Switch git.osm.org to letsencrypt
authorTom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 10:36:08 +0000 (10:36 +0000)
committerTom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 10:36:08 +0000 (10:36 +0000)
cookbooks/git/recipes/web.rb
cookbooks/git/templates/default/apache.erb

index 5a59e1c4b5fa0c0c8f33ab764b439e5e08badd45..5d298e7ca8fe426aef038691ce69471522f324bd 100644 (file)
@@ -32,6 +32,12 @@ template "/etc/gitweb.conf" do
   mode 0o644
 end
 
+ssl_certificate node[:git][:host] do
+  domains node[:git][:host]
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site node[:git][:host] do
   template "apache.erb"
   directory git_directory
index e9bebd2ea46002511e1bc6e51c7c7a741f0ba348..21e0aa077d8dea19edfe6af165b615b250860617 100644 (file)
@@ -7,6 +7,7 @@
        CustomLog /var/log/apache2/<%= @name %>-access.log combined
        ErrorLog /var/log/apache2/<%= @name %>-error.log
 
+       RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
        RedirectPermanent / https://<%= @name %>/
 </VirtualHost>
 
@@ -15,6 +16,8 @@
        ServerAdmin webmaster@openstreetmap.org
 
        SSLEngine on
+       SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+       SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
        CustomLog /var/log/apache2/<%= @name %>-access.log combined
        ErrorLog /var/log/apache2/<%= @name %>-error.log