From: Tom Hughes Date: Thu, 4 Jan 2018 17:37:06 +0000 (+0000) Subject: Redirect all gps-tile access to https X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/80e13a7d8d736da2cf26cf044116b015c00c9b33?ds=inline Redirect all gps-tile access to https --- diff --git a/cookbooks/gps-tile/recipes/default.rb b/cookbooks/gps-tile/recipes/default.rb index 315865ac9..f76cde854 100644 --- a/cookbooks/gps-tile/recipes/default.rb +++ b/cookbooks/gps-tile/recipes/default.rb @@ -112,6 +112,7 @@ remote_directory "/srv/gps-tile.openstreetmap.org/html" do end apache_module "headers" +apache_module "rewrite" ssl_certificate "gps-tile.openstreetmap.org" do domains ["gps-tile.openstreetmap.org", diff --git a/cookbooks/gps-tile/templates/default/apache.erb b/cookbooks/gps-tile/templates/default/apache.erb index 7dbd24b41..064d56284 100644 --- a/cookbooks/gps-tile/templates/default/apache.erb +++ b/cookbooks/gps-tile/templates/default/apache.erb @@ -1,20 +1,17 @@ # DO NOT EDIT - This file is being maintained by Chef -<% [80, 443].each do |port| -%> -> + # Basic server configuration ServerName gps-tile.openstreetmap.org ServerAlias *.gps-tile.openstreetmap.org ServerAlias gps.tile.openstreetmap.org ServerAlias gps-*.tile.openstreetmap.org ServerAdmin webmaster@openstreetmap.org -<% if port == 443 -%> # Enable SSL SSLEngine on SSLCertificateFile /etc/ssl/certs/gps-tile.openstreetmap.org.pem SSLCertificateKeyFile /etc/ssl/private/gps-tile.openstreetmap.org.key -<% end -%> # Configure location of static files DocumentRoot /srv/gps-tile.openstreetmap.org/html @@ -22,9 +19,6 @@ # Configure the CGI script that serves the tiles ScriptAlias /lines /srv/gps-tile.openstreetmap.org/updater/tile - # Redirect for ACMI challenge validation - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - # Temporary redirect for old CGI location RedirectPermanent /gps-lines/tile /lines @@ -38,7 +32,29 @@ Header set Access-Control-Allow-Origin "*" -<% end -%> + + # Basic server configuration + ServerName gps-tile.openstreetmap.org + ServerAlias *.gps-tile.openstreetmap.org + ServerAlias gps.tile.openstreetmap.org + ServerAlias gps-*.tile.openstreetmap.org + ServerAdmin webmaster@openstreetmap.org + + # Enable rewriting + RewriteEngine On + + # Redirect for ACME challenge validation + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + + # Redirect to https + RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=permanent,L] + + # Setup logging + CustomLog /var/log/apache2/access.log combined + ErrorLog /var/log/apache2/error.log + BufferedLogs on + + Options None AllowOverride None