From: Tom Hughes <tom@compton.nu>
Date: Sat, 11 Feb 2017 17:18:43 +0000 (+0000)
Subject: Enable SSL for munin using letsencrypt
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/e5dcd3ae4542c09c663e3648b474f2b227801e36

Enable SSL for munin using letsencrypt
---

diff --git a/cookbooks/munin/recipes/server.rb b/cookbooks/munin/recipes/server.rb
index d4f8cb047..5861bf5ea 100644
--- a/cookbooks/munin/recipes/server.rb
+++ b/cookbooks/munin/recipes/server.rb
@@ -17,7 +17,7 @@
 # limitations under the License.
 #
 
-include_recipe "apache"
+include_recipe "apache::ssl"
 
 package "munin"
 package "rrdcached"
@@ -90,6 +90,11 @@ directory "/srv/munin.openstreetmap.org/dumps" do
   mode 0o755
 end
 
+ssl_certificate "munin.openstreetmap.org" do
+  domains ["munin.openstreetmap.org", "munin.osm.org"]
+  notifies :reload, "service[apache2]"
+end
+
 apache_site "munin.openstreetmap.org" do
   template "apache.erb"
 end
diff --git a/cookbooks/munin/templates/default/apache.erb b/cookbooks/munin/templates/default/apache.erb
index e59c33fb0..77a215704 100644
--- a/cookbooks/munin/templates/default/apache.erb
+++ b/cookbooks/munin/templates/default/apache.erb
@@ -1,6 +1,6 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-<VirtualHost *:80>
+<VirtualHost *:443>
 	ServerName munin.openstreetmap.org
 	ServerAlias munin.osm.org
 	ServerAdmin webmaster@openstreetmap.org
@@ -8,7 +8,11 @@
 	CustomLog /var/log/apache2/munin.openstreetmap.org-access.log combined
 	ErrorLog /var/log/apache2/munin.openstreetmap.org-error.log
 
-	SetEnv RRDCACHED_ADDRESS /var/run/rrdcached.sock
+	SSLEngine on
+	SSLCertificateFile /etc/ssl/certs/munin.openstreetmap.org.pem
+	SSLCertificateKeyFile /etc/ssl/private/munin.openstreetmap.org.key
+
+        SetEnv RRDCACHED_ADDRESS /var/run/rrdcached.sock
 
 	DocumentRoot /srv/munin.openstreetmap.org
 	Alias /static/favicon.ico /srv/munin.openstreetmap.org/favicon.ico
@@ -24,6 +28,18 @@
 	RewriteRule ^(/.*\.html)?$ /munin-cgi/munin-cgi-html/$1 [PT]
 </VirtualHost>
 
+<VirtualHost *:80>
+	ServerName munin.openstreetmap.org
+	ServerAlias munin.osm.org
+	ServerAdmin webmaster@openstreetmap.org
+
+	CustomLog /var/log/apache2/munin.openstreetmap.org-access.log combined
+	ErrorLog /var/log/apache2/munin.openstreetmap.org-error.log
+
+	RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+	RedirectPermanent / https://munin.openstreetmap.org/
+</VirtualHost>
+
 <Directory /srv/munin.openstreetmap.org>
 	Require all granted
 </Directory>