Enable https access to private git repositories
[chef.git] / cookbooks / chef / templates / default / apache.erb
1 # DO NOT EDIT - This file is being maintained by Chef
2
3 <VirtualHost *:80>
4         ServerName chef.openstreetmap.org
5         ServerAlias chef.osm.org
6         ServerAdmin webmaster@openstreetmap.org
7
8         CustomLog /var/log/apache2/chef.openstreetmap.org-access.log combined
9         ErrorLog /var/log/apache2/chef.openstreetmap.org-error.log
10
11         RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
12         Redirect permanent / https://chef.openstreetmap.org/
13 </VirtualHost>
14
15 <VirtualHost *:443>
16         ServerName chef.openstreetmap.org
17         ServerAdmin webmaster@openstreetmap.org
18
19         CustomLog /var/log/apache2/chef.openstreetmap.org-access.log combined
20         ErrorLog /var/log/apache2/chef.openstreetmap.org-error.log
21
22         DocumentRoot /var/lib/git
23
24         SSLEngine on
25         SSLProxyEngine on
26         SSLCertificateFile /etc/ssl/certs/chef.openstreetmap.org.pem
27         SSLCertificateKeyFile /etc/ssl/private/chef.openstreetmap.org.key
28
29         ProxyPassMatch ^/.*\.git/ !
30         ProxyPass / https://<%= node[:fqdn] %>:4443/
31         ProxyPreserveHost on
32 </VirtualHost>
33
34 <Directory /var/lib/git>
35         Require ip <%= @git_allowed.sort.join(" ") %>
36 </Directory>