From: Tom Hughes Date: Mon, 13 Feb 2017 15:36:45 +0000 (+0000) Subject: Switch hardware.osm.org to letsencrypt X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/b57f37f64b088b5bb313eb2782127e0d25cea007?ds=sidebyside Switch hardware.osm.org to letsencrypt --- diff --git a/cookbooks/serverinfo/recipes/default.rb b/cookbooks/serverinfo/recipes/default.rb index e68620f7b..f38283fc9 100644 --- a/cookbooks/serverinfo/recipes/default.rb +++ b/cookbooks/serverinfo/recipes/default.rb @@ -66,6 +66,12 @@ execute "/srv/hardware.openstreetmap.org" do group "nogroup" end +ssl_certificate "hardware.openstreetmap.org" do + domains "hardware.openstreetmap.org" + fallback_certificate "openstreetmap" + notifies :reload, "service[apache2]" +end + apache_site "hardware.openstreetmap.org" do template "apache.erb" directory "/srv/hardware.openstreetmap.org/_site" diff --git a/cookbooks/serverinfo/templates/default/apache.erb b/cookbooks/serverinfo/templates/default/apache.erb index 1cb0fe44c..04e4a6797 100644 --- a/cookbooks/serverinfo/templates/default/apache.erb +++ b/cookbooks/serverinfo/templates/default/apache.erb @@ -7,6 +7,7 @@ CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ Redirect permanent / https://<%= @name %>/ @@ -17,9 +18,11 @@ CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log - DocumentRoot <%= @directory %> - SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + DocumentRoot <%= @directory %> >