From 80e13a7d8d736da2cf26cf044116b015c00c9b33 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Thu, 4 Jan 2018 17:37:06 +0000 Subject: [PATCH] Redirect all gps-tile access to https --- cookbooks/gps-tile/recipes/default.rb | 1 + .../gps-tile/templates/default/apache.erb | 32 ++++++++++++++----- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/cookbooks/gps-tile/recipes/default.rb b/cookbooks/gps-tile/recipes/default.rb index 315865ac9..f76cde854 100644 --- a/cookbooks/gps-tile/recipes/default.rb +++ b/cookbooks/gps-tile/recipes/default.rb @@ -112,6 +112,7 @@ remote_directory "/srv/gps-tile.openstreetmap.org/html" do end apache_module "headers" +apache_module "rewrite" ssl_certificate "gps-tile.openstreetmap.org" do domains ["gps-tile.openstreetmap.org", diff --git a/cookbooks/gps-tile/templates/default/apache.erb b/cookbooks/gps-tile/templates/default/apache.erb index 7dbd24b41..064d56284 100644 --- a/cookbooks/gps-tile/templates/default/apache.erb +++ b/cookbooks/gps-tile/templates/default/apache.erb @@ -1,20 +1,17 @@ # DO NOT EDIT - This file is being maintained by Chef -<% [80, 443].each do |port| -%> -> + # Basic server configuration ServerName gps-tile.openstreetmap.org ServerAlias *.gps-tile.openstreetmap.org ServerAlias gps.tile.openstreetmap.org ServerAlias gps-*.tile.openstreetmap.org ServerAdmin webmaster@openstreetmap.org -<% if port == 443 -%> # Enable SSL SSLEngine on SSLCertificateFile /etc/ssl/certs/gps-tile.openstreetmap.org.pem SSLCertificateKeyFile /etc/ssl/private/gps-tile.openstreetmap.org.key -<% end -%> # Configure location of static files DocumentRoot /srv/gps-tile.openstreetmap.org/html @@ -22,9 +19,6 @@ # Configure the CGI script that serves the tiles ScriptAlias /lines /srv/gps-tile.openstreetmap.org/updater/tile - # Redirect for ACMI challenge validation - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - # Temporary redirect for old CGI location RedirectPermanent /gps-lines/tile /lines @@ -38,7 +32,29 @@ Header set Access-Control-Allow-Origin "*" -<% end -%> + + # Basic server configuration + ServerName gps-tile.openstreetmap.org + ServerAlias *.gps-tile.openstreetmap.org + ServerAlias gps.tile.openstreetmap.org + ServerAlias gps-*.tile.openstreetmap.org + ServerAdmin webmaster@openstreetmap.org + + # Enable rewriting + RewriteEngine On + + # Redirect for ACME challenge validation + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + + # Redirect to https + RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=permanent,L] + + # Setup logging + CustomLog /var/log/apache2/access.log combined + ErrorLog /var/log/apache2/error.log + BufferedLogs on + + Options None AllowOverride None -- 2.43.2