# This is the nginx config for Mailman. The configs for http and https
# are essentially the same except for the added SSL stuff for https.
# The critical stuff is the /static/ location and the proxy stuff
# for proxying to gunicorn at port 8000.

server {
	listen 80 default_server;
	# listen [::]:80 default_server ipv6only=on;

	root /usr/share/nginx/html;
	index index.html index.htm;

	server_name lists.mailman3.org;

	location / {
		proxy_pass http://127.0.0.1:8000/;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Host $host;
		proxy_set_header X-Forwarded-Server $host;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_redirect off;
	}

	location /static/ {
		alias /opt/mailman/mm/static/;
	}

	location /robots.txt {
		alias /usr/share/nginx/html/robots.txt;
	}

	location /favicon.ico {
		alias /var/www/listorg/images/favicon.ico;
	}

}

server {
	listen 443 default_server;
	# listen [::]:443 default_server ipv6only=on;

	root /usr/share/nginx/html;
	index index.html index.htm;

	server_name lists.mailman3.org;

	ssl on;
	ssl_certificate /etc/letsencrypt/live/mirror.mailman3.org/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/mirror.mailman3.org/privkey.pem;

	ssl_session_timeout 5m;

	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
	ssl_prefer_server_ciphers on;

	location / {
		proxy_pass http://127.0.0.1:8000/;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Host $host;
		proxy_set_header X-Forwarded-Server $host;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_redirect off;
	}

	location /static/ {
		alias /opt/mailman/mm/static/;
	}

	location /robots.txt {
		alias /usr/share/nginx/html/robots.txt;
	}

	location /favicon.ico {
		alias /var/www/listorg/images/favicon.ico;
	}

}