From 5919a0168e927c655ce23acc885413864f0ebfcf Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Tue, 16 Dec 2014 12:25:06 +0000 Subject: [PATCH] Add temporary SSL certification for crm.osmfoundation.org --- cookbooks/civicrm/recipes/default.rb | 5 +++- .../ssl/files/default/crm.osmfoundation.pem | 29 +++++++++++++++++++ cookbooks/ssl/recipes/default.rb | 2 +- .../wordpress/definitions/wordpress_site.rb | 4 ++- .../wordpress/templates/default/apache.erb | 4 +++ 5 files changed, 41 insertions(+), 3 deletions(-) create mode 100644 cookbooks/ssl/files/default/crm.osmfoundation.pem diff --git a/cookbooks/civicrm/recipes/default.rb b/cookbooks/civicrm/recipes/default.rb index d366b8c8c..382cb53b4 100644 --- a/cookbooks/civicrm/recipes/default.rb +++ b/cookbooks/civicrm/recipes/default.rb @@ -17,6 +17,8 @@ # limitations under the License. # +node.default[:ssl][:certificates] = node[:ssl][:certificates] | [ "crm.osmfoundation" ] + include_recipe "wordpress" include_recipe "mysql" @@ -37,7 +39,8 @@ mysql_database "civicrm" do end wordpress_site "crm.osmfoundation.org" do - ssl_enabled false + ssl_enabled true + ssl_certificate "crm.osmfoundation" database_name "civicrm" database_user "civicrm" database_password database_password diff --git a/cookbooks/ssl/files/default/crm.osmfoundation.pem b/cookbooks/ssl/files/default/crm.osmfoundation.pem new file mode 100644 index 000000000..36261979a --- /dev/null +++ b/cookbooks/ssl/files/default/crm.osmfoundation.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFATCCAumgAwIBAgIDAlJkMA0GCSqGSIb3DQEBCwUAMFQxFDASBgNVBAoTC0NB +Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV +BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTQxMjE2MTIwODIxWhcNMTYxMjE1 +MTIwODIxWjAgMR4wHAYDVQQDExVjcm0ub3NtZm91bmRhdGlvbi5vcmcwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5UVvmSjwN7x03au9xudnXAdK6Hjzr +bnKpSZMLjmjZGdrtJELRl0/xkbk984A4SufMm5TtdrehBinjug7my9BZocyCAscW +RTe3O3S6i+LQaKQe+2CtzVAx4fZSIznE4VCSFB5pRgpaffXQMr1aXTGGoODjet4T +3hEUzVg0WwymbLh62eN4aIFvCLtN3U4+7l8UhZD5LDYDjU1wsE80yX+z96/6s0OY +3T85bgNg7u/qMKczY9FlWY8Rz+ORcDElMO+tATq89+tcvuYBNIAfaqH2H49+Y5Lh +LTKeotMuJyZwJInUsDtryY/QsPltEWbkiR0xbSpzTgK8R9HIbRORAfxDAgMBAAGj +ggEOMIIBCjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIDqDA0BgNVHSUELTAr +BggrBgEFBQcDAgYIKwYBBQUHAwEGCWCGSAGG+EIEAQYKKwYBBAGCNwoDAzAzBggr +BgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcv +MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9jbGFzczMt +cmV2b2tlLmNybDBFBgNVHREEPjA8ghVjcm0ub3NtZm91bmRhdGlvbi5vcmegIwYI +KwYBBQUHCAWgFwwVY3JtLm9zbWZvdW5kYXRpb24ub3JnMA0GCSqGSIb3DQEBCwUA +A4ICAQA7OZ1BHDxvKFZzmhjUnrtaCMus9vTwenq4b3ml4WZHpVOMPUe6wmm9cvRf +UdzbZ8EPFvTkXgxJrRSAqSwbcwtOTyy4IIRR1CjrfHQHc/Gx/GRlc4sUFSHDGFH3 +bcwAUfOPTE741G+ir+1yltakfAoRWbf7wJWFaFIzJjSsEYbx9x4eoeeU+J0vGLHT +1yXty57WWtclH1UoSte+1dqec0Gj949DOgMczygeiC25VrNyEnHw8SZudLLNDQIX +4GNd0n02gKzyjipG4bRPXlyjfARF3OxZr/A2jgOzcAwPJmVWmORckpw5fWtTf1Kj +D2cFgNRjzdHnGX1R77PdtXqsEPnap6f1W74H+PT3s1vIkqwT+meRqQITeIxAsu2B +Ytk2ogRgWcqosb+SU4pQwvL/BeQocCdWZLt5wIkAuJjUvtVRl2WDJu+4ODT0Fjq0 +tveXh1C5uZAKPtTo97osvK9YsLVCwfrz+qTAUlVnZXBekmLsX8YslNdMP00P44oP +zSdv2jEu1oFJR28epu77wz85WWo6Dam18xsSA8LE2ZPmi+xyCGuBTBpaP7yTCarh +jOqt/dWOeWSgtXFmzGvhHet+k7bzzyITMHxBrSyIl+T97h50tbY1UB0x5vx6bU9F +0izvC+d5RULNW240ZMsbcPx983USj9+4dUAJ5P9FMqtWcqWYLQ== +-----END CERTIFICATE----- diff --git a/cookbooks/ssl/recipes/default.rb b/cookbooks/ssl/recipes/default.rb index 81dea8b28..ee4b93327 100644 --- a/cookbooks/ssl/recipes/default.rb +++ b/cookbooks/ssl/recipes/default.rb @@ -29,7 +29,7 @@ cookbook_file "/etc/ssl/certs/rapidssl.pem" do backup false end -[ "openstreetmap", "tile.openstreetmap" ].each do |certificate| +[ "openstreetmap", "tile.openstreetmap", "crm.osmfoundation" ].each do |certificate| if node[:ssl][:certificates].include?(certificate) cookbook_file "/etc/ssl/certs/#{certificate}.pem" do owner "root" diff --git a/cookbooks/wordpress/definitions/wordpress_site.rb b/cookbooks/wordpress/definitions/wordpress_site.rb index 8211f4cd0..7e8e16105 100644 --- a/cookbooks/wordpress/definitions/wordpress_site.rb +++ b/cookbooks/wordpress/definitions/wordpress_site.rb @@ -20,6 +20,7 @@ define :wordpress_site, :action => [ :create, :enable ] do name = params[:name] ssl_enabled = params[:ssl_enabled] || false + ssl_certificate = params[:ssl_certificate] aliases = Array(params[:aliases]) urls = Array(params[:urls]) directory = params[:directory] || "/srv/#{name}" @@ -129,7 +130,8 @@ define :wordpress_site, :action => [ :create, :enable ] do cookbook "wordpress" template "apache.erb" directory directory - variables :aliases => aliases, :urls => urls, :ssl_enabled => ssl_enabled + variables :aliases => aliases, :urls => urls, + :ssl_enabled => ssl_enabled, :ssl_certificate => ssl_certificate notifies :reload, "service[apache2]" end diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb index aea4eb690..3d0b97ade 100644 --- a/cookbooks/wordpress/templates/default/apache.erb +++ b/cookbooks/wordpress/templates/default/apache.erb @@ -27,6 +27,10 @@ # Enable SSL # SSLEngine on +<% if @ssl_certificate -%> + SSLCertificateFile /etc/ssl/certs/<%= @ssl_certificate %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @ssl_certificate %>.key +<% end -%> CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log -- 2.43.2