ServerName $name ServerAdmin webmaster@example.com DocumentRoot /www/$name/public Options +Includes Require all granted # Let's Encrypt (certbot) Alias /.well-known/acme-challenge \ /usr/local/www/well-known/.well-known/acme-challenge Require all granted RewriteEngine on # Clean up multiple slashes # https://stackoverflow.com/a/8464827 RewriteCond %{THE_REQUEST} // RewriteRule .* $0 [R] # Hide some files and directories RedirectMatch 404 ",v$" RedirectMatch 404 "-$" RedirectMatch 404 "/Makefile$" RedirectMatch 404 "/RCS(/|$)" RedirectMatch 404 "/XXX(/|$)" RedirectMatch 404 "/\.git(/|$)" RedirectMatch 404 "/\.svn(/|$)" RedirectMatch 404 "\.awk$" RedirectMatch 404 "\.conf$" RedirectMatch 404 "\.config$" RedirectMatch 404 "\.py$" RedirectMatch 404 "\.sh$" RedirectMatch 404 "\.xxx$" RedirectMatch 404 "~$" # Remove trailing dot RewriteCond %{HTTP_HOST} ^(.*)\.$ RewriteRule ^(.*)$ %{REQUEST_SCHEME}://%1$1 [R=301,L] # Django static content Alias /static/admin \ /usr/local/lib/python3.11/site-packages/django/contrib/admin/static/admin Require all granted # Postorius static content Alias /static/django-mailman3 \ /usr/local/lib/python3.11/site-packages/django_mailman3/static/django-mailman3 Require all granted Alias /static/postorius \ /usr/local/lib/python3.11/site-packages/postorius/static/postorius Require all granted Alias /static/postorius/django-mailman3 \ /usr/local/lib/python3.11/site-packages/postorius/static/postorius Require all granted include etc/apache24/virtual/common/django.conf include etc/apache24/virtual/common/postorius.conf WSGIScriptAliasMatch ^(/.*)$ /www/$name/postorius/wsgi.py$1 ErrorLog /var/log/http/error-$name.log # Default error format but without referer ErrorLogFormat "[%{u}t] [%-m:%l] [pid %P] %7F: %E: [client\ %a] %M" CustomLog /var/log/http/access-$name.log combined # http://localhost:8000/ Use HTTP lists.example.com # http://lists.example.com/ Use HTTP lists.example.com # Use https for everything except letsencrypt and google webmaster auth RewriteCond %{REQUEST_URI} !^/downloads/ RewriteCond %{REQUEST_URI} !^/\.well-known/ RewriteCond %{REQUEST_URI} !^/google[a-z0-9]+\.html$ RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] Use HTTP $name # Client certificate authentication #SSLCACertificatePath etc/apache24/certs # HTTP Strict Transport Security (mod_headers is required) # (31536000 seconds = 1 year) Header always set Strict-Transport-Security "max-age=31536000;" RewriteEngine on SSLEngine on SSLCertificateFile etc/letsencrypt/live/$name/cert.pem SSLCertificateKeyFile etc/letsencrypt/live/$name/privkey.pem SSLCertificateChainFile etc/letsencrypt/live/$name/chain.pem # https://lists.example.com/ Use HTTPS lists.example.com UndefMacro HTTPS UndefMacro HTTPS