Switch piwik to letsencrypt

author Tom Hughes <tom@compton.nu>

Sat, 11 Feb 2017 17:28:26 +0000 (17:28 +0000)

committer Tom Hughes <tom@compton.nu>

Sat, 11 Feb 2017 17:33:09 +0000 (17:33 +0000)
author Tom Hughes <tom@compton.nu>
Sat, 11 Feb 2017 17:28:26 +0000 (17:28 +0000)
committer Tom Hughes <tom@compton.nu>
Sat, 11 Feb 2017 17:33:09 +0000 (17:33 +0000)
diff --git a/cookbooks/piwik/recipes/default.rb b/cookbooks/piwik/recipes/default.rb

index 444788003a00eaade90e3372b30795edc1539c57..8561491b246c94ebe8d70550ed77afe4c48f9e9f 100644 (file)
--- a/cookbooks/piwik/recipes/default.rb
+++ b/cookbooks/piwik/recipes/default.rb
@@ -91,6 +91,12 @@ mysql_database "piwik" do
    permissions "piwik@localhost" => :all
  end
  
+ssl_certificate "piwik.openstreetmap.org" do
+  domains ["piwik.openstreetmap.org", "piwik.osm.org"]
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
  apache_site "piwik.openstreetmap.org" do
    template "apache.erb"
  end
diff --git a/cookbooks/piwik/templates/default/apache.erb b/cookbooks/piwik/templates/default/apache.erb

index 226a3211e9888a142e964f02897439405ae387d6..8f27414ba3f69629d00469c1ded2d1538a20ef99 100644 (file)
--- a/cookbooks/piwik/templates/default/apache.erb
+++ b/cookbooks/piwik/templates/default/apache.erb
@@ -1,31 +1,32 @@
  # DO NOT EDIT - This file is being maintained by Chef
  
-<VirtualHost *:80>
+<VirtualHost *:443>
         ServerName piwik.openstreetmap.org
         ServerAlias piwik.osm.org
         ServerAdmin webmaster@openstreetmap.org
  
+       SSLEngine on
+       SSLCertificateFile /etc/ssl/certs/piwik.openstreetmap.org.pem
+       SSLCertificateKeyFile /etc/ssl/private/piwik.openstreetmap.org.key
+
         CustomLog /var/log/apache2/piwik.openstreetmap.org-access.log combined
         ErrorLog /var/log/apache2/piwik.openstreetmap.org-error.log
  
         Options -Indexes
  
         DocumentRoot /srv/piwik.openstreetmap.org
-       RedirectPermanent /index.php https://piwik.openstreetmap.org/index.php
  </VirtualHost>
  
-<VirtualHost *:443>
+<VirtualHost *:80>
         ServerName piwik.openstreetmap.org
+       ServerAlias piwik.osm.org
         ServerAdmin webmaster@openstreetmap.org
  
-       SSLEngine on
-
         CustomLog /var/log/apache2/piwik.openstreetmap.org-access.log combined
         ErrorLog /var/log/apache2/piwik.openstreetmap.org-error.log
  
-       Options -Indexes
-
-       DocumentRoot /srv/piwik.openstreetmap.org
+       RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+       RedirectPermanent / https://piwik.openstreetmap.org/
  </VirtualHost>
  
  <Directory /srv/piwik.openstreetmap.org>
author	Tom Hughes <tom@compton.nu>
	Sat, 11 Feb 2017 17:28:26 +0000 (17:28 +0000)
committer	Tom Hughes <tom@compton.nu>
	Sat, 11 Feb 2017 17:33:09 +0000 (17:33 +0000)
cookbooks/piwik/recipes/default.rb		patch \| blob \| history
cookbooks/piwik/templates/default/apache.erb		patch \| blob \| history