From: Tom Hughes <tom@compton.nu>
Date: Thu, 16 Feb 2017 18:53:38 +0000 (+0000)
Subject: Switch tile.osm.org to letsencrypt
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/d4a74eb0ce478386a1f5cf927708d1f2a485e7dd?hp=242e569f6b67381cf7ec98dc6e034dc5b5007476

Switch tile.osm.org to letsencrypt
---

diff --git a/cookbooks/tilecache/recipes/default.rb b/cookbooks/tilecache/recipes/default.rb
index df4e76f43..9e1193216 100644
--- a/cookbooks/tilecache/recipes/default.rb
+++ b/cookbooks/tilecache/recipes/default.rb
@@ -114,17 +114,18 @@ execute "execute_nginx_generate_tilecache_qos_map" do
   action :run
 end
 
-nginx_site "tile-ssl" do
-  template "nginx_tile_ssl.conf.erb"
-  variables :certificate => certificate, :resolvers => resolvers, :caches => tilecaches
+ssl_certificate "tile.openstreetmap.org" do
+  domains ["tile.openstreetmap.org",
+           "a.tile.openstreetmap.org",
+           "b.tile.openstreetmap.org",
+           "c.tile.openstreetmap.org"]
+  fallback_certificate "tile.openstreetmap"
+  notifies :restart, "service[nginx]"
 end
 
-service "nginx-certificate-restart" do
-  service_name "nginx"
-  action :nothing
-  subscribes :restart, "cookbook_file[/etc/ssl/certs/rapidssl.pem]"
-  subscribes :restart, "file[/etc/ssl/certs/#{certificate}.pem]"
-  subscribes :restart, "file[/etc/ssl/private/#{certificate}.key]"
+nginx_site "tile-ssl" do
+  template "nginx_tile_ssl.conf.erb"
+  variables :resolvers => resolvers, :caches => tilecaches
 end
 
 template "/etc/logrotate.d/nginx" do
diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
index 60d7d451f..c441c039c 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
@@ -50,8 +50,8 @@ server {
 
     proxy_buffers 8 64k;
 
-    ssl_certificate      /etc/ssl/certs/<%= @certificate %>.pem;
-    ssl_certificate_key  /etc/ssl/private/<%= @certificate %>.key;
+    ssl_certificate      /etc/ssl/certs/tile.openstreetmap.org.pem;
+    ssl_certificate_key  /etc/ssl/private/tile.openstreetmap.org.key;
 
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers <%= node[:ssl][:ciphers] -%>;