From: Tom Hughes <tom@compton.nu>
Date: Sat, 11 Feb 2017 17:28:26 +0000 (+0000)
Subject: Switch piwik to letsencrypt
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/e936bc87af74e629f14f70337f2bf8e19b79ccc3

Switch piwik to letsencrypt
---

diff --git a/cookbooks/piwik/recipes/default.rb b/cookbooks/piwik/recipes/default.rb
index 444788003..8561491b2 100644
--- a/cookbooks/piwik/recipes/default.rb
+++ b/cookbooks/piwik/recipes/default.rb
@@ -91,6 +91,12 @@ mysql_database "piwik" do
   permissions "piwik@localhost" => :all
 end
 
+ssl_certificate "piwik.openstreetmap.org" do
+  domains ["piwik.openstreetmap.org", "piwik.osm.org"]
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site "piwik.openstreetmap.org" do
   template "apache.erb"
 end
diff --git a/cookbooks/piwik/templates/default/apache.erb b/cookbooks/piwik/templates/default/apache.erb
index 226a3211e..8f27414ba 100644
--- a/cookbooks/piwik/templates/default/apache.erb
+++ b/cookbooks/piwik/templates/default/apache.erb
@@ -1,31 +1,32 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-<VirtualHost *:80>
+<VirtualHost *:443>
 	ServerName piwik.openstreetmap.org
 	ServerAlias piwik.osm.org
 	ServerAdmin webmaster@openstreetmap.org
 
+	SSLEngine on
+	SSLCertificateFile /etc/ssl/certs/piwik.openstreetmap.org.pem
+	SSLCertificateKeyFile /etc/ssl/private/piwik.openstreetmap.org.key
+
 	CustomLog /var/log/apache2/piwik.openstreetmap.org-access.log combined
 	ErrorLog /var/log/apache2/piwik.openstreetmap.org-error.log
 
 	Options -Indexes
 
 	DocumentRoot /srv/piwik.openstreetmap.org
-	RedirectPermanent /index.php https://piwik.openstreetmap.org/index.php
 </VirtualHost>
 
-<VirtualHost *:443>
+<VirtualHost *:80>
 	ServerName piwik.openstreetmap.org
+	ServerAlias piwik.osm.org
 	ServerAdmin webmaster@openstreetmap.org
 
-	SSLEngine on
-
 	CustomLog /var/log/apache2/piwik.openstreetmap.org-access.log combined
 	ErrorLog /var/log/apache2/piwik.openstreetmap.org-error.log
 
-	Options -Indexes
-
-	DocumentRoot /srv/piwik.openstreetmap.org
+	RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+	RedirectPermanent / https://piwik.openstreetmap.org/
 </VirtualHost>
 
 <Directory /srv/piwik.openstreetmap.org>