From 70c9fb3921e6f0c95828d52f3538cde194cc3414 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Sat, 11 Feb 2017 17:50:10 +0000 Subject: [PATCH 1/1] Switch operations.osmfoundation.org to letsencrypt --- cookbooks/foundation/recipes/owg.rb | 6 ++++++ .../foundation/templates/default/apache.owg.erb | 15 +++++++++------ cookbooks/ssl/resources/certificate.rb | 6 +++--- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/cookbooks/foundation/recipes/owg.rb b/cookbooks/foundation/recipes/owg.rb index 75d332063..a34a16f2a 100644 --- a/cookbooks/foundation/recipes/owg.rb +++ b/cookbooks/foundation/recipes/owg.rb @@ -56,6 +56,12 @@ execute "/srv/operations.osmfoundation.org" do group "nogroup" end +ssl_certificate "operations.osmfoundation.org" do + domains "operations.osmfoundation.org" + fallback_certificate "osmfoundation" + notifies :reload, "service[apache2]" +end + apache_site "operations.osmfoundation.org" do template "apache.owg.erb" directory "/srv/operations.osmfoundation.org/_site" diff --git a/cookbooks/foundation/templates/default/apache.owg.erb b/cookbooks/foundation/templates/default/apache.owg.erb index 1cb0fe44c..1e40674c6 100644 --- a/cookbooks/foundation/templates/default/apache.owg.erb +++ b/cookbooks/foundation/templates/default/apache.owg.erb @@ -1,25 +1,28 @@ # DO NOT EDIT - This file is being maintained by Chef - + ServerName <%= @name %> ServerAdmin webmaster@openstreetmap.org CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log - Redirect permanent / https://<%= @name %>/ + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + DocumentRoot <%= @directory %> - + ServerName <%= @name %> ServerAdmin webmaster@openstreetmap.org CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log - DocumentRoot <%= @directory %> - - SSLEngine on + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ > diff --git a/cookbooks/ssl/resources/certificate.rb b/cookbooks/ssl/resources/certificate.rb index 92dbcc323..01eedd80c 100644 --- a/cookbooks/ssl/resources/certificate.rb +++ b/cookbooks/ssl/resources/certificate.rb @@ -20,12 +20,12 @@ default_action :create property :name, String -property :domains, Array, :required => true +property :domains, [String, Array], :required => true property :fallback_certificate, String action :create do node.default[:letsencrypt][:certificates][name] = { - :domains => domains + :domains => Array(domains) } if letsencrypt @@ -64,7 +64,7 @@ action :create do owner "root" group "root" mode 0o644 - variables :domains => new_resource.domains + variables :domains => Array(new_resource.domains) not_if do ::File.exist?("/etc/ssl/certs/#{new_resource.name}.pem") && ::File.exist?("/etc/ssl/private/#{new_resource.name}.key") end -- 2.43.2