Fully qualify the name of the backup server

[chef.git] / cookbooks / chef / templates / default / apache.erb

diff --git a/cookbooks/chef/templates/default/apache.erb b/cookbooks/chef/templates/default/apache.erb
index fed8d3a2d42fe18134e8375046065c317a85b3cf..917759a7cb4b1d2823b27460e643ebb7874e7a04 100644 (file)
--- a/cookbooks/chef/templates/default/apache.erb
+++ b/cookbooks/chef/templates/default/apache.erb
@@ -5,9 +5,10 @@
        ServerAlias chef.osm.org
        ServerAdmin webmaster@openstreetmap.org
 
-       CustomLog /var/log/apache2/chef.openstreetmap.org-access.log combined
+       CustomLog /var/log/apache2/chef.openstreetmap.org-access.log combined_extended
        ErrorLog /var/log/apache2/chef.openstreetmap.org-error.log
 
+       RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
        Redirect permanent / https://chef.openstreetmap.org/
 </VirtualHost>
 
@@ -15,16 +16,15 @@
        ServerName chef.openstreetmap.org
        ServerAdmin webmaster@openstreetmap.org
 
-       SSLEngine on
-       SSLProtocol all -SSLv2
-       SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
-       SSLCertificateFile /etc/ssl/certs/openstreetmap.pem
-       SSLCertificateKeyFile /etc/ssl/private/openstreetmap.key
-
-       CustomLog /var/log/apache2/chef.openstreetmap.org-access.log combined
+       CustomLog /var/log/apache2/chef.openstreetmap.org-access.log combined_extended
        ErrorLog /var/log/apache2/chef.openstreetmap.org-error.log
 
+       SSLEngine on
        SSLProxyEngine on
+       SSLCertificateFile /etc/ssl/certs/chef.openstreetmap.org.pem
+       SSLCertificateKeyFile /etc/ssl/private/chef.openstreetmap.org.key
 
-       ProxyPass / http://127.0.0.1:4000/
+       ProxyPassMatch ^/.*\.git/ !
+       ProxyPass / https://<%= node[:fqdn] %>:4443/
+       ProxyPreserveHost on
 </VirtualHost>