# This is the nginx config for Mailman. The configs for http and https # are essentially the same except for the added SSL stuff for https. # The critical stuff is the /static/ location and the proxy stuff # for proxying to gunicorn at port 8000. server { listen 80 default_server; # listen [::]:80 default_server ipv6only=on; root /usr/share/nginx/html; index index.html index.htm; server_name lists.mailman3.org; location / { proxy_pass http://127.0.0.1:8000/; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; } location /static/ { alias /opt/mailman/mm/static/; } location /robots.txt { alias /usr/share/nginx/html/robots.txt; } location /favicon.ico { alias /var/www/listorg/images/favicon.ico; } } server { listen 443 default_server; # listen [::]:443 default_server ipv6only=on; root /usr/share/nginx/html; index index.html index.htm; server_name lists.mailman3.org; ssl on; ssl_certificate /etc/letsencrypt/live/mirror.mailman3.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mirror.mailman3.org/privkey.pem; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; ssl_prefer_server_ciphers on; location / { proxy_pass http://127.0.0.1:8000/; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; } location /static/ { alias /opt/mailman/mm/static/; } location /robots.txt { alias /usr/share/nginx/html/robots.txt; } location /favicon.ico { alias /var/www/listorg/images/favicon.ico; } }