X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/d352748b416e52cc7174ab6e09f61ef82fa19347..34666b81c1ff78ac49e2afb85f6cabf8742dfb4c:/cookbooks/mediawiki/templates/default/apache.erb

diff --git a/cookbooks/mediawiki/templates/default/apache.erb b/cookbooks/mediawiki/templates/default/apache.erb
index 7aed4b3e7..0e173841c 100644
--- a/cookbooks/mediawiki/templates/default/apache.erb
+++ b/cookbooks/mediawiki/templates/default/apache.erb
@@ -11,6 +11,8 @@
 
 <% if port == 443 -%>
   SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
   CustomLog /var/log/apache2/<%= @name %>-secure-access.log combined
   ErrorLog /var/log/apache2/<%= @name %>-secure-error.log
@@ -21,6 +23,10 @@
 
   DocumentRoot <%= @directory %>
 
+<% if @ssl_enabled -%>
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+<% end -%>
+
   php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/
   #php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
   php_value memory_limit 128M
@@ -57,6 +63,7 @@
   RewriteCond %{REQUEST_URI} !^/api\.php$
   RewriteCond %{REQUEST_URI} !^/opensearch_desc\.php$
   RewriteCond %{REQUEST_URI} !^/server-status
+  RewriteCond %{REQUEST_URI} !^/.well-known/
   RewriteCond %{LA-U:REQUEST_FILENAME} !-f
   RewriteCond %{LA-U:REQUEST_FILENAME} !-d
   RewriteRule ^/(.*) /wiki/$1 [R,L]