donate: attempt set of correct cert
authorGrant Slater <git@firefishy.com>
Wed, 21 Sep 2016 22:33:46 +0000 (23:33 +0100)
committerGrant Slater <git@firefishy.com>
Wed, 21 Sep 2016 22:33:46 +0000 (23:33 +0100)
cookbooks/donate/recipes/default.rb
cookbooks/donate/templates/default/apache.erb

index 66a1123..e1f6490 100644 (file)
@@ -17,6 +17,8 @@
 # limitations under the License.
 #
 
+node.default[:ssl][:certificates] = node[:ssl][:certificates] | ["openstreetmap"]
+
 include_recipe "apache::ssl"
 include_recipe "mysql"
 include_recipe "git"
@@ -64,6 +66,12 @@ git "/srv/donate.openstreetmap.org" do
   group "donate"
 end
 
+directory "/srv/donate.openstreetmap.org/data" do
+  owner "donate"
+  group "donate"
+  mode 0o755
+end
+
 apache_site "donate.openstreetmap.org" do
   template "apache.erb"
 end
index df3a98b..509cf3f 100644 (file)
@@ -23,6 +23,9 @@
    # Enable SSL
    #
    SSLEngine on
+   SSLCertificateFile /etc/ssl/certs/openstreetmap.pem
+   SSLCertificateKeyFile /etc/ssl/private/openstreetmap.key
+   SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
 
    # HSTS (mod_headers is required)
    Header always set Strict-Transport-Security "max-age=300"