]> git.openstreetmap.org Git - chef.git/commitdiff
projects / chef.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 1d07e74)
Switch gps-tile to letsencrypt
authorTom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 10:20:55 +0000 (10:20 +0000)
committerTom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 10:26:03 +0000 (10:26 +0000)
cookbooks/gps-tile/recipes/default.rb patch | blob | history
cookbooks/gps-tile/templates/default/apache.erb patch | blob | history

diff --git a/cookbooks/gps-tile/recipes/default.rb b/cookbooks/gps-tile/recipes/default.rb
index c3bcfba9874a4e1d94ff59c05783ebcabcb40675..593e69ad13327bf50d6e3fa08f7b7a209cf5beaf 100644 (file)
--- a/cookbooks/gps-tile/recipes/default.rb
+++ b/cookbooks/gps-tile/recipes/default.rb
@@ -103,6 +103,19 @@ end
 
 apache_module "headers"
 
+ssl_certificate "gps-tile.openstreetmap.org" do
+  domains ["gps-tile.openstreetmap.org",
+           "a.gps-tile.openstreetmap.org",
+           "b.gps-tile.openstreetmap.org",
+           "c.gps-tile.openstreetmap.org",
+           "gps.tile.openstreetmap.org",
+           "gps-a.tile.openstreetmap.org",
+           "gps-b.tile.openstreetmap.org",
+           "gps-c.tile.openstreetmap.org"]
+  fallback_certificate "tile.openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site "gps-tile.openstreetmap.org" do
   template "apache.erb"
 end
diff --git a/cookbooks/gps-tile/templates/default/apache.erb b/cookbooks/gps-tile/templates/default/apache.erb
index 73564f5438635febd275971aae3d944ef2394d37..7dbd24b41e60a12976050c9858fb6f25bc7e066b 100644 (file)
--- a/cookbooks/gps-tile/templates/default/apache.erb
+++ b/cookbooks/gps-tile/templates/default/apache.erb
@@ -3,16 +3,17 @@
 <% [80, 443].each do |port| -%>
 <VirtualHost *:<%= port %>>
   # Basic server configuration
-  ServerName <%= node[:fqdn] %>
+  ServerName gps-tile.openstreetmap.org
+  ServerAlias *.gps-tile.openstreetmap.org
   ServerAlias gps.tile.openstreetmap.org
   ServerAlias gps-*.tile.openstreetmap.org
-  ServerAlias gps-tile.openstreetmap.org
-  ServerAlias *.gps-tile.openstreetmap.org
   ServerAdmin webmaster@openstreetmap.org
 <% if port == 443 -%>
 
   # Enable SSL
   SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/gps-tile.openstreetmap.org.pem
+  SSLCertificateKeyFile /etc/ssl/private/gps-tile.openstreetmap.org.key
 <% end -%>
 
   # Configure location of static files
@@ -21,6 +22,9 @@
   # Configure the CGI script that serves the tiles
   ScriptAlias /lines /srv/gps-tile.openstreetmap.org/updater/tile
 
+  # Redirect for ACMI challenge validation
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+
   # Temporary redirect for old CGI location
   RedirectPermanent /gps-lines/tile /lines
 
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.