Switch operations.osmfoundation.org to letsencrypt

author Tom Hughes <tom@compton.nu>

Sat, 11 Feb 2017 17:50:10 +0000 (17:50 +0000)

committer Tom Hughes <tom@compton.nu>

Sat, 11 Feb 2017 17:50:10 +0000 (17:50 +0000)
author Tom Hughes <tom@compton.nu>
Sat, 11 Feb 2017 17:50:10 +0000 (17:50 +0000)
committer Tom Hughes <tom@compton.nu>
Sat, 11 Feb 2017 17:50:10 +0000 (17:50 +0000)
diff --git a/cookbooks/foundation/recipes/owg.rb b/cookbooks/foundation/recipes/owg.rb

index 75d332063fb016d638f6354118c679f86d68bd5b..a34a16f2a2b2ba174c19c0e739851449f83bfc63 100644 (file)
--- a/cookbooks/foundation/recipes/owg.rb
+++ b/cookbooks/foundation/recipes/owg.rb
@@ -56,6 +56,12 @@ execute "/srv/operations.osmfoundation.org" do
    group "nogroup"
  end
  
    group "nogroup"
  end
  
+ssl_certificate "operations.osmfoundation.org" do
+  domains "operations.osmfoundation.org"
+  fallback_certificate "osmfoundation"
+  notifies :reload, "service[apache2]"
+end
+
  apache_site "operations.osmfoundation.org" do
    template "apache.owg.erb"
    directory "/srv/operations.osmfoundation.org/_site"
  apache_site "operations.osmfoundation.org" do
    template "apache.owg.erb"
    directory "/srv/operations.osmfoundation.org/_site"
diff --git a/cookbooks/foundation/templates/default/apache.owg.erb b/cookbooks/foundation/templates/default/apache.owg.erb

index 1cb0fe44c6c43972d90b0a344b63e969de029392..1e40674c69ec3a1f6062a5d286b0731fa42b5fa6 100644 (file)
--- a/cookbooks/foundation/templates/default/apache.owg.erb
+++ b/cookbooks/foundation/templates/default/apache.owg.erb
@@ -1,25 +1,28 @@
  # DO NOT EDIT - This file is being maintained by Chef
  
  # DO NOT EDIT - This file is being maintained by Chef
  
-<VirtualHost *:80>
+<VirtualHost *:443>
     ServerName <%= @name %>
     ServerAdmin webmaster@openstreetmap.org
  
     CustomLog /var/log/apache2/<%= @name %>-access.log combined
     ErrorLog /var/log/apache2/<%= @name %>-error.log
  
     ServerName <%= @name %>
     ServerAdmin webmaster@openstreetmap.org
  
     CustomLog /var/log/apache2/<%= @name %>-access.log combined
     ErrorLog /var/log/apache2/<%= @name %>-error.log
  
-   Redirect permanent / https://<%= @name %>/
+   SSLEngine on
+   SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+   SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+   DocumentRoot <%= @directory %>
  </VirtualHost>
  
  </VirtualHost>
  
-<VirtualHost *:443>
+<VirtualHost *:80>
     ServerName <%= @name %>
     ServerAdmin webmaster@openstreetmap.org
  
     CustomLog /var/log/apache2/<%= @name %>-access.log combined
     ErrorLog /var/log/apache2/<%= @name %>-error.log
  
     ServerName <%= @name %>
     ServerAdmin webmaster@openstreetmap.org
  
     CustomLog /var/log/apache2/<%= @name %>-access.log combined
     ErrorLog /var/log/apache2/<%= @name %>-error.log
  
-   DocumentRoot <%= @directory %>
-
-   SSLEngine on
+   RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+   RedirectPermanent / https://<%= @name %>/
  </VirtualHost>
  
  <Directory <%= @directory %>>
  </VirtualHost>
  
  <Directory <%= @directory %>>
diff --git a/cookbooks/ssl/resources/certificate.rb b/cookbooks/ssl/resources/certificate.rb

index 92dbcc32347655f11479d657db2fa1f8b33811c6..01eedd80ca2dbb4c7dd3bb40bd73d2a9bf428a83 100644 (file)
--- a/cookbooks/ssl/resources/certificate.rb
+++ b/cookbooks/ssl/resources/certificate.rb
@@ -20,12 +20,12 @@
  default_action :create
  
  property :name, String
  default_action :create
  
  property :name, String
-property :domains, Array, :required => true
+property :domains, [String, Array], :required => true
  property :fallback_certificate, String
  
  action :create do
    node.default[:letsencrypt][:certificates][name] = {
  property :fallback_certificate, String
  
  action :create do
    node.default[:letsencrypt][:certificates][name] = {
-    :domains => domains
+    :domains => Array(domains)
    }
  
    if letsencrypt
    }
  
    if letsencrypt
@@ -64,7 +64,7 @@ action :create do
        owner "root"
        group "root"
        mode 0o644
        owner "root"
        group "root"
        mode 0o644
-      variables :domains => new_resource.domains
+      variables :domains => Array(new_resource.domains)
        not_if do
          ::File.exist?("/etc/ssl/certs/#{new_resource.name}.pem") && ::File.exist?("/etc/ssl/private/#{new_resource.name}.key")
        end
        not_if do
          ::File.exist?("/etc/ssl/certs/#{new_resource.name}.pem") && ::File.exist?("/etc/ssl/private/#{new_resource.name}.key")
        end
author	Tom Hughes <tom@compton.nu>
	Sat, 11 Feb 2017 17:50:10 +0000 (17:50 +0000)
committer	Tom Hughes <tom@compton.nu>
	Sat, 11 Feb 2017 17:50:10 +0000 (17:50 +0000)
cookbooks/foundation/recipes/owg.rb		patch \| blob \| history
cookbooks/foundation/templates/default/apache.owg.erb		patch \| blob \| history
cookbooks/ssl/resources/certificate.rb		patch \| blob \| history