From: Guillaume RISCHARD <git@stereo.lu>
Date: Fri, 1 Jun 2018 11:31:04 +0000 (+0200)
Subject: Redirect http requests to https
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/981b586040b3fe307a4855e58e846da75555aa05

Redirect http requests to https
---

diff --git a/cookbooks/squid/templates/default/squid.conf.erb b/cookbooks/squid/templates/default/squid.conf.erb
index f290f730d..0c54aae82 100644
--- a/cookbooks/squid/templates/default/squid.conf.erb
+++ b/cookbooks/squid/templates/default/squid.conf.erb
@@ -12,7 +12,7 @@ icp_port 3130
 log_icp_queries off
 
 #FIXME - configurable
-http_port 80 accel defaultsite=tile.openstreetmap.org tcpkeepalive=60,10,6 http11
+http_port 127.0.0.1:8080 accel defaultsite=tile.openstreetmap.org tcpkeepalive=60,10,6 http11
 
 cache_effective_user proxy
 cache_effective_group proxy
diff --git a/cookbooks/tilecache/recipes/default.rb b/cookbooks/tilecache/recipes/default.rb
index 0d94bcfd2..d1773b506 100644
--- a/cookbooks/tilecache/recipes/default.rb
+++ b/cookbooks/tilecache/recipes/default.rb
@@ -118,7 +118,11 @@ ssl_certificate "tile.openstreetmap.org" do
 end
 
 nginx_site "tile-ssl" do
-  template "nginx_tile_ssl.conf.erb"
+  action :delete
+end
+
+nginx_site "tile" do
+  template "nginx_tile.conf.erb"
   variables :caches => tilecaches
 end
 
diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
similarity index 94%
rename from cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
rename to cookbooks/tilecache/templates/default/nginx_tile.conf.erb
index ac62a3775..149ddd001 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
@@ -1,7 +1,7 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
 upstream tile_cache_backend {
-    server 127.0.0.1;
+    server 127.0.0.1:8080;
     <% @caches.each do |cache| -%>
     <% if cache[:hostname] != node[:hostname] -%>
     #Server <%= cache[:hostname] %>
@@ -96,3 +96,11 @@ server {
       proxy_set_header Pragma $limit_http_pragma;
     }
 }
+
+# Convert all http requests to https
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    server_name _;
+    return 301 https://$host$request_uri;
+}