Switch donate.osm.org to letsencrypt

author Tom Hughes <tom@compton.nu>

Sat, 11 Feb 2017 20:33:34 +0000 (20:33 +0000)

committer Tom Hughes <tom@compton.nu>

Sat, 11 Feb 2017 20:33:34 +0000 (20:33 +0000)
author Tom Hughes <tom@compton.nu>
Sat, 11 Feb 2017 20:33:34 +0000 (20:33 +0000)
committer Tom Hughes <tom@compton.nu>
Sat, 11 Feb 2017 20:33:34 +0000 (20:33 +0000)
diff --git a/cookbooks/donate/recipes/default.rb b/cookbooks/donate/recipes/default.rb

index b354a335aa5bf578ba72b6cdc50729a7ec2a24af..1c0a436f0266f873a27f36d187691bfb499f3872 100644 (file)
--- a/cookbooks/donate/recipes/default.rb
+++ b/cookbooks/donate/recipes/default.rb
@@ -82,6 +82,12 @@ template "/srv/donate.openstreetmap.org/scripts/db-connect.inc.php" do
    variables :passwords => passwords
  end
  
+ssl_certificate "donate.openstreetmap.org" do
+  domains ["donate.openstreetmap.org", "donate.openstreetmap.com",
+           "donate.openstreetmap.net", "donate.osm.org"]
+  notifies :reload, "service[apache2]"
+end
+
  apache_site "donate.openstreetmap.org" do
    template "apache.erb"
  end
diff --git a/cookbooks/donate/templates/default/apache.erb b/cookbooks/donate/templates/default/apache.erb

index 20f00e10cde85367f6f194f211fc581469324229..9404ad13ad03e2f6f676fede00989b78087a4957 100644 (file)
--- a/cookbooks/donate/templates/default/apache.erb
+++ b/cookbooks/donate/templates/default/apache.erb
@@ -3,40 +3,29 @@
  <% [80, 443].each do |port| -%>
  <VirtualHost *:<%= port %>>
  
-       ServerName donate.openstreetmap.org
+  ServerName donate.openstreetmap.org
    ServerAlias donate.openstreetmap.com
    ServerAlias donate.openstreetmap.net
-       ServerAlias donate.osm.org
-  ServerAlias donate.osm.org.za
-  ServerAlias donate.openstreetmap.org.za
-  ServerAlias donate.openstreetmap.org.uk
-  ServerAlias donate.openstreetmap.co.uk
+  ServerAlias donate.osm.org
  
-       ServerAdmin webmaster@openstreetmap.org
+  ServerAdmin webmaster@openstreetmap.org
  
  <% if port == 80 -%>
-   # Redirect to secure site
-   Redirect permanent / https://donate.openstreetmap.org/
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+  RedirectPermanent / https://donate.openstreetmap.org/
  <% end -%>
  <% if port == 443 -%>
-   #
-   # Enable SSL
-   #
-   SSLEngine on
-   SSLCertificateFile /etc/ssl/certs/openstreetmap.pem
-   SSLCertificateKeyFile /etc/ssl/private/openstreetmap.key
-   SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
-
-   # HSTS (mod_headers is required)
-   Header always set Strict-Transport-Security "max-age=300"
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/donate.openstreetmap.org.pem
+  SSLCertificateKeyFile /etc/ssl/private/donate.openstreetmap.org.key
  <% end -%>
  
-       CustomLog /var/log/apache2/donate.openstreetmap.org-access.log combined
-       ErrorLog /var/log/apache2/donate.openstreetmap.org-error.log
+  CustomLog /var/log/apache2/donate.openstreetmap.org-access.log combined
+  ErrorLog /var/log/apache2/donate.openstreetmap.org-error.log
  
-       Options -Indexes
+  Options -Indexes
  
-       DocumentRoot /srv/donate.openstreetmap.org
+  DocumentRoot /srv/donate.openstreetmap.org
  
    php_admin_value open_basedir /srv/donate.openstreetmap.org/:/usr/share/php/:/tmp/
    php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
author	Tom Hughes <tom@compton.nu>
	Sat, 11 Feb 2017 20:33:34 +0000 (20:33 +0000)
committer	Tom Hughes <tom@compton.nu>
	Sat, 11 Feb 2017 20:33:34 +0000 (20:33 +0000)
cookbooks/donate/recipes/default.rb		patch \| blob \| history
cookbooks/donate/templates/default/apache.erb		patch \| blob \| history