Switch trac to letsencrypt
authorTom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 10:29:03 +0000 (10:29 +0000)
committerTom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 10:29:03 +0000 (10:29 +0000)
cookbooks/trac/recipes/default.rb
cookbooks/trac/templates/default/apache.erb

index 6d42cb3a79b33b363aff60561fa320e62d5f7064..551f28e71c0470aacfafc5a16e64b9e4fc98ae9c 100644 (file)
@@ -71,6 +71,12 @@ end
 
 apache_module "wsgi"
 
+ssl_certificate "trac.openstreetmap.org" do
+  domains "trac.openstreetmap.org"
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site site_name do
   template "apache.erb"
   directory site_directory
index f309b50f83724f6ae19e6a8ed5a93a65cebeb2d6..ad9429bb1683aa795bb483794d70b195e01c3c98 100644 (file)
@@ -9,6 +9,7 @@ WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> maximum-req
         CustomLog /var/log/apache2/<%= @name %>-access.log combined
         ErrorLog /var/log/apache2/<%= @name %>-error.log
 
+        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
         RedirectPermanent / https://<%= @name %>/
 </VirtualHost>
 
@@ -17,6 +18,8 @@ WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> maximum-req
         ServerAdmin webmaster@openstreetmap.org
 
         SSLEngine on
+        SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+        SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
         CustomLog /var/log/apache2/<%= @name %>-access.log combined
         ErrorLog /var/log/apache2/<%= @name %>-error.log