From: Tom Hughes Date: Sun, 12 Feb 2017 10:29:03 +0000 (+0000) Subject: Switch trac to letsencrypt X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/74d900a73345c80ef4205d1d4c0a3e1b674dad4d Switch trac to letsencrypt --- diff --git a/cookbooks/trac/recipes/default.rb b/cookbooks/trac/recipes/default.rb index 6d42cb3a7..551f28e71 100644 --- a/cookbooks/trac/recipes/default.rb +++ b/cookbooks/trac/recipes/default.rb @@ -71,6 +71,12 @@ end apache_module "wsgi" +ssl_certificate "trac.openstreetmap.org" do + domains "trac.openstreetmap.org" + fallback_certificate "openstreetmap" + notifies :reload, "service[apache2]" +end + apache_site site_name do template "apache.erb" directory site_directory diff --git a/cookbooks/trac/templates/default/apache.erb b/cookbooks/trac/templates/default/apache.erb index f309b50f8..ad9429bb1 100644 --- a/cookbooks/trac/templates/default/apache.erb +++ b/cookbooks/trac/templates/default/apache.erb @@ -9,6 +9,7 @@ WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> maximum-req CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ RedirectPermanent / https://<%= @name %>/ @@ -17,6 +18,8 @@ WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> maximum-req ServerAdmin webmaster@openstreetmap.org SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log