From: Tom Hughes
Date: Mon, 13 Feb 2017 19:24:42 +0000 (+0000)
Subject: Enable SSL for dev apis
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/492559ef865a09dba696babf6178a05b33cc2eb8?ds=sidebyside
Enable SSL for dev apis
---
diff --git a/cookbooks/dev/recipes/default.rb b/cookbooks/dev/recipes/default.rb
index 3c5dafe25..aefd6594d 100644
--- a/cookbooks/dev/recipes/default.rb
+++ b/cookbooks/dev/recipes/default.rb
@@ -20,7 +20,7 @@
require "yaml"
require "securerandom"
-include_recipe "apache"
+include_recipe "apache::ssl"
include_recipe "passenger"
include_recipe "git"
include_recipe "mysql"
@@ -201,6 +201,11 @@ if node[:postgresql][:clusters][:"9.5/main"]
notifies :run, "execute[#{rails_directory}]"
end
+ ssl_certificate site_name do
+ domains [site_name] + site_aliases
+ notifies :reload, "service[apache2]"
+ end
+
apache_site site_name do
template "apache.rails.erb"
variables :name => site_name, :aliases => site_aliases, :secret_key_base => secret_key_base
@@ -241,6 +246,11 @@ if node[:postgresql][:clusters][:"9.5/main"]
mode 0o644
end
+ ssl_certificate "apis.dev.openstreetmap.org" do
+ domains "apis.dev.openstreetmap.org"
+ notifies :reload, "service[apache2]"
+ end
+
apache_site "apis.dev.openstreetmap.org" do
template "apache.apis.erb"
end
diff --git a/cookbooks/dev/templates/default/apache.apis.erb b/cookbooks/dev/templates/default/apache.apis.erb
index 1afec5c93..c1eddbdb2 100644
--- a/cookbooks/dev/templates/default/apache.apis.erb
+++ b/cookbooks/dev/templates/default/apache.apis.erb
@@ -1,13 +1,28 @@
# DO NOT EDIT - This file is being maintained by Chef
-
+
ServerName apis.dev.openstreetmap.org
ServerAdmin webmaster@openstreetmap.org
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/apis.dev.openstreetmap.org.pem
+ SSLCertificateKeyFile /etc/ssl/private/apis.dev.openstreetmap.org.key
+
+ CustomLog /var/log/apache2/apis.dev.openstreetmap.org-access.log combined
+ ErrorLog /var/log/apache2/apis.dev.openstreetmap.org-error.log
+
DocumentRoot /srv/apis.dev.openstreetmap.org
+
+
+
+ ServerName apis.dev.openstreetmap.org
+ ServerAdmin webmaster@openstreetmap.org
CustomLog /var/log/apache2/apis.dev.openstreetmap.org-access.log combined
ErrorLog /var/log/apache2/apis.dev.openstreetmap.org-error.log
+
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+ RedirectPermanent / https://apis.dev.openstreetmap.org/
diff --git a/cookbooks/dev/templates/default/apache.rails.erb b/cookbooks/dev/templates/default/apache.rails.erb
index 7301fd834..4eab0d2ee 100644
--- a/cookbooks/dev/templates/default/apache.rails.erb
+++ b/cookbooks/dev/templates/default/apache.rails.erb
@@ -1,22 +1,40 @@
# DO NOT EDIT - This file is being maintained by Chef
-
+
ServerName <%= @name %>
<% @aliases.each do |alias_name| -%>
ServerAlias <%= alias_name %>
<% end -%>
ServerAdmin webmaster@openstreetmap.org
- DocumentRoot /srv/<%= @name %>/public
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
CustomLog /var/log/apache2/<%= @name %>-access.log combined
ErrorLog /var/log/apache2/<%= @name %>-error.log
+ DocumentRoot /srv/<%= @name %>/public
+
RailsEnv production
SetEnv SECRET_KEY_BASE <%= @secret_key_base %>
+
+ ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+ ServerAdmin webmaster@openstreetmap.org
+
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+ RedirectPermanent / https://<%= @name %>/
+
+
/public>
Require all granted
diff --git a/cookbooks/dev/templates/default/apis.html.erb b/cookbooks/dev/templates/default/apis.html.erb
index e22635082..d630014cb 100644
--- a/cookbooks/dev/templates/default/apis.html.erb
+++ b/cookbooks/dev/templates/default/apis.html.erb
@@ -14,7 +14,7 @@ for testing clients against or as a data sandbox.
<% node[:dev][:rails].each do |name,details| -%>
-<%= name %> |
+<%= name %> |
<%= details[:repository] %> |
<%= details[:revision] %> |