Generate letsencrypt certificates for mediawiki sites

[chef.git] / cookbooks / mediawiki / templates / default / apache.erb

diff --git a/cookbooks/mediawiki/templates/default/apache.erb b/cookbooks/mediawiki/templates/default/apache.erb
index 0bedf21248d758bc8932c006c47e3761c42cf7e9..a3cb02ad1d926c213f22c324f14dd304509e62dc 100644 (file)
--- a/cookbooks/mediawiki/templates/default/apache.erb
+++ b/cookbooks/mediawiki/templates/default/apache.erb
@@ -21,6 +21,10 @@
 
   DocumentRoot <%= @directory %>
 
+<% if @ssl_enabled -%>
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+<% end -%>
+
   php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/
   #php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
   php_value memory_limit 128M
@@ -28,6 +32,13 @@
   php_value upload_max_filesize 70M
   php_value post_max_size 100M
 
+  RewriteCond %{SERVER_NAME} !=<%= @name %>
+<% if port == 443 -%>
+  RewriteRule ^/(.*)$ https://<%= @name %>/$1 [R=permanent]
+<% else -%>
+  RewriteRule ^/(.*)$ http://<%= @name %>/$1 [R=permanent]
+<% end -%>
+
   RedirectMatch 301 ^/$                           /wiki/Main_Page
 
   #Historical Compatibility Links
@@ -50,6 +61,7 @@
   RewriteCond %{REQUEST_URI} !^/api\.php$
   RewriteCond %{REQUEST_URI} !^/opensearch_desc\.php$
   RewriteCond %{REQUEST_URI} !^/server-status
+  RewriteCond %{REQUEST_URI} !^/.well-known/
   RewriteCond %{LA-U:REQUEST_FILENAME} !-f
   RewriteCond %{LA-U:REQUEST_FILENAME} !-d
   RewriteRule ^/(.*) /wiki/$1 [R,L]