dmca: fix apache config

[chef.git] / cookbooks / subversion / templates / default / apache.erb

diff --git a/cookbooks/subversion/templates/default/apache.erb b/cookbooks/subversion/templates/default/apache.erb
index 90bdd4f27e6f31ff9a7c0ff4d3df5dd5c6a322dd..cadae8b0892055d4cef99aeaeb41ef24e0f62623 100644 (file)
--- a/cookbooks/subversion/templates/default/apache.erb
+++ b/cookbooks/subversion/templates/default/apache.erb
@@ -1,26 +1,67 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-<VirtualHost *:80>
-        ServerName <%= @name %>
-        ServerAdmin webmaster@openstreetmap.org
+<VirtualHost *:443>
+  ServerName <%= @name %>
+  ServerAdmin webmaster@openstreetmap.org
+
+  Protocols http/1.1
+
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  CustomLog /var/log/apache2/<%= @name %>-svn-access.log "%h %t %u %{SVN-ACTION}e" env=SVN-ACTION
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+  <Location />
+    DAV svn
+    SVNPath <%= @directory %>
+    SVNIndexXSLT /svnindex.xsl
+
+    LimitXMLRequestBody 0
+    LimitRequestBody 0
+
+    <Limit GET PROPFIND OPTIONS REPORT>
+      Require all granted
+    </Limit>
 
-        CustomLog /var/log/apache2/<%= @name %>-access.log combined
-        CustomLog /var/log/apache2/<%= @name %>-svn-access.log "%h %t %u %{SVN-ACTION}e" env=SVN-ACTION
-        ErrorLog /var/log/apache2/<%= @name %>-error.log
+    <LimitExcept GET PROPFIND OPTIONS REPORT>
+      Require all denied
+    </LimitExcept>
+  </Location>
+</VirtualHost>
+<% unless @aliases.empty? -%>
+
+<VirtualHost *:443>
+  ServerName <%= @aliases.first %>
+<% @aliases.drop(1).each do |alias_name| -%>
+  ServerAlias <%= alias_name %>
+<% end -%>
+  ServerAdmin webmaster@openstreetmap.org
+
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-       <Location />
-               DAV svn
-               SVNPath <%= @directory %>
+  RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
+<% end -%>
+
+<VirtualHost *:80>
+  ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+  ServerAlias <%= alias_name %>
+<% end -%>
 
-               AuthType Basic
-               AuthName "<%= @realm %>"
-               AuthUserFile <%= @password_file %>
+  ServerAdmin webmaster@openstreetmap.org
 
-               LimitXMLRequestBody 0
-               LimitRequestBody 0
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-               <LimitExcept GET PROPFIND OPTIONS REPORT>
-                       Require valid-user
-               </LimitExcept>
-       </Location>
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+  RedirectPermanent / https://<%= @name %>/
 </VirtualHost>