supports "ubuntu"
depends "networking"
depends "ssl"
+depends "apache"
append true
end
-openssl_x509_certificate "/etc/ssl/certs/exim.pem" do
- key_file "/etc/ssl/private/exim.key"
- owner "root"
- group "ssl-cert"
- mode 0o640
- org "OpenStreetMap"
- email "postmaster@openstreetmap.org"
- common_name node[:fqdn]
- expire 3650
+if node[:exim][:certificate_names]
+ include_recipe "apache"
+
+ apache_site node[:exim][:certificate_names].first do
+ template "apache.erb"
+ variables :aliases => node[:exim][:certificate_names].drop(1)
+ end
+
+ ssl_certificate node[:exim][:certificate_names].first do
+ domains node[:exim][:certificate_names]
+ notifies :restart, "service[exim4]"
+ end
+else
+ openssl_x509_certificate "/etc/ssl/certs/exim.pem" do
+ key_file "/etc/ssl/private/exim.key"
+ owner "root"
+ group "ssl-cert"
+ mode 0o640
+ org "OpenStreetMap"
+ email "postmaster@openstreetmap.org"
+ common_name node[:fqdn]
+ expire 3650
+ notifies :restart, "service[exim4]"
+ end
end
service "exim4" do
action [:enable, :start]
supports :status => true, :restart => true, :reload => true
- subscribes :restart, "execute[/etc/ssl/certs/exim.pem]"
end
relay_to_domains = node[:exim][:relay_to_domains]
--- /dev/null
+# DO NOT EDIT - This file is being maintained by Chef
+
+<VirtualHost *:80>
+ ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+ ServerAdmin webmaster@openstreetmap.org
+
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+ RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
+<% unless @aliases.empty? -%>
+
+<VirtualHost *:443>
+ ServerName <%= @aliases.first %>
+<% @aliases.drop(1).each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+ ServerAdmin webmaster@openstreetmap.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+ RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
+<% end -%>
+
+<VirtualHost *:443>
+ ServerName <%= @name %>
+ ServerAdmin webmaster@openstreetmap.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
+</VirtualHost>
# need the first setting, or in separate files, in which case you need both
# options.
+<% if node[:exim][:certificate_names] -%>
+tls_certificate = /etc/ssl/certs/<%= node[:exim][:certificate_names].first %>.pem
+tls_privatekey = /etc/ssl/private/<%= node[:exim][:certificate_names].first %>.key
+<% else -%>
tls_certificate = /etc/ssl/certs/exim.pem
tls_privatekey = /etc/ssl/private/exim.key
+<% end -%>
# In order to support roaming users who wish to send email from anywhere,
# you may want to make Exim listen on other ports as well as port 25, in
"osm.io"
],
:daemon_smtp_ports => [25, 26],
+ :certificate_names => [
+ "mail.openstreetmap.org",
+ "a.mx.openstreetmap.org"
+ ],
:smarthost_name => "mail.openstreetmap.org",
:smarthost_via => false,
:dns_blacklists => ["zen.spamhaus.org"],
projects / chef.git / commitdiff