From 6d0fd628cfdf5b2e32c656b78ece007752c522f2 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Sat, 10 Feb 2018 17:42:52 +0000 Subject: [PATCH 1/1] Add https support for git.osm.org --- cookbooks/git/recipes/web.rb | 3 +- cookbooks/git/templates/default/apache.erb | 66 ++++++++++++++-------- roles/git.rb | 1 + 3 files changed, 47 insertions(+), 23 deletions(-) diff --git a/cookbooks/git/recipes/web.rb b/cookbooks/git/recipes/web.rb index 09954bf1d..8eb83bf15 100644 --- a/cookbooks/git/recipes/web.rb +++ b/cookbooks/git/recipes/web.rb @@ -33,13 +33,14 @@ template "/etc/gitweb.conf" do end ssl_certificate node[:git][:host] do - domains node[:git][:host] + domains [node[:git][:host]] + Array(node[:git][:aliases]) notifies :reload, "service[apache2]" end apache_site node[:git][:host] do template "apache.erb" directory git_directory + variables :aliases => Array(node[:git][:aliases]) end template "#{git_directory}/robots.txt" do diff --git a/cookbooks/git/templates/default/apache.erb b/cookbooks/git/templates/default/apache.erb index 21e0aa077..c7f85c821 100644 --- a/cookbooks/git/templates/default/apache.erb +++ b/cookbooks/git/templates/default/apache.erb @@ -1,38 +1,60 @@ # DO NOT EDIT - This file is being maintained by Chef - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://<%= @name %>/ + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ +<% unless @aliases.empty? -%> - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org + ServerName <%= @aliases.first %> +<% @aliases.slice(1..-1).each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - DocumentRoot <%= @directory %> - HeaderName HEADER - Alias /gitweb /usr/share/gitweb - Alias /git /var/cache/git - ScriptAlias /gitweb.cgi /usr/lib/cgi-bin/gitweb.cgi + RedirectPermanent / https://<%= @name %>/ + + +<% end -%> + + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + DocumentRoot <%= @directory %> + HeaderName HEADER + Alias /gitweb /usr/share/gitweb + Alias /git /var/cache/git + ScriptAlias /gitweb.cgi /usr/lib/cgi-bin/gitweb.cgi - RewriteEngine On - RewriteRule ^/$ /gitweb.cgi%{REQUEST_URI} [L,PT] - RewriteRule ^/(.*\.git/(?!/?(HEAD|info|objects|refs)).*)?$ /gitweb.cgi%{REQUEST_URI} [L,PT] + RewriteEngine On + RewriteRule ^/$ /gitweb.cgi%{REQUEST_URI} [L,PT] + RewriteRule ^/(.*\.git/(?!/?(HEAD|info|objects|refs)).*)?$ /gitweb.cgi%{REQUEST_URI} [L,PT] > - Require all granted + Require all granted diff --git a/roles/git.rb b/roles/git.rb index 048490aac..09b95cbf1 100644 --- a/roles/git.rb +++ b/roles/git.rb @@ -20,6 +20,7 @@ default_attributes( }, :git => { :host => "git.openstreetmap.org", + :aliases => ["git.osm.org"], :backup => "git" } ) -- 2.43.2