ansible-infra/playbooks/files/chaosknoten/configs/lists/nginx/lists.hamburg.ccc.de.conf

server {
	root /var/www/html;
    server_name lists.hamburg.ccc.de; # managed by Certbot

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot

    ssl_certificate /etc/letsencrypt/live/lists.hamburg.ccc.de/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/lists.hamburg.ccc.de/privkey.pem; # managed by Certbot
    # verify chain of trust of OCSP response using Root CA and Intermediate certs
    ssl_trusted_certificate /etc/letsencrypt/live/lists.hamburg.ccc.de/chain.pem;

    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
    add_header Strict-Transport-Security "max-age=63072000" always;

    location /static {
        alias /opt/mailman/web/static;
        autoindex off;
    }

    location / {
          uwsgi_pass localhost:8080;
          include uwsgi_params;
          uwsgi_read_timeout 300;
    }
}