From: Tom Hughes Date: Sun, 12 Feb 2017 10:34:32 +0000 (+0000) Subject: Enable SSL for dns.osm.org X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/f4bdb57179d283094086b70456798ffee045c6e6?hp=01b2f3402f5e3b7fbb20abdfde4444a72278f060;ds=sidebyside Enable SSL for dns.osm.org --- diff --git a/cookbooks/dns/recipes/default.rb b/cookbooks/dns/recipes/default.rb index e2b41155d..4fbde88c0 100644 --- a/cookbooks/dns/recipes/default.rb +++ b/cookbooks/dns/recipes/default.rb @@ -18,7 +18,7 @@ # include_recipe "git" -include_recipe "apache" +include_recipe "apache::ssl" passwords = data_bag_item("dns", "passwords") @@ -71,6 +71,12 @@ template "/srv/dns.openstreetmap.org/html/index.html" do variables :zones => zones end +ssl_certificate "dns.openstreetmap.org" do + domains "dns.openstreetmap.org" + fallback_certificate "openstreetmap" + notifies :reload, "service[apache2]" +end + apache_site "dns.openstreetmap.org" do template "apache.erb" directory "/srv/dns.openstreetmap.org" diff --git a/cookbooks/dns/templates/default/apache.erb b/cookbooks/dns/templates/default/apache.erb index 100d24e07..fd555e886 100644 --- a/cookbooks/dns/templates/default/apache.erb +++ b/cookbooks/dns/templates/default/apache.erb @@ -7,6 +7,21 @@ CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ + + + + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + DocumentRoot <%= @directory %>/html Alias /json/ /var/lib/dns/json/