From 88d22f60f165338495c6c9980b8a3f34ae047be9 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Mon, 13 Feb 2017 19:11:23 +0000 Subject: [PATCH] Switch taginfo.osm.org to letsencrypt --- cookbooks/taginfo/recipes/default.rb | 20 ++++++++++++------- .../taginfo/templates/default/apache.erb | 20 +++++++++++++------ 2 files changed, 27 insertions(+), 13 deletions(-) diff --git a/cookbooks/taginfo/recipes/default.rb b/cookbooks/taginfo/recipes/default.rb index 76a869b7c..35166f1d0 100644 --- a/cookbooks/taginfo/recipes/default.rb +++ b/