web_passwords = data_bag_item("web", "passwords")
db_passwords = data_bag_item("db", "passwords")
+ssl_certificate "www.openstreetmap.org" do
+ domains ["www.openstreetmap.org", "www.osm.org",
+ "api.openstreetmap.org", "api.osm.org",
+ "openstreetmap.org", "osm.org"]
+ fallback_certificate "openstreetmap"
+ notifies :reload, "service[apache2]"
+end
+
nodejs_package "svgo"
template "/etc/cron.hourly/passenger" do
#
SSLEngine on
SSLProxyEngine on
+ SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem
+ SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key
<% end -%>
#
# Block changeset scraper
#
RewriteCond %{HTTP_USER_AGENT} "OSMApp Tuner"
- RewriteRule . - [F,L]
+ RewriteRule . - [F,L]
#
# Block requests for the old 404 map tile
ProxyPass /api/0.6/relations balancer://backend/api/0.6/relations
ProxyPassMatch ^(/trace/[0-9]+/data(|/|.xml))$ balancer://backend$1
+ #
+ # Redirect ACME certificate challenges
+ #
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+
#
# Redirect trac and wiki requests to the right places
#
ServerAlias *
SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem
+ SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key
RedirectPermanent / https://www.openstreetmap.org/
</VirtualHost>
projects / chef.git / commitdiff