From 93088ecf5f09c8d7383fccd4aa06fcf44cb4691a Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Tue, 25 Feb 2014 07:20:13 +0000 Subject: [PATCH] Teach wordpress cookbook about SSL. Enabled on blog --- cookbooks/blog/recipes/default.rb | 1 + .../wordpress/definitions/wordpress_site.rb | 7 ++++++- cookbooks/wordpress/recipes/default.rb | 2 +- .../wordpress/templates/default/apache.erb | 21 +++++++++++++++++++ 4 files changed, 29 insertions(+), 2 deletions(-) diff --git a/cookbooks/blog/recipes/default.rb b/cookbooks/blog/recipes/default.rb index b0ff4aec0..41970b977 100644 --- a/cookbooks/blog/recipes/default.rb +++ b/cookbooks/blog/recipes/default.rb @@ -31,6 +31,7 @@ wordpress_site "blog.openstreetmap.org" do aliases "blog.osm.org", "blog.openstreetmap.com", "blog.openstreetmap.net", "blog.openstreetmaps.org", "blog.osmfoundation.org" + ssl_enabled true directory "/srv/blog.openstreetmap.org/wp" database_name "osm-blog" database_user "osm-blog-user" diff --git a/cookbooks/wordpress/definitions/wordpress_site.rb b/cookbooks/wordpress/definitions/wordpress_site.rb index fcdf69485..1a3fa2423 100644 --- a/cookbooks/wordpress/definitions/wordpress_site.rb +++ b/cookbooks/wordpress/definitions/wordpress_site.rb @@ -19,6 +19,7 @@ define :wordpress_site, :action => [ :create, :enable ] do name = params[:name] + ssl_enabled = params[:ssl_enabled] || false aliases = Array(params[:aliases]) urls = Array(params[:urls]) directory = params[:directory] || "/srv/#{name}" @@ -85,6 +86,10 @@ define :wordpress_site, :action => [ :create, :enable ] do line += " * Don't allow file editing.\n" line += " */\n" line += "define('DISALLOW_FILE_EDIT', true);\n" + if ssl_enabled + line += "define('FORCE_SSL_LOGIN', true);\n" + line += "define('FORCE_SSL_ADMIN', true);\n" + end end line @@ -128,7 +133,7 @@ define :wordpress_site, :action => [ :create, :enable ] do cookbook "wordpress" template "apache.erb" directory directory - variables :aliases => aliases, :urls => urls + variables :aliases => aliases, :urls => urls, :ssl_enabled => ssl_enabled notifies :reload, "service[apache2]" end diff --git a/cookbooks/wordpress/recipes/default.rb b/cookbooks/wordpress/recipes/default.rb index 688dd189f..545025bcd 100644 --- a/cookbooks/wordpress/recipes/default.rb +++ b/cookbooks/wordpress/recipes/default.rb @@ -17,7 +17,7 @@ # limitations under the License. # -include_recipe "apache" +include_recipe "apache::ssl" include_recipe "chef::gems" include_recipe "mysql" diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb index 1af8f3bb3..90adc23a2 100644 --- a/cookbooks/wordpress/templates/default/apache.erb +++ b/cookbooks/wordpress/templates/default/apache.erb @@ -11,6 +11,27 @@ CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log + +<% if @ssl_enabled -%> + RedirectPermanent / https://<%= @name %>/ + + + ServerName <%= @name %> + <% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> + <% end -%> + + ServerAdmin webmaster@openstreetmap.org + + # + # Enable SSL + # + SSLEngine on + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log +<% end -%> + DocumentRoot <%= @directory %> <% @urls.each do |url,directory| -%> Alias <%= url %> <%= directory %> -- 2.39.5