]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/chef/templates/default/apache.erb
Enable https access to private git repositories
[chef.git] / cookbooks / chef / templates / default / apache.erb
index f6c1806b1f704031ffe72065f9cff6df75137f1e..4f57bba7de7ca2d6844cba5a076082803216fb9f 100644 (file)
@@ -8,6 +8,7 @@
        CustomLog /var/log/apache2/chef.openstreetmap.org-access.log combined
        ErrorLog /var/log/apache2/chef.openstreetmap.org-error.log
 
+       RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
        Redirect permanent / https://chef.openstreetmap.org/
 </VirtualHost>
 
        CustomLog /var/log/apache2/chef.openstreetmap.org-access.log combined
        ErrorLog /var/log/apache2/chef.openstreetmap.org-error.log
 
+       DocumentRoot /var/lib/git
+
        SSLEngine on
        SSLProxyEngine on
+       SSLCertificateFile /etc/ssl/certs/chef.openstreetmap.org.pem
+       SSLCertificateKeyFile /etc/ssl/private/chef.openstreetmap.org.key
 
+       ProxyPassMatch ^/.*\.git/ !
        ProxyPass / https://<%= node[:fqdn] %>:4443/
+       ProxyPreserveHost on
 </VirtualHost>
+
+<Directory /var/lib/git>
+       Require ip <%= @git_allowed.sort.join(" ") %>
+</Directory>