reverse_proxy/files/host-reverseproxy/listas.softwarepublico.dev.crt
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEjzCCA3egAwIBAgIJAPLzeW3WZTOqMA0GCSqGSIb3DQEBCwUAMIHdMQswCQYD
+VQQGEwJCUjEZMBcGA1UECAwQRGlzdHJpdG8gRmVkZXJhbDERMA8GA1UEBwwIQnJh
+c2lsaWExIzAhBgNVBAoMGk1pbmlzdGVyaW8gZG8gUGxhbmVqYW1lbnRvMS0wKwYD
+VQQLDCRQcm9ncmFtYSBTb2Z0d2FyZSBQdWJsaWNvIEJyYXNpbGVpcm8xJDAiBgNV
+BAMMG2JldGEuc29mdHdhcmVwdWJsaWNvLmdvdi5icjEmMCQGCSqGSIb3DQEJARYX
+cGF1bG9Ac29mdHdhcmVsaXZyZS5vcmcwHhcNMTUwMjEyMTM0MDEwWhcNMTcxMTA4
+MTM0MDEwWjCB3TELMAkGA1UEBhMCQlIxGTAXBgNVBAgMEERpc3RyaXRvIEZlZGVy
+YWwxETAPBgNVBAcMCEJyYXNpbGlhMSMwIQYDVQQKDBpNaW5pc3RlcmlvIGRvIFBs
+YW5lamFtZW50bzEtMCsGA1UECwwkUHJvZ3JhbWEgU29mdHdhcmUgUHVibGljbyBC
+cmFzaWxlaXJvMSQwIgYDVQQDDBtiZXRhLnNvZnR3YXJlcHVibGljby5nb3YuYnIx
+JjAkBgkqhkiG9w0BCQEWF3BhdWxvQHNvZnR3YXJlbGl2cmUub3JnMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQcGwjcDku+162qWFXvfD3VzK+qonEIo
+EWimjFgxkBIsbKQ6WurTg6jTdT7TCyz0bfXgNPUo2tTfOtyM2ctb/oCfu5Piu3hK
+TU71/oswUWCMnPwaGhvJ7wWFrkClLNS3MYzlbGAxuLtX8KEcCSOR0109xvVMb+LD
+kAUmHij1DfI9XguYS4J2xQ+aDCHZRzRxMPV7If75HtoeZ7y8bieqFL9T1+atsvbS
+WuoYaJFKiW859h6Fwo/0wfkv8gSaGulSwnS2esMPfEm97QfmWbgEqq/XFkrKWtPo
+ENNY8WlGFDMWdur7dlQwazjG9+OK5h3X84qDfYhzY4GPh1O+2WDudwIDAQABo1Aw
+TjAdBgNVHQ4EFgQUzu9xzlM0W3YmELPcUvNlfpYcndQwHwYDVR0jBBgwFoAUzu9x
+zlM0W3YmELPcUvNlfpYcndQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AQEAaQKLFZaqLRS493o4cyJsz1mxBgbzQ+6vttEPmY1/yW391h9rBXDTlpqRt22z
++CNDzo7L2LQjlrvvqk/ByDl5xWw4z9Qy+OFGFVGDVPvhld00/7QNnqkwyYbqWghN
+M0m/BZp59Bpm+eRHG1HIw0jpA/zfgVqUjoIgPWWnGJLtJh4l+GOAxwTdJh0Vp/1Q
+yYiI6NRufr8+lUStojY27dC94WLX2dCUAS0imvdONWiaCZ8ktq4D3AGkni5wUVH1
+knap5Bf5FRnKCTnRmZe1Wi+e2ZIMDdW4gHsC5NKO38c4agWubE68yhYiFKMRLWsd
+fLq+KLdrwb++Xd0SECj/hsQYLQ==
+-----END CERTIFICATE-----
diff --git a/cookbooks/reverse_proxy/files/host-reverseproxy/listas.softwarepublico.dev.key.asc b/cookbooks/reverse_proxy/files/host-reverseproxy/listas.softwarepublico.dev.key.asc
new file mode 100644
index 0000000..70f7488
--- /dev/null
+++ b/cookbooks/reverse_proxy/files/host-reverseproxy/listas.softwarepublico.dev.key.asc
@@ -0,0 +1,45 @@
+-----BEGIN PGP MESSAGE-----
+Version: GnuPG v1
+
+hQIMA5A8ZkAWdYz7AQ//TcszK46fmGkWA4Z1GelAIlB4oQAAkTHMRp9r3DE/HEY2
+cxUwD+PvTiCKOYG5SgAJbhQmZCtSsg5Pv8IoTdTxB/+qDBcCLYXXn/EuybuIOvIO
+A9g+tnAhINEQCCS04iFG13wQfMKHX1Ji1P+Fo2kiaFQzrDZBDOrb0NpyLlpGhJmy
+jkGXxj02rEG3oxFvMVduHqiTX3sn10fdRKyOGVrAZS9pphcG4/INgbxTZjZKfwv5
+Y788Zpu800UrFgCdlswVpxd3HJliN5klyG3qD7A8sfgvW7i+6sjl897F+Qy0Tq3g
+5cZhE0E5nCnt+09xSR3ypqgKmHU+UFAObt6FkJI4CCJ14Z7OhpFbPTsOe4rxjuGK
