From: Tom Hughes <tom@compton.nu>
Date: Mon, 13 Apr 2020 08:11:07 +0000 (+0100)
Subject: Give each nominatim server it's own SSL certificate
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/775c7f7346d6fcd32e87aed36c394031bce700da

Give each nominatim server it's own SSL certificate

This allows us to include the server name so that we can query
specific servers when debugging.
---

diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 8d10a4b93..76f7cdced 100644
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -360,8 +360,9 @@ systemd_service "apache-nominatim" do
   notifies :restart, "service[apache2]"
 end
 
-ssl_certificate "nominatim.openstreetmap.org" do
-  domains ["nominatim.openstreetmap.org",
+ssl_certificate node[:fqdn] do
+  domains [node[:fqdn],
+           "nominatim.openstreetmap.org",
            "nominatim.osm.org",
            "nominatim.openstreetmap.com",
            "nominatim.openstreetmap.net",