Enable SSL for dns.osm.org
authorTom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 10:34:32 +0000 (10:34 +0000)
committerTom Hughes <tom@compton.nu>
Sun, 12 Feb 2017 10:34:32 +0000 (10:34 +0000)
cookbooks/dns/recipes/default.rb
cookbooks/dns/templates/default/apache.erb

index e2b41155d29c2fe9272ee637e251f36212a98873..4fbde88c06ffa0ddfaaabe0f66c14bc68bc7e0f2 100644 (file)
@@ -18,7 +18,7 @@
 #
 
 include_recipe "git"
-include_recipe "apache"
+include_recipe "apache::ssl"
 
 passwords = data_bag_item("dns", "passwords")
 
@@ -71,6 +71,12 @@ template "/srv/dns.openstreetmap.org/html/index.html" do
   variables :zones => zones
 end
 
+ssl_certificate "dns.openstreetmap.org" do
+  domains "dns.openstreetmap.org"
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site "dns.openstreetmap.org" do
   template "apache.erb"
   directory "/srv/dns.openstreetmap.org"
index 100d24e07846ea1b81e1543f412e3ea9d39c8597..fd555e886cf67f7c92c815a789bbb927fe19f53f 100644 (file)
@@ -7,6 +7,21 @@
        CustomLog /var/log/apache2/<%= @name %>-access.log combined
        ErrorLog /var/log/apache2/<%= @name %>-error.log
 
+        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+        RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
+
+<VirtualHost *:443>
+       ServerName <%= @name %>
+       ServerAdmin webmaster@openstreetmap.org
+
+        SSLEngine on
+        SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+        SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+       CustomLog /var/log/apache2/<%= @name %>-access.log combined
+       ErrorLog /var/log/apache2/<%= @name %>-error.log
+
        DocumentRoot <%= @directory %>/html
        Alias /json/ /var/lib/dns/json/
 </VirtualHost>