Switch forum.osm.org to letsencrypt
authorTom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 11:05:29 +0000 (11:05 +0000)
committerTom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 11:05:29 +0000 (11:05 +0000)
cookbooks/forum/recipes/default.rb
cookbooks/forum/templates/default/apache.erb

index 58fa9a2..7130c17 100644 (file)
@@ -31,8 +31,10 @@ package "php-apcu"
 apache_module "php7.0"
 apache_module "rewrite"
 
-apache_site "default" do
-  action [:disable]
+ssl_certificate "forum.openstreetmap.org" do
+  domains ["forum.openstreetmap.org", "forum.osm.org"]
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
 end
 
 apache_site "forum.openstreetmap.org" do
index 4b3c844..ad7a36d 100644 (file)
@@ -8,35 +8,39 @@
        CustomLog /var/log/apache2/forum.openstreetmap.org-access.log combined
        ErrorLog /var/log/apache2/forum.openstreetmap.org-error.log
 
+       RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
        RedirectPermanent / https://forum.openstreetmap.org/
 </VirtualHost>
 
 <VirtualHost *:443>
        ServerName forum.openstreetmap.org
+       ServerAlias forum.osm.org
        ServerAdmin webmaster@openstreetmap.org
 
        SSLEngine on
+       SSLCertificateFile /etc/ssl/certs/forum.openstreetmap.org.pem
+       SSLCertificateKeyFile /etc/ssl/private/forum.openstreetmap.org.key
 
        CustomLog /var/log/apache2/forum.openstreetmap.org-access.log combined
        ErrorLog /var/log/apache2/forum.openstreetmap.org-error.log
 
        DocumentRoot /srv/forum.openstreetmap.org/html
 
-        php_admin_value open_basedir /srv/forum.openstreetmap.org/html/:/usr/share/php/:/tmp/
-        php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
-        php_value upload_max_filesize 70M
-        php_value post_max_size 100M
+       php_admin_value open_basedir /srv/forum.openstreetmap.org/html/:/usr/share/php/:/tmp/
+       php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
+       php_value upload_max_filesize 70M
+       php_value post_max_size 100M
 </VirtualHost>
 
 <Directory /srv/forum.openstreetmap.org/html>
-        RewriteEngine on
-        RewriteRule ^config\.php$ - [F,L]
+       RewriteEngine on
+       RewriteRule ^config\.php$ - [F,L]
 
-        Options -Indexes
+       Options -Indexes
 
-        Require all granted
+       Require all granted
 </Directory>
 
 <Directory /srv/forum.openstreetmap.org/html/img>
-        php_admin_flag engine off
+       php_admin_flag engine off
 </Directory>