From: Grant Slater <git@firefishy.com>
Date: Wed, 21 Sep 2016 22:33:46 +0000 (+0100)
Subject: donate: attempt set of correct cert
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/5145c748af08a7dcae1b38deb783d74c2b550ea2?hp=9bd884562817e0d9320de88485ae457c9535da76

donate: attempt set of correct cert
---

diff --git a/cookbooks/donate/recipes/default.rb b/cookbooks/donate/recipes/default.rb
index 66a112339..e1f64904b 100644
--- a/cookbooks/donate/recipes/default.rb
+++ b/cookbooks/donate/recipes/default.rb
@@ -17,6 +17,8 @@
 # limitations under the License.
 #
 
+node.default[:ssl][:certificates] = node[:ssl][:certificates] | ["openstreetmap"]
+
 include_recipe "apache::ssl"
 include_recipe "mysql"
 include_recipe "git"
@@ -64,6 +66,12 @@ git "/srv/donate.openstreetmap.org" do
   group "donate"
 end
 
+directory "/srv/donate.openstreetmap.org/data" do
+  owner "donate"
+  group "donate"
+  mode 0o755
+end
+
 apache_site "donate.openstreetmap.org" do
   template "apache.erb"
 end
diff --git a/cookbooks/donate/templates/default/apache.erb b/cookbooks/donate/templates/default/apache.erb
index df3a98bd3..509cf3fdd 100644
--- a/cookbooks/donate/templates/default/apache.erb
+++ b/cookbooks/donate/templates/default/apache.erb
@@ -23,6 +23,9 @@
    # Enable SSL
    #
    SSLEngine on
+   SSLCertificateFile /etc/ssl/certs/openstreetmap.pem
+   SSLCertificateKeyFile /etc/ssl/private/openstreetmap.key
+   SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
 
    # HSTS (mod_headers is required)
    Header always set Strict-Transport-Security "max-age=300"