Redirect http to https for nominatim

diff --git a/cookbooks/nominatim/templates/default/apache.erb b/cookbooks/nominatim/templates/default/apache.erb
index 39fa83289506f9b0f133b94c1b052ccb1a6a7922..5cda3e4674e3233ec714c375261c6170f4139ad3 100644 (file)
--- a/cookbooks/nominatim/templates/default/apache.erb
+++ b/cookbooks/nominatim/templates/default/apache.erb
@@ -1,7 +1,6 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
 # DO NOT EDIT - This file is being maintained by Chef
 

-<% [80, 443].each do |port| -%>
-<VirtualHost *:<%= port %>>
+<VirtualHost *:443>

     ServerName <%= node[:fqdn] %>
     ServerAlias nominatim.openstreetmap.org
     ServerAlias nominatim.osm.org
     ServerName <%= node[:fqdn] %>
     ServerAlias nominatim.openstreetmap.org
     ServerAlias nominatim.osm.org


@@ -11,16 +10,11 @@
     ServerAlias nominatim.openmaps.org
     ServerAdmin webmaster@openstreetmap.org
 
     ServerAlias nominatim.openmaps.org
     ServerAdmin webmaster@openstreetmap.org
 

-<% if port == 443 -%>

     # Enable SSL
     SSLEngine on
     SSLProxyEngine on
     SSLCertificateFile /etc/ssl/certs/nominatim.openstreetmap.org.pem
     SSLCertificateKeyFile /etc/ssl/private/nominatim.openstreetmap.org.key
     # Enable SSL
     SSLEngine on
     SSLProxyEngine on
     SSLCertificateFile /etc/ssl/certs/nominatim.openstreetmap.org.pem
     SSLCertificateKeyFile /etc/ssl/private/nominatim.openstreetmap.org.key

-<% else -%>
-    # Redirect ACME challenges for certificate issuance
-    RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
-<% end -%>

 
     # Remove Proxy request header to mitigate https://httpoxy.org/
     RequestHeader unset Proxy early
 
     # Remove Proxy request header to mitigate https://httpoxy.org/
     RequestHeader unset Proxy early


@@ -67,7 +61,21 @@
     RewriteMap bulklist txt:<%= @directory %>/settings/ip_blocks.map
     RewriteRule ^/(search|reverse|lookup)(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|www}/$1.php$3 [PT]
     RewriteRule ^/details(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|details}/details.php$2 [PT]
     RewriteMap bulklist txt:<%= @directory %>/settings/ip_blocks.map
     RewriteRule ^/(search|reverse|lookup)(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|www}/$1.php$3 [PT]
     RewriteRule ^/details(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|details}/details.php$2 [PT]

-

 </VirtualHost>
 
 </VirtualHost>
 

-<% end -%>
+<VirtualHost *:80>
+    ServerName <%= node[:fqdn] %>
+    ServerAlias nominatim.openstreetmap.org
+    ServerAlias nominatim.osm.org
+    ServerAlias nominatim.openstreetmap.com
+    ServerAlias nominatim.openstreetmap.net
+    ServerAlias nominatim.openstreetmaps.org
+    ServerAlias nominatim.openmaps.org
+    ServerAdmin webmaster@openstreetmap.org
+
+    CustomLog <%= node[:nominatim][:logdir] %>/nominatim.openstreetmap.org-access.log combined
+    ErrorLog /var/log/apache2/nominatim.openstreetmap.org-error.log
+
+    RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+    RedirectPermanent / https://nominatim.openstreetmap.org/
+</VirtualHost>