Use server specific SSL certificates for nominatim

author Tom Hughes <tom@compton.nu>

Mon, 13 Apr 2020 08:15:23 +0000 (09:15 +0100)

committer Tom Hughes <tom@compton.nu>

Mon, 13 Apr 2020 08:15:23 +0000 (09:15 +0100)
author Tom Hughes <tom@compton.nu>
Mon, 13 Apr 2020 08:15:23 +0000 (09:15 +0100)
committer Tom Hughes <tom@compton.nu>
Mon, 13 Apr 2020 08:15:23 +0000 (09:15 +0100)
diff --git a/cookbooks/nominatim/templates/default/apache.erb b/cookbooks/nominatim/templates/default/apache.erb

index 9d29290e817f050441ecaffe10469a50e9588457..123c758f5f085f7226f182f632385da62ed28577 100644 (file)
--- a/cookbooks/nominatim/templates/default/apache.erb
+++ b/cookbooks/nominatim/templates/default/apache.erb
@@ -13,8 +13,8 @@
      # Enable SSL
      SSLEngine on
      SSLProxyEngine on
-    SSLCertificateFile /etc/ssl/certs/nominatim.openstreetmap.org.pem
-    SSLCertificateKeyFile /etc/ssl/private/nominatim.openstreetmap.org.key
+    SSLCertificateFile /etc/ssl/certs/<%= node[:fqdn] %>.pem
+    SSLCertificateKeyFile /etc/ssl/private/<%= node[:fqdn] %>.key
  
      # Remove Proxy request header to mitigate https://httpoxy.org/
      RequestHeader unset Proxy early
author	Tom Hughes <tom@compton.nu>
	Mon, 13 Apr 2020 08:15:23 +0000 (09:15 +0100)
committer	Tom Hughes <tom@compton.nu>
	Mon, 13 Apr 2020 08:15:23 +0000 (09:15 +0100)