Switch help.osm.org to letsencrypt

[chef.git] / cookbooks / osqa / templates / default / apache.erb

diff --git a/cookbooks/osqa/templates/default/apache.erb b/cookbooks/osqa/templates/default/apache.erb
index 71d339dfda9a3803e7049ae4d87bea4a3479537b..71ae69b7bd176b73c8719ec5d2c68fcfd541a31e 100644 (file)
--- a/cookbooks/osqa/templates/default/apache.erb
+++ b/cookbooks/osqa/templates/default/apache.erb
@@ -9,6 +9,7 @@ WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> processes=4
         CustomLog /var/log/apache2/<%= @name %>-access.log combined
         ErrorLog /var/log/apache2/<%= @name %>-error.log
 
+        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
         RedirectPermanent / https://<%= @name %>/
 </VirtualHost>
 
@@ -17,19 +18,25 @@ WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> processes=4
         ServerAdmin webmaster@openstreetmap.org
 
         SSLEngine on
+        SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+        SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
         CustomLog /var/log/apache2/<%= @name %>-access.log combined
         ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-        DocumentRoot <%= @directory %>
-        Alias /m/ <%= @directory %>/forum/skins/
-        Alias /upfiles/ <%= @directory %>/forum/upfiles/
+        DocumentRoot <%= @directory %>/osqa
+        Alias /m/ <%= @directory %>/osqa/forum/skins/
+        Alias /upfiles/ <%= @directory %>/upfiles/
         Alias /admin_media/ /usr/share/pyshared/django/contrib/admin/media/
-        WSGIScriptAlias / <%= @directory %>/osqa.wsgi
+        WSGIScriptAlias / <%= @directory %>/osqa/osqa.wsgi
 
         WSGIProcessGroup <%= @name %>
 </VirtualHost>
 
-<Directory <%= @directory %>>
+<Directory <%= @directory %>/osqa>
+       Require all granted
+</Directory>
+
+<Directory <%= @directory %>/upfiles>
        Require all granted
 </Directory>