From 0e61ed52adeffe6af5d71dfe3b5d0d680b01fb39 Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Sun, 12 Feb 2023 12:17:29 +0000
Subject: [PATCH 1/1] Redirect welcome alias to primary site

---
 .../templates/default/apache.welcome.erb      | 63 ++++++++++++-------
 1 file changed, 39 insertions(+), 24 deletions(-)
diff --git a/cookbooks/foundation/templates/default/apache.welcome.erb b/cookbooks/foundation/templates/default/apache.welcome.erb
index 581fb4eab..586526085 100644
--- a/cookbooks/foundation/templates/default/apache.welcome.erb
+++ b/cookbooks/foundation/templates/default/apache.welcome.erb
@@ -1,38 +1,53 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-<VirtualHost *:443>
-   ServerName <%= @name %>
+<VirtualHost *:80>
+  ServerName <%= @name %>
 <% @aliases.each do |alias_name| -%>
-   ServerAlias <%= alias_name %>
+  ServerAlias <%= alias_name %>
 <% end -%>
-   ServerAdmin webmaster@openstreetmap.org
+  ServerAdmin webmaster@openstreetmap.org
 
-   CustomLog /var/log/apache2/<%= @name %>-access.log combined
-   ErrorLog /var/log/apache2/<%= @name %>-error.log
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-   SSLEngine on
-   SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
-   SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+  RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
 
-   # Let the backend know we are using HTTPS
-   RequestHeader set X-Forwarded-Proto âhttpsâ
-   RequestHeader set X-Forwarded-Port â443â
+<% unless @aliases.empty? -%>
+<VirtualHost *:443>
+  ServerName <%= @aliases.first %>
+<% @aliases.drop(1).each do |alias_name| -%>
+  ServerAlias <%= alias_name %>
+<% end -%>
+  ServerAdmin webmaster@openstreetmap.org
 
-   ProxyPass / http://localhost:<%= @docker_external_port %>/
-   ProxyPreserveHost on
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
-</VirtualHost>
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-<VirtualHost *:80>
-   ServerName <%= @name %>
-<% @aliases.each do |alias_name| -%>
-   ServerAlias <%= alias_name %>
+  RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
 <% end -%>
-   ServerAdmin webmaster@openstreetmap.org
 
-   CustomLog /var/log/apache2/<%= @name %>-access.log combined
-   ErrorLog /var/log/apache2/<%= @name %>-error.log
+<VirtualHost *:443>
+  ServerName <%= @name %>
+  ServerAdmin webmaster@openstreetmap.org
+
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+  # Let the backend know we are using HTTPS
+  RequestHeader set X-Forwarded-Proto "https"
+  RequestHeader set X-Forwarded-Port "443"
 
-   RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
-   RedirectPermanent / https://<%= @name %>/
+  ProxyPass / http://localhost:<%= @docker_external_port %>/
+  ProxyPreserveHost on
 </VirtualHost>
-- 
2.45.2

