Enable SSL for dns.osm.org

[chef.git] / cookbooks / dns / templates / default / apache.erb

diff --git a/cookbooks/dns/templates/default/apache.erb b/cookbooks/dns/templates/default/apache.erb
index 478ca4262da556830c7ab5ace8169eb5ed72c6fd..fd555e886cf67f7c92c815a789bbb927fe19f53f 100644 (file)
--- a/cookbooks/dns/templates/default/apache.erb
+++ b/cookbooks/dns/templates/default/apache.erb
@@ -7,6 +7,29 @@
        CustomLog /var/log/apache2/<%= @name %>-access.log combined
        ErrorLog /var/log/apache2/<%= @name %>-error.log
 
+        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+        RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
+
+<VirtualHost *:443>
+       ServerName <%= @name %>
+       ServerAdmin webmaster@openstreetmap.org
+
+        SSLEngine on
+        SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+        SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+       CustomLog /var/log/apache2/<%= @name %>-access.log combined
+       ErrorLog /var/log/apache2/<%= @name %>-error.log
+
        DocumentRoot <%= @directory %>/html
        Alias /json/ /var/lib/dns/json/
 </VirtualHost>
+
+<Directory <%= @directory %>/html>
+       Require all granted
+</Directory>
+
+<Directory /var/lib/dns/json>
+       Require all granted
+</Directory>