donate: attempt set of correct cert

diff --git a/cookbooks/donate/recipes/default.rb b/cookbooks/donate/recipes/default.rb
index 66a112339f7d69dc9e9b3f39eaaf46e6776f2814..e1f64904b2c8ae2bacb6a7672761b31cd20c82ea 100644 (file)
--- a/cookbooks/donate/recipes/default.rb
+++ b/cookbooks/donate/recipes/default.rb
@@ -17,6 +17,8 @@
 # limitations under the License.
 #
 
+node.default[:ssl][:certificates] = node[:ssl][:certificates] | ["openstreetmap"]
+
 include_recipe "apache::ssl"
 include_recipe "mysql"
 include_recipe "git"
@@ -64,6 +66,12 @@ git "/srv/donate.openstreetmap.org" do
   group "donate"
 end
 
+directory "/srv/donate.openstreetmap.org/data" do
+  owner "donate"
+  group "donate"
+  mode 0o755
+end
+
 apache_site "donate.openstreetmap.org" do
   template "apache.erb"
 end

diff --git a/cookbooks/donate/templates/default/apache.erb b/cookbooks/donate/templates/default/apache.erb
index df3a98bd37d95c4ea767080970242b2388edea1a..509cf3fdd4de3cfa333488b0913018c2eacf6cf4 100644 (file)
--- a/cookbooks/donate/templates/default/apache.erb
+++ b/cookbooks/donate/templates/default/apache.erb
@@ -23,6 +23,9 @@
    # Enable SSL
    #
    SSLEngine on
+   SSLCertificateFile /etc/ssl/certs/openstreetmap.pem
+   SSLCertificateKeyFile /etc/ssl/private/openstreetmap.key
+   SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
 
    # HSTS (mod_headers is required)
    Header always set Strict-Transport-Security "max-age=300"