Switch logstash.osm.org to letsencrypt

diff --git a/cookbooks/kibana/recipes/default.rb b/cookbooks/kibana/recipes/default.rb
index 160d3233c610b1abeed110ba304484785ebebb58..8c7db202f3f9a3ba5f9eb839e8553bb25cadff62 100644 (file)
--- a/cookbooks/kibana/recipes/default.rb
+++ b/cookbooks/kibana/recipes/default.rb
@@ -91,6 +91,12 @@ node[:kibana][:sites].each do |name, details|
     supports :status => true, :restart => true, :reload => false
   end
 
+  ssl_certificate details[:site] do
+    domains details[:site]
+    fallback_certificate "openstreetmap"
+    notifies :reload, "service[apache2]"
+  end
+
   apache_site details[:site] do
     template "apache.erb"
     variables details.merge(:passwd => "/etc/kibana/#{name}.passwd")

diff --git a/cookbooks/kibana/templates/default/apache.erb b/cookbooks/kibana/templates/default/apache.erb
index b9f50de53f3e81e18b1c0d4ef8eb82a7725ffea1..0691d8a315cfdc13ef1ac9984e4512a8159dfc6b 100644 (file)
--- a/cookbooks/kibana/templates/default/apache.erb
+++ b/cookbooks/kibana/templates/default/apache.erb
@@ -7,6 +7,7 @@
    CustomLog /var/log/apache2/<%= @site %>-access.log combined
    ErrorLog /var/log/apache2/<%= @site %>-error.log
 
+   RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
    Redirect permanent / https://<%= @site %>/
 </VirtualHost>
 
@@ -19,6 +20,8 @@
 
    SSLEngine on
    SSLProxyEngine on
+   SSLCertificateFile /etc/ssl/certs/<%= @site %>.pem
+   SSLCertificateKeyFile /etc/ssl/private/<%= @site %>.key
 
    ProxyPass / http://127.0.0.1:<%= @port %>/