From 5d511fe466e334435ca1e578c44558a57369ffea Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Sun, 12 Feb 2017 10:39:45 +0000 Subject: [PATCH] Enable SSL for irc.osm.org --- cookbooks/cgiirc/recipes/default.rb | 8 +++++++- cookbooks/cgiirc/templates/default/apache.erb | 17 ++++++++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/cookbooks/cgiirc/recipes/default.rb b/cookbooks/cgiirc/recipes/default.rb index 5f6c0eced..173eebfdd 100644 --- a/cookbooks/cgiirc/recipes/default.rb +++ b/cookbooks/cgiirc/recipes/default.rb @@ -17,7 +17,7 @@ # limitations under the License. # -include_recipe "apache" +include_recipe "apache::ssl" blocks = data_bag_item("cgiirc", "blocks") @@ -38,6 +38,12 @@ template "/etc/cgiirc/ipaccess" do variables :blocks => blocks["addresses"] end +ssl_certificate "irc.openstreetmap.org" do + domains "irc.openstreetmap.org" + fallback_certificate "openstreetmap" + notifies :reload, "service[apache2]" +end + apache_site "irc.openstreetmap.org" do template "apache.erb" end diff --git a/cookbooks/cgiirc/templates/default/apache.erb b/cookbooks/cgiirc/templates/default/apache.erb index 025892c74..780e54784 100644 --- a/cookbooks/cgiirc/templates/default/apache.erb +++ b/cookbooks/cgiirc/templates/default/apache.erb @@ -1,9 +1,13 @@ # DO NOT EDIT - This file is being maintained by Chef - + ServerName <%= @name %> ServerAdmin webmaster@openstreetmap.org + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log @@ -25,3 +29,14 @@ SetEnv no-gzip + + + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ + -- 2.43.2