From: Tom Hughes <tom@compton.nu>
Date: Sat, 15 Feb 2014 17:39:12 +0000 (+0000)
Subject: Pass https to the backends over https
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/11d0975caf6d12fb54162b81a554e1b6c1e6317a

Pass https to the backends over https
---

diff --git a/cookbooks/web/recipes/backend.rb b/cookbooks/web/recipes/backend.rb
index ed80fd21d..6898b42be 100644
--- a/cookbooks/web/recipes/backend.rb
+++ b/cookbooks/web/recipes/backend.rb
@@ -18,6 +18,7 @@
 #
 
 include_recipe "memcached"
+include_recipe "apache::ssl"
 include_recipe "web::rails"
 include_recipe "web::cgimap"
 
diff --git a/cookbooks/web/templates/default/apache.backend.erb b/cookbooks/web/templates/default/apache.backend.erb
index 1c3a5c1f7..e1e65bee4 100644
--- a/cookbooks/web/templates/default/apache.backend.erb
+++ b/cookbooks/web/templates/default/apache.backend.erb
@@ -1,12 +1,20 @@
 # DO NOT EDIT - This file is being maintained by Chef
+<% [80, 443].each do |port| -%>
 
-<VirtualHost *:80>
+<VirtualHost *:<%= port %>>
   #
   # Basic server configuration
   #
   ServerName <%= node[:fqdn] %>
   ServerAlias api.openstreetmap.org www.openstreetmap.org
   ServerAdmin webmaster@openstreetmap.org
+<% if port == 443 -%>
+
+  #
+  # Enable SSL
+  #
+  SSLEngine on
+<% end -%>
 
   #
   # Setup logging
@@ -44,3 +52,4 @@
   RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full$ - [H=fcgi:127.0.0.1:8000]
   RewriteRule ^/api/0\.6/(nodes|ways|relations)$ - [H=fcgi:127.0.0.1:8000]
 </VirtualHost>
+<% end -%>
diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb
index 8effc61e5..0312712bc 100644
--- a/cookbooks/web/templates/default/apache.frontend.erb
+++ b/cookbooks/web/templates/default/apache.frontend.erb
@@ -191,9 +191,15 @@
   #
   <Proxy balancer://backend>
     ProxySet lbmethod=bybusyness
+<% if port == 443 -%>
+    BalancerMember https://rails1
+    BalancerMember https://rails2
+    BalancerMember https://rails3
+<% else -%>
     BalancerMember http://rails1
     BalancerMember http://rails2
     BalancerMember http://rails3
+<% end -%>
   </Proxy>
 <% if port == 80 -%>