end
end
+ssl_certificate "nominatim.openstreetmap.org" do
+ domains ["nominatim.openstreetmap.org",
+ "nominatim.osm.org",
+ "nominatim.openstreetmap.com",
+ "nominatim.openstreetmap.net",
+ "nominatim.openstreetmaps.org",
+ "nominatim.openmaps.org"]
+ fallback_certificate "openstreetmap"
+ notifies :reload, "service[apache2]"
+end
+
apache_site "nominatim.openstreetmap.org" do
template "apache.erb"
directory build_directory
ServerName <%= node[:fqdn] %>
ServerAlias nominatim.openstreetmap.org
ServerAlias nominatim.osm.org
- ServerAlias nominatim.openstreetmap.org
+ ServerAlias nominatim.openstreetmap.com
ServerAlias nominatim.openstreetmap.net
ServerAlias nominatim.openstreetmaps.org
ServerAlias nominatim.openmaps.org
ServerAdmin webmaster@openstreetmap.org
<% if port == 443 -%>
- #
# Enable SSL
- #
SSLEngine on
SSLProxyEngine on
+ SSLCertificateFile /etc/ssl/certs/nominatim.openstreetmap.org.pem
+ SSLCertificateKeyFile /etc/ssl/private/nominatim.openstreetmap.org.key
+<% else -%>
+ # Redirect ACME challenges for certificate issuance
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
<% end -%>
# Remove Proxy request header to mitigate https://httpoxy.org/
projects / chef.git / commitdiff