++hY2MMsKdp0Tm5qJKMYZcFCVzswKcpot52myyZSkirjuiDkwPENMK97a3Rpd7Jxz
+wrzb+Sgg3AWZtoXNLMjAE/bl/3r022B35La3IdRzrUWTnBvVnB8Lqek9+3ANjPuW
+8I4a3c8a/5KnPFrfjDzNgoA3uZNiUD+lAc2/Ut2yoqpm0tLOkMRTPDP8ustGb2t3
+o2QmGBLvi537Q7b9/SMGFcRHI5XoAENydUzqntF/ZM5oDg8NGm2g00JE1kebrq8E
+10hnI8KKIZBb0ZnRDSE2VzztrFMD42eQoQ7eQld5psxkBeC4vmJ4DWEi8HQ/zOnS
+6gEbMxvymNOP9JgiAhmCMl2iWK0UUGHeDeSeietMkQrv2xfeXu7oGkzGbgbwTJis
+JEEOqQP8zT+D6WtmhR2cl7cOldajuHL+G4HVwaMIsVV9gFmLnvNBieupEcMh1PN7
+LH9/tIIagDHNHkzRPtMcPXNluoCHOg1ZyhNRktOR3V/HWWUvXsRK9BGtpm3oCOBK
+N09/q52JxgjlypFAOTzt/Gq7YA1AMG1dD21QIY5XMpFJbp2RY2bNJ7P4xu3Ce3T6
+SHPXneBhwKicnDCL8hgqt0xfjOwdakK0A8hZlZvBvqjvd//M33KHrLJVi7l8rbM6
+OFdbmzJQx/U10CgOL45kop/BFGH4upZX/dJs6crfIfiBNAMbfdD4XFkcjjIap703
+VRBCLYMTRyoGqO3pZbl0GngsKKAhCaG9wEzF65Zlp6FK6vSbepVzHWbawWmu1nY6
+vyd39wVyJ/VHJinkZk5kZBbMGicxfdQli+ZLEe9CQ/LsKvNk6fIBOhwcA69aQC2p
+IlQDTmXPnKUeAXHhvyYN/OohcaufCrH7c0pr8clyBEJVZC6H9IqcZiOgAc4J26Jj
+JtI43QSaRfpetDkRW74MMlCFd5OnJP7gRMwuJTmF/HkU9mPXXxylVVMA3wQMF9ZT
+QPpBMV5LIadmqDLW76G1cqZYhGeNUJrpQlo3jYdGWCYZyDSc97HCWcfQjEbL7F27
+Vs2eHaQ5TEm4wmyPqtiTN0XnULcjyUWv/OPIRTUyjrxnvjzWfWU0K538n3HaBnPM
+AswDbctYiX1HysspmoiBuA2SfUK2W97U+jiDwmY9PAzvJjp5ACmbcsFl3Ez/Lv9G
+r6QKcc6y6GlSQEiUjEjIElV/t/mtGt2vrtM5YBLrxw1zYZ5CHr3d+gnAz3OMlDwv
+7E1C7eLFBhXzxXy4ImL8R1lpm7D+ZLv/+WrcBRcWHQWBpJzLo4hXdBnX0Dt5JNrF
+ZCkd8z0Mx/6EnpbX2hydpuz9rouVoUr6pnnMKVfdYBy3QWcp+qWK3KvOe029h2kc
+YOJL5WQ2sJb71zlDx/v1O5eeKk42lPyJP4CmETqcG9qpAyEst4rsqStr8hy75Vpb
+ZpOhuFR2G4cMOw4rg3WzYI/JfBk3xuME5Pp36o8eoDxUuExxHUZZYVlXVW4muN7h
+ufyxK5gWalM3UDxzYV85IbRFaF2wpTFLkZr1uAuYvYXp1dwrcQMW9TBsN7c5aOwX
+3GA7p6v0SbU+gp6U6WuEDJe52Bk5QL1tsZwJM9Wk4Z6hyeJ4l666g0JRoW5L92J1
+wtgJPukrtj4EJawUW0HVLZtvgufPtUtXCH2ldirgNBH5YbDcNshwbc8SgB5vUdsS
+VTsID8tVd63gZtpisVTcUVPApSFYFzOT4eSnKjJ4+ahKDvJmF94drG4oYQcHIBNA
+cnha6OexUH3tHlsIvqnyJJJvyOnWx/ix67LchevfaucKWPeSF/ynwCrhNymmOq4l
+MS0ZgNg6oa3KSP1aqt35jj5u31/pMOlZ+JMFZBp67lH70eYRVJO4LqwB5AiToQQN
+VJmRzm2fMEh18zGD1bdOxOh1KKfCuCEMxHG6gU4PlwvG5d4uPULedyySQ8oQVDQy
+470Irln+DHKBE4Dw52y6ymEFEA+lzKlwOiBu2QBp45x5pHvBqq9lZD6ZekrY6i6Q
+lWM4vZQMrCrscVC0Mg1h9d8OeGkShXfQf24gl3VjmxwaX8k1kLAq2vyP7zFON3IA
+DcQ4Wv22efQ74QH+Cxx6p3ZMwE/29On9x3Ar4o3bilkfCuWA/N1zaCEtdQLvqkDG
+DsS/+k356GQr48q3orfFdhdM1PxPCQgCXx/Z3uQI1DhtBcp3C87CKQ==
+=oY0Q
+-----END PGP MESSAGE-----
diff --git a/cookbooks/reverse_proxy/recipes/default.rb b/cookbooks/reverse_proxy/recipes/default.rb
index ea97587..8a10220 100644
--- a/cookbooks/reverse_proxy/recipes/default.rb
+++ b/cookbooks/reverse_proxy/recipes/default.rb
@@ -18,4 +18,3 @@ template '/etc/nginx/conf.d/reverse_proxy.conf' do
mode 0644
notifies :restart, 'service[nginx]'
end
-
diff --git a/cookbooks/reverse_proxy/recipes/mailman.rb b/cookbooks/reverse_proxy/recipes/mailman.rb
new file mode 100644
index 0000000..38a87eb
--- /dev/null
+++ b/cookbooks/reverse_proxy/recipes/mailman.rb
@@ -0,0 +1,20 @@
+cookbook_file "/etc/nginx/#{node['config']['lists_hostname']}.crt" do
+ owner 'root'
+ group 'root'
+ mode 0600
+ notifies :restart, 'service[nginx]'
+end
+
+cookbook_file "/etc/nginx/#{node['config']['lists_hostname']}.key" do
+ owner 'root'
+ group 'root'
+ mode 0600
+ notifies :restart, 'service[nginx]'
+end
+
+template '/etc/nginx/conf.d/reverse_proxy.conf' do
+ owner 'root'
+ group 'root'
+ mode 0644
+ notifies :restart, 'service[nginx]'
+end
diff --git a/cookbooks/reverse_proxy/templates/mailman_reverse_proxy.conf.erb b/cookbooks/reverse_proxy/templates/mailman_reverse_proxy.conf.erb
new file mode 100644
index 0000000..4c79d02
--- /dev/null
+++ b/cookbooks/reverse_proxy/templates/mailman_reverse_proxy.conf.erb
@@ -0,0 +1,42 @@
+upstream mailman {
+ server <%= node['peers']['integration'] %>:80 fail_timeout=10s;
+}
+
+server {
+ listen *:80;
+
+ server_name <%= node['config']['lists_hostname'] %>;
+ return 301 https://$server_name$request_uri;
+}
+
+server {
+ listen *:443 ssl;
+
+ server_name <%= node['config']['lists_hostname'] %>;
+
+ ssl on;
+
+ ssl_certificate /etc/nginx/<%= node['config']['lists_hostname'] %>.crt;
+ ssl_certificate_key /etc/nginx/<%= node['config']['lists_hostname'] %>.key;
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 5m;
+ ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers HIGH:!aNULL:!MD5;
+ ssl_prefer_server_ciphers on;
+
+ access_log /var/log/nginx/ssl-<%= node['config']['lists_hostname'] %>.access.log;
+ error_log /var/log/nginx/ssl-<%= node['config']['lists_hostname'] %>.error.log;
+
+ # TODO caching
+ location / {
+ proxy_pass http://mailman;
+ proxy_read_timeout 90;
+ proxy_connect_timeout 90;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ }
+}
+
diff --git a/test/reverse_proxy_test.sh b/test/reverse_proxy_test.sh
index 84a36e3..707e7df 100644
--- a/test/reverse_proxy_test.sh
+++ b/test/reverse_proxy_test.sh
@@ -10,4 +10,9 @@ test_reverse_proxy_to_colab() {
assertEquals "Home - Colab" "$title"
}
+test_redirect_http_to_mailman() {
+ local title="$(curl --silent --fail --location --header 'Host: listas.softwarepublico.dev' --insecure https://$reverseproxy/ | grep -i '')"
+ assertEquals "<TITLE>listas.softwarepublico.dev Mailing Lists" "$title"
+}
+
. shunit2
--
libgit2 0.21.2