]> git.openstreetmap.org Git - chef.git/commitdiff
projects / chef.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: ecd37a4)
Redirect http to https for nominatim
authorTom Hughes <tom@compton.nu>
Fri, 11 May 2018 09:32:50 +0000 (10:32 +0100)
committerTom Hughes <tom@compton.nu>
Fri, 11 May 2018 09:32:50 +0000 (10:32 +0100)
cookbooks/nominatim/templates/default/apache.erb patch | blob | history

diff --git a/cookbooks/nominatim/templates/default/apache.erb b/cookbooks/nominatim/templates/default/apache.erb
index 39fa83289506f9b0f133b94c1b052ccb1a6a7922..5cda3e4674e3233ec714c375261c6170f4139ad3 100644 (file)
--- a/cookbooks/nominatim/templates/default/apache.erb
+++ b/cookbooks/nominatim/templates/default/apache.erb
@@ -1,7 +1,6 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-<% [80, 443].each do |port| -%>
-<VirtualHost *:<%= port %>>
+<VirtualHost *:443>
     ServerName <%= node[:fqdn] %>
     ServerAlias nominatim.openstreetmap.org
     ServerAlias nominatim.osm.org
@@ -11,16 +10,11 @@
     ServerAlias nominatim.openmaps.org
     ServerAdmin webmaster@openstreetmap.org
 
-<% if port == 443 -%>
     # Enable SSL
     SSLEngine on
     SSLProxyEngine on
     SSLCertificateFile /etc/ssl/certs/nominatim.openstreetmap.org.pem
     SSLCertificateKeyFile /etc/ssl/private/nominatim.openstreetmap.org.key
-<% else -%>
-    # Redirect ACME challenges for certificate issuance
-    RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
-<% end -%>
 
     # Remove Proxy request header to mitigate https://httpoxy.org/
     RequestHeader unset Proxy early
@@ -67,7 +61,21 @@
     RewriteMap bulklist txt:<%= @directory %>/settings/ip_blocks.map
     RewriteRule ^/(search|reverse|lookup)(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|www}/$1.php$3 [PT]
     RewriteRule ^/details(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|details}/details.php$2 [PT]
-
 </VirtualHost>
 
-<% end -%>
+<VirtualHost *:80>
+    ServerName <%= node[:fqdn] %>
+    ServerAlias nominatim.openstreetmap.org
+    ServerAlias nominatim.osm.org
+    ServerAlias nominatim.openstreetmap.com
+    ServerAlias nominatim.openstreetmap.net
+    ServerAlias nominatim.openstreetmaps.org
+    ServerAlias nominatim.openmaps.org
+    ServerAdmin webmaster@openstreetmap.org
+
+    CustomLog <%= node[:nominatim][:logdir] %>/nominatim.openstreetmap.org-access.log combined
+    ErrorLog /var/log/apache2/nominatim.openstreetmap.org-error.log
+
+    RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+    RedirectPermanent / https://nominatim.openstreetmap.org/
+</VirtualHost>
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.