From: Tom Hughes <tom@compton.nu>
Date: Thu, 4 Jan 2018 18:55:45 +0000 (+0000)
Subject: Make mediawiki sites redirect to https
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/9c3db8b15ab975e975cb31ca8bb388b79f6e5c8e

Make mediawiki sites redirect to https
---

diff --git a/cookbooks/mediawiki/resources/site.rb b/cookbooks/mediawiki/resources/site.rb
index 7f362cd88..4b53c52be 100644
--- a/cookbooks/mediawiki/resources/site.rb
+++ b/cookbooks/mediawiki/resources/site.rb
@@ -473,8 +473,6 @@ action :create do
     backup false
   end
 
-  ports = new_resource.ssl_enabled ? [80, 443] : [80]
-
   ssl_certificate new_resource.site do
     domains [new_resource.site] + Array(new_resource.aliases)
     only_if { new_resource.ssl_enabled }
@@ -486,8 +484,7 @@ action :create do
     directory site_directory
     variables :aliases => Array(new_resource.aliases),
               :private => new_resource.private,
-              :ssl_enabled => new_resource.ssl_enabled,
-              :ports => ports
+              :ssl_enabled => new_resource.ssl_enabled
     reload_apache false
   end
 
diff --git a/cookbooks/mediawiki/templates/default/apache.erb b/cookbooks/mediawiki/templates/default/apache.erb
index 0e173841c..5c38fc0a2 100644
--- a/cookbooks/mediawiki/templates/default/apache.erb
+++ b/cookbooks/mediawiki/templates/default/apache.erb
@@ -1,7 +1,22 @@
 # DO NOT EDIT - This file is being maintained by Chef
-<% @ports.each do |port| -%>
 
-<VirtualHost *:<%= port %>>
+<VirtualHost *:80>
+  ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+  ServerAlias <%= alias_name %>
+<% end -%>
+
+  ServerAdmin webmaster@openstreetmap.org
+
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+<% if @ssl_enabled -%>
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+  RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
+
+<VirtualHost *:443>
   ServerName <%= @name %>
 <% @aliases.each do |alias_name| -%>
   ServerAlias <%= alias_name %>
@@ -9,24 +24,16 @@
 
   ServerAdmin webmaster@openstreetmap.org
 
-<% if port == 443 -%>
   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
   SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
   CustomLog /var/log/apache2/<%= @name %>-secure-access.log combined
   ErrorLog /var/log/apache2/<%= @name %>-secure-error.log
-<% else -%>
-  CustomLog /var/log/apache2/<%= @name %>-access.log combined
-  ErrorLog /var/log/apache2/<%= @name %>-error.log
 <% end -%>
 
   DocumentRoot <%= @directory %>
 
-<% if @ssl_enabled -%>
-  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
-<% end -%>
-
   php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/
   #php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
   php_value memory_limit 128M
@@ -35,11 +42,7 @@
   php_value post_max_size 100M
 
   RewriteCond %{SERVER_NAME} !=<%= @name %>
-<% if port == 443 -%>
   RewriteRule ^/(.*)$ https://<%= @name %>/$1 [R=permanent]
-<% else -%>
-  RewriteRule ^/(.*)$ http://<%= @name %>/$1 [R=permanent]
-<% end -%>
 
   RedirectMatch 301 ^/$                           /wiki/Main_Page
 
@@ -131,4 +134,3 @@
     Require all denied
   </Files>
 </VirtualHost>
-<% end -%>