]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/donate/templates/default/apache.erb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Switch donate.osm.org to letsencrypt
[chef.git] / cookbooks / donate / templates / default / apache.erb
diff --git a/cookbooks/donate/templates/default/apache.erb b/cookbooks/donate/templates/default/apache.erb
index df3a98bd37d95c4ea767080970242b2388edea1a..9404ad13ad03e2f6f676fede00989b78087a4957 100644 (file)
--- a/cookbooks/donate/templates/default/apache.erb
+++ b/cookbooks/donate/templates/default/apache.erb
@@ -3,37 +3,29 @@
 <% [80, 443].each do |port| -%>
 <VirtualHost *:<%= port %>>
 
-       ServerName donate.openstreetmap.org
+  ServerName donate.openstreetmap.org
   ServerAlias donate.openstreetmap.com
   ServerAlias donate.openstreetmap.net
-       ServerAlias donate.osm.org
-  ServerAlias donate.osm.org.za
-  ServerAlias donate.openstreetmap.org.za
-  ServerAlias donate.openstreetmap.org.uk
-  ServerAlias donate.openstreetmap.co.uk
+  ServerAlias donate.osm.org
 
-       ServerAdmin webmaster@openstreetmap.org
+  ServerAdmin webmaster@openstreetmap.org
 
 <% if port == 80 -%>
-   # Redirect to secure site
-   Redirect permanent / https://donate.openstreetmap.org
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+  RedirectPermanent / https://donate.openstreetmap.org/
 <% end -%>
 <% if port == 443 -%>
-   #
-   # Enable SSL
-   #
-   SSLEngine on
-
-   # HSTS (mod_headers is required)
-   Header always set Strict-Transport-Security "max-age=300"
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/donate.openstreetmap.org.pem
+  SSLCertificateKeyFile /etc/ssl/private/donate.openstreetmap.org.key
 <% end -%>
 
-       CustomLog /var/log/apache2/donate.openstreetmap.org-access.log combined
-       ErrorLog /var/log/apache2/donate.openstreetmap.org-error.log
+  CustomLog /var/log/apache2/donate.openstreetmap.org-access.log combined
+  ErrorLog /var/log/apache2/donate.openstreetmap.org-error.log
 
-       Options -Indexes
+  Options -Indexes
 
-       DocumentRoot /srv/donate.openstreetmap.org
+  DocumentRoot /srv/donate.openstreetmap.org
 
   php_admin_value open_basedir /srv/donate.openstreetmap.org/:/usr/share/php/:/tmp/
   php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
@@ -71,8 +63,15 @@
 
   # Enable deflate compression on .csv files if possible
   <IfModule mod_deflate.c>
+    DeflateCompressionLevel 9
     AddOutputFilterByType DEFLATE text/csv
   </IfModule>
+
+  <IfModule mod_expires.c>
+    ExpiresDefault "access plus 15 minutes"
+    ExpiresByType text/html "access plus 5 minutes"
+    ExpiresByType text/csv "access plus 1 minute"
+  </IfModule>
 </VirtualHost>
 
 <% end -%>
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.