From: Tom Hughes <tom@compton.nu>
Date: Mon, 13 Feb 2017 15:43:14 +0000 (+0000)
Subject: Enable SSL for stats.osm.org
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/fa6ed4fa1659e66d6e432fc8352089a2ae62ad6d

Enable SSL for stats.osm.org
---

diff --git a/cookbooks/stats/recipes/default.rb b/cookbooks/stats/recipes/default.rb
index 54d394f52..3f0303d2e 100644
--- a/cookbooks/stats/recipes/default.rb
+++ b/cookbooks/stats/recipes/default.rb
@@ -17,7 +17,7 @@
 # limitations under the License.
 #
 
-include_recipe "apache"
+include_recipe "apache::ssl"
 
 package "awstats"
 package "libgeo-ipfree-perl"
@@ -73,6 +73,12 @@ cookbook_file "/srv/stats.openstreetmap.org/robots.txt" do
   mode 0o644
 end
 
+ssl_certificate "stats.openstreetmap.org" do
+  domains ["stats.openstreetmap.org", "stats.osm.org"]
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site "stats.openstreetmap.org" do
   template "apache.erb"
   directory "/srv/stats.openstreetmap.org"
diff --git a/cookbooks/stats/templates/default/apache.erb b/cookbooks/stats/templates/default/apache.erb
index d6e147057..44a7c77fc 100644
--- a/cookbooks/stats/templates/default/apache.erb
+++ b/cookbooks/stats/templates/default/apache.erb
@@ -1,6 +1,6 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-<VirtualHost *:80>
+<VirtualHost *:443>
 	ServerName stats.openstreetmap.org
 	ServerAlias stats.osm.org
 	ServerAdmin webmaster@openstreetmap.org
@@ -8,11 +8,27 @@
 	CustomLog /var/log/apache2/stats.openstreetmap.org-access.log combined
 	ErrorLog /var/log/apache2/stats.openstreetmap.org-error.log
 
+	SSLEngine on
+	SSLCertificateFile /etc/ssl/certs/stats.openstreetmap.org.pem
+	SSLCertificateKeyFile /etc/ssl/private/stats.openstreetmap.org.key
+
 	DocumentRoot <%= @directory %>
 	Alias /awstats-icon/ /usr/share/awstats/icon/
 	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
 </VirtualHost>
 
+<VirtualHost *:80>
+	ServerName stats.openstreetmap.org
+	ServerAlias stats.osm.org
+	ServerAdmin webmaster@openstreetmap.org
+
+	CustomLog /var/log/apache2/stats.openstreetmap.org-access.log combined
+	ErrorLog /var/log/apache2/stats.openstreetmap.org-error.log
+
+	RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+	RedirectPermanent / https://stats.openstreetmap.org/
+</VirtualHost>
+
 <Directory /var/lib/awstats>
 	Options None
 	AllowOverride None