From: Tom Hughes Date: Sun, 12 Feb 2017 11:05:29 +0000 (+0000) Subject: Switch forum.osm.org to letsencrypt X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/2c06ac9ac5299064c209c63af2323b2c28186e3c Switch forum.osm.org to letsencrypt --- diff --git a/cookbooks/forum/recipes/default.rb b/cookbooks/forum/recipes/default.rb index 58fa9a22d..7130c1728 100644 --- a/cookbooks/forum/recipes/default.rb +++ b/cookbooks/forum/recipes/default.rb @@ -31,8 +31,10 @@ package "php-apcu" apache_module "php7.0" apache_module "rewrite" -apache_site "default" do - action [:disable] +ssl_certificate "forum.openstreetmap.org" do + domains ["forum.openstreetmap.org", "forum.osm.org"] + fallback_certificate "openstreetmap" + notifies :reload, "service[apache2]" end apache_site "forum.openstreetmap.org" do diff --git a/cookbooks/forum/templates/default/apache.erb b/cookbooks/forum/templates/default/apache.erb index 4b3c844c8..ad7a36d35 100644 --- a/cookbooks/forum/templates/default/apache.erb +++ b/cookbooks/forum/templates/default/apache.erb @@ -8,35 +8,39 @@ CustomLog /var/log/apache2/forum.openstreetmap.org-access.log combined ErrorLog /var/log/apache2/forum.openstreetmap.org-error.log + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ RedirectPermanent / https://forum.openstreetmap.org/ ServerName forum.openstreetmap.org + ServerAlias forum.osm.org ServerAdmin webmaster@openstreetmap.org SSLEngine on + SSLCertificateFile /etc/ssl/certs/forum.openstreetmap.org.pem + SSLCertificateKeyFile /etc/ssl/private/forum.openstreetmap.org.key CustomLog /var/log/apache2/forum.openstreetmap.org-access.log combined ErrorLog /var/log/apache2/forum.openstreetmap.org-error.log DocumentRoot /srv/forum.openstreetmap.org/html - php_admin_value open_basedir /srv/forum.openstreetmap.org/html/:/usr/share/php/:/tmp/ - php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open" - php_value upload_max_filesize 70M - php_value post_max_size 100M + php_admin_value open_basedir /srv/forum.openstreetmap.org/html/:/usr/share/php/:/tmp/ + php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open" + php_value upload_max_filesize 70M + php_value post_max_size 100M - RewriteEngine on - RewriteRule ^config\.php$ - [F,L] + RewriteEngine on + RewriteRule ^config\.php$ - [F,L] - Options -Indexes + Options -Indexes - Require all granted + Require all granted - php_admin_flag engine off + php_admin_flag engine off