Make sure chef mysql configuration overrides defaults

[chef.git] / cookbooks / gps-tile / templates / default / apache.erb

diff --git a/cookbooks/gps-tile/templates/default/apache.erb b/cookbooks/gps-tile/templates/default/apache.erb
index 7572327c3a48b57d6a5fa602266876916f35ab95..7dbd24b41e60a12976050c9858fb6f25bc7e066b 100644 (file)
--- a/cookbooks/gps-tile/templates/default/apache.erb
+++ b/cookbooks/gps-tile/templates/default/apache.erb
@@ -1,11 +1,20 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-<VirtualHost *:80>
+<% [80, 443].each do |port| -%>
+<VirtualHost *:<%= port %>>
   # Basic server configuration
-  ServerName <%= node[:fqdn] %>
-  ServerAlias gps-tile.openstreetmap.org
+  ServerName gps-tile.openstreetmap.org
   ServerAlias *.gps-tile.openstreetmap.org
+  ServerAlias gps.tile.openstreetmap.org
+  ServerAlias gps-*.tile.openstreetmap.org
   ServerAdmin webmaster@openstreetmap.org
+<% if port == 443 -%>
+
+  # Enable SSL
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/gps-tile.openstreetmap.org.pem
+  SSLCertificateKeyFile /etc/ssl/private/gps-tile.openstreetmap.org.key
+<% end -%>
 
   # Configure location of static files
   DocumentRoot /srv/gps-tile.openstreetmap.org/html
@@ -13,6 +22,9 @@
   # Configure the CGI script that serves the tiles
   ScriptAlias /lines /srv/gps-tile.openstreetmap.org/updater/tile
 
+  # Redirect for ACMI challenge validation
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+
   # Temporary redirect for old CGI location
   RedirectPermanent /gps-lines/tile /lines
 
@@ -26,9 +38,15 @@
   Header set Access-Control-Allow-Origin "*"
 </VirtualHost>
 
+<% end -%>
 <Directory /srv/gps-tile.openstreetmap.org/html>
   Options None
   AllowOverride None
-  Order allow,deny
-  Allow from all
+  Require all granted
+</Directory>
+
+<Directory /srv/gps-tile.openstreetmap.org/updater>
+  <Files tile>
+    Require all granted
+  </Files>
 </Directory>