X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/1facaf1dc96ab5b42492334c3170e1232b2f847d..ba58f30c1b5b512068360f4b3b26955af7a28a65:/cookbooks/foundation/templates/default/apache.owg.erb

diff --git a/cookbooks/foundation/templates/default/apache.owg.erb b/cookbooks/foundation/templates/default/apache.owg.erb
index 1cb0fe44c..55dc39c18 100644
--- a/cookbooks/foundation/templates/default/apache.owg.erb
+++ b/cookbooks/foundation/templates/default/apache.owg.erb
@@ -1,27 +1,52 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
 <VirtualHost *:80>
-   ServerName <%= @name %>
-   ServerAdmin webmaster@openstreetmap.org
+  ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+  ServerAlias <%= alias_name %>
+<% end -%>
+  ServerAdmin webmaster@openstreetmap.org
 
-   CustomLog /var/log/apache2/<%= @name %>-access.log combined
-   ErrorLog /var/log/apache2/<%= @name %>-error.log
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-   Redirect permanent / https://<%= @name %>/
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+  RedirectPermanent / https://<%= @name %>/
 </VirtualHost>
+<% unless @aliases.empty? -%>
 
 <VirtualHost *:443>
-   ServerName <%= @name %>
-   ServerAdmin webmaster@openstreetmap.org
+  ServerName <%= @aliases.first %>
+<% @aliases.drop(1).each do |alias_name| -%>
+  ServerAlias <%= alias_name %>
+<% end -%>
+  ServerAdmin webmaster@openstreetmap.org
 
-   CustomLog /var/log/apache2/<%= @name %>-access.log combined
-   ErrorLog /var/log/apache2/<%= @name %>-error.log
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-   DocumentRoot <%= @directory %>
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
-   SSLEngine on
+  RedirectPermanent / https://<%= @name %>/
 </VirtualHost>
+<% end -%>
 
-<Directory <%= @directory %>>
-   Require all granted
-</Directory>
+<VirtualHost *:443>
+  ServerName <%= @name %>
+  ServerAdmin webmaster@openstreetmap.org
+
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+  RequestHeader set X-Forwarded-Proto "https"
+  RequestHeader set X-Forwarded-Port "443"
+
+  ProxyPass / http://localhost:<%= @docker_external_port %>/
+  ProxyPreserveHost on
+</VirtualHost>
