Switch nominatim.osm.org to letsencrypt

[chef.git] / cookbooks / nominatim / recipes / default.rb

diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 2bf8e35de9bd00311a69d88c529133d2496960e2..b7954af92eedeb6b7fa35910843bd290835b7b21 100644 (file)
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -331,6 +331,17 @@ node[:nominatim][:fpm_pools].each do |name, data|
   end
 end
 
+ssl_certificate "nominatim.openstreetmap.org" do
+  domains ["nominatim.openstreetmap.org",
+           "nominatim.osm.org",
+           "nominatim.openstreetmap.com",
+           "nominatim.openstreetmap.net",
+           "nominatim.openstreetmaps.org",
+           "nominatim.openmaps.org"]
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site "nominatim.openstreetmap.org" do
   template "apache.erb"
   directory build_directory
@@ -351,7 +362,7 @@ end
 include_recipe "fail2ban"
 
 fail2ban_filter "nominatim" do
-  failregex '^<HOST> - - \[[^]]+\] "[^"]+" 429 '
+  failregex '^<HOST> - - \[\] "[^"]+" 429 '
 end
 
 fail2ban_jail "nominatim" do