From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Thu, 10 Jan 2019 03:02:06 +0000 (-0500)
Subject: mailman: add MailmanForceSSL env var
X-Git-Tag: release_20190109-2
X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/commitdiff_plain/bd8614c896255ba988644f5c359724e1133d0276?ds=sidebyside

mailman: add MailmanForceSSL env var

Since normal users cannot access the server mailman is on directly,
they also can't set up a vhost to redirect http -> https for mailman.

Use MailmanForceSSL to control generating a redirect to https for http
vhosts. Silently does nothing when used with a vhost with an SSL
cert (would just generate a redirect loop).
---

diff --git a/lib/defaults.dtl b/lib/defaults.dtl
index 4df01e7..66dc4e4 100644
--- a/lib/defaults.dtl
+++ b/lib/defaults.dtl
@@ -44,5 +44,6 @@ var AddMX : bool = true;
 var MailNodes : [mail_node] = ["minsky"];
 
 var MailManPlaces : [mailman_place] = [mailman_place_default mailman_node];
+var MailmanForceSSL : bool = false;
 
 var DefaultWebNode : web_node = web_node;
\ No newline at end of file
diff --git a/lib/mailman.dtl b/lib/mailman.dtl
index dcfa585..e1a8fbf 100644
--- a/lib/mailman.dtl
+++ b/lib/mailman.dtl
@@ -25,6 +25,7 @@ extern val mailman_place_to_ipv6 : mailman_place -> ipv6;
 extern val mailmanVhost : host -> [Domain]
   {MailmanPlaces : [mailman_place],
   SSL : ssl,
+  MailmanForceSSL : bool,
   User : your_user,
   ServerAdmin : email};
 {{Create an Apache virtual host to serve as the web interface for some Mailman
diff --git a/src/plugins/mailman.sml b/src/plugins/mailman.sml
index bab7222..a601155 100644
--- a/src/plugins/mailman.sml
+++ b/src/plugins/mailman.sml
@@ -83,6 +83,7 @@ val () = Env.actionV_one "mailmanVhost"
 		 val places = Env.env (Env.list mailmanPlace) (env, "MailmanPlaces")
 
 		 val ssl = Env.env Apache.ssl (env, "SSL")
+		 val forcessl = Env.env Env.bool (env, "MailmanForceSSL")
 		 val user = Env.env Env.string (env, "User")
 		 val sadmin = Env.env Env.string (env, "ServerAdmin")
 
@@ -131,7 +132,10 @@ val () = Env.actionV_one "mailmanVhost"
 				 (print "\n\tSSLEngine on\n\tSSLCertificateFile ";
 				  print cert;
 				  print "\n")
-			       | NONE => ();
+			       | NONE => if forcessl then
+					     (print "RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]")
+					 else
+					     ();
 			     (*
                              print "    SuexecUserGroup list list\n";
 			     print "\n";