Switch taginfo.osm.org to letsencrypt

diff --git a/cookbooks/taginfo/recipes/default.rb b/cookbooks/taginfo/recipes/default.rb
index 76a869b7c323b423b5baf864678671a67c35aad4..35166f1d02c89e2900a3d3b416da863605d1e9e5 100644 (file)
--- a/cookbooks/taginfo/recipes/default.rb
+++ b/cookbooks/taginfo/recipes/default.rb
@@ -80,14 +80,14 @@ template "/etc/sudoers.d/taginfo" do
 end
 
 node[:taginfo][:sites].each do |site|
-  name = site[:name]
-  directory = site[:directory] || "/srv/#{name}"
+  site_name = site[:name]
+  directory = site[:directory] || "/srv/#{site_name}"
   description = site[:description]
   about = site[:about]
   icon = site[:icon]
   contact = site[:contact]
 
-  directory "/var/log/taginfo/#{name}" do
+  directory "/var/log/taginfo/#{site_name}" do
     owner "taginfo"
     group "taginfo"
     mode 0o755
@@ -126,13 +126,13 @@ node[:taginfo][:sites].each do |site|
   settings = Chef::DelayedEvaluator.new do
     settings = JSON.parse(IO.read("#{directory}/taginfo/taginfo-config-example.json"))
 
-    settings["instance"]["url"] = "http://#{name}/"
+    settings["instance"]["url"] = "http://#{site_name}/"
     settings["instance"]["description"] = description
     settings["instance"]["about"] = about
     settings["instance"]["icon"] = "/img/logo/#{icon}.png"
     settings["instance"]["contact"] = contact
     settings["instance"]["access_control_allow_origin"] = ""
-    settings["logging"]["directory"] = "/var/log/taginfo/#{name}"
+    settings["logging"]["directory"] = "/var/log/taginfo/#{site_name}"
     settings["opensearch"]["shortname"] = "Taginfo"
     settings["opensearch"]["contact"] = "webmaster@openstreetmap.org"
     settings["sources"]["download"] = ""
@@ -231,10 +231,16 @@ node[:taginfo][:sites].each do |site|
     owner "taginfo"
     group "taginfo"
     mode 0o755
-    variables :name => name, :directory => directory
+    variables :name => site_name, :directory => directory
   end
 
-  apache_site name do
+  ssl_certificate site_name do
+    domains site_name
+    fallback_certificate "openstreetmap"
+    notifies :reload, "service[apache2]"
+  end
+
+  apache_site site_name do
     template "apache.erb"
     directory "#{directory}/taginfo/web/public"
   end

diff --git a/cookbooks/taginfo/templates/default/apache.erb b/cookbooks/taginfo/templates/default/apache.erb
index 288b13ff1c6f991358dc439cbd2edc4c7f7550ca..3ae9fed71228623edd1191b0768484b51766bb27 100644 (file)
--- a/cookbooks/taginfo/templates/default/apache.erb
+++ b/cookbooks/taginfo/templates/default/apache.erb
@@ -1,14 +1,12 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-<% [80, 443].each do |port| -%>
-
-<VirtualHost *:<%= port %>>
+<VirtualHost *:443>
         ServerName <%= @name %>
         ServerAdmin webmaster@openstreetmap.org
-<% if port == 443 -%>
 
         SSLEngine on
-<% end -%>
+        SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+        SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
         CustomLog /var/log/apache2/<%= @name %>-access.log combined
         ErrorLog /var/log/apache2/<%= @name %>-error.log
@@ -26,7 +24,17 @@
                 Header setifempty Access-Control-Allow-Origin *
         </Location>
 </VirtualHost>
-<% end -%>
+
+<VirtualHost *:80>
+        ServerName <%= @name %>
+        ServerAdmin webmaster@openstreetmap.org
+
+        CustomLog /var/log/apache2/<%= @name %>-access.log combined
+        ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+        RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
 
 <Directory <%= @directory %>>
         Require all granted