From: Tom Hughes Date: Mon, 13 Feb 2017 19:24:42 +0000 (+0000) Subject: Enable SSL for dev apis X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/492559ef865a09dba696babf6178a05b33cc2eb8?ds=sidebyside Enable SSL for dev apis --- diff --git a/cookbooks/dev/recipes/default.rb b/cookbooks/dev/recipes/default.rb index 3c5dafe25..aefd6594d 100644 --- a/cookbooks/dev/recipes/default.rb +++ b/cookbooks/dev/recipes/default.rb @@ -20,7 +20,7 @@ require "yaml" require "securerandom" -include_recipe "apache" +include_recipe "apache::ssl" include_recipe "passenger" include_recipe "git" include_recipe "mysql" @@ -201,6 +201,11 @@ if node[:postgresql][:clusters][:"9.5/main"] notifies :run, "execute[#{rails_directory}]" end + ssl_certificate site_name do + domains [site_name] + site_aliases + notifies :reload, "service[apache2]" + end + apache_site site_name do template "apache.rails.erb" variables :name => site_name, :aliases => site_aliases, :secret_key_base => secret_key_base @@ -241,6 +246,11 @@ if node[:postgresql][:clusters][:"9.5/main"] mode 0o644 end + ssl_certificate "apis.dev.openstreetmap.org" do + domains "apis.dev.openstreetmap.org" + notifies :reload, "service[apache2]" + end + apache_site "apis.dev.openstreetmap.org" do template "apache.apis.erb" end diff --git a/cookbooks/dev/templates/default/apache.apis.erb b/cookbooks/dev/templates/default/apache.apis.erb index 1afec5c93..c1eddbdb2 100644 --- a/cookbooks/dev/templates/default/apache.apis.erb +++ b/cookbooks/dev/templates/default/apache.apis.erb @@ -1,13 +1,28 @@ # DO NOT EDIT - This file is being maintained by Chef - + ServerName apis.dev.openstreetmap.org ServerAdmin webmaster@openstreetmap.org + SSLEngine on + SSLCertificateFile /etc/ssl/certs/apis.dev.openstreetmap.org.pem + SSLCertificateKeyFile /etc/ssl/private/apis.dev.openstreetmap.org.key + + CustomLog /var/log/apache2/apis.dev.openstreetmap.org-access.log combined + ErrorLog /var/log/apache2/apis.dev.openstreetmap.org-error.log + DocumentRoot /srv/apis.dev.openstreetmap.org + + + + ServerName apis.dev.openstreetmap.org + ServerAdmin webmaster@openstreetmap.org CustomLog /var/log/apache2/apis.dev.openstreetmap.org-access.log combined ErrorLog /var/log/apache2/apis.dev.openstreetmap.org-error.log + + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://apis.dev.openstreetmap.org/ diff --git a/cookbooks/dev/templates/default/apache.rails.erb b/cookbooks/dev/templates/default/apache.rails.erb index 7301fd834..4eab0d2ee 100644 --- a/cookbooks/dev/templates/default/apache.rails.erb +++ b/cookbooks/dev/templates/default/apache.rails.erb @@ -1,22 +1,40 @@ # DO NOT EDIT - This file is being maintained by Chef - + ServerName <%= @name %> <% @aliases.each do |alias_name| -%> ServerAlias <%= alias_name %> <% end -%> ServerAdmin webmaster@openstreetmap.org - DocumentRoot /srv/<%= @name %>/public + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log + DocumentRoot /srv/<%= @name %>/public + RailsEnv production SetEnv SECRET_KEY_BASE <%= @secret_key_base %> + + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ + + /public> Require all granted diff --git a/cookbooks/dev/templates/default/apis.html.erb b/cookbooks/dev/templates/default/apis.html.erb index e22635082..d630014cb 100644 --- a/cookbooks/dev/templates/default/apis.html.erb +++ b/cookbooks/dev/templates/default/apis.html.erb @@ -14,7 +14,7 @@ for testing clients against or as a data sandbox.

<% node[:dev][:rails].each do |name,details| -%> -<%= name %> +<%= name %> <%= details[:repository] %> <%= details[:revision] %>