Increase HSTS expiry

[chef.git] / cookbooks / trac / templates / default / apache.erb

diff --git a/cookbooks/trac/templates/default/apache.erb b/cookbooks/trac/templates/default/apache.erb
index eb53ae7ecb3d0ec51dd4fb4b1e14abd5a728b97d..ad9429bb1683aa795bb483794d70b195e01c3c98 100644 (file)
--- a/cookbooks/trac/templates/default/apache.erb
+++ b/cookbooks/trac/templates/default/apache.erb
@@ -9,6 +9,7 @@ WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> maximum-req
         CustomLog /var/log/apache2/<%= @name %>-access.log combined
         ErrorLog /var/log/apache2/<%= @name %>-error.log
 
+        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
         RedirectPermanent / https://<%= @name %>/
 </VirtualHost>
 
@@ -16,6 +17,10 @@ WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> maximum-req
         ServerName <%= @name %>
         ServerAdmin webmaster@openstreetmap.org
 
+        SSLEngine on
+        SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+        SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
         CustomLog /var/log/apache2/<%= @name %>-access.log combined
         ErrorLog /var/log/apache2/<%= @name %>-error.log
 
@@ -34,6 +39,12 @@ WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> maximum-req
                AuthExternal osm
                Require valid-user
        </Location>
-
-        SSLEngine on
 </VirtualHost>
+
+<Directory <%= @directory %>/htdocs>
+       Require all granted
+</Directory>
+
+<Directory <%= @directory %>/cgi-bin>
+       Require all granted
+</Directory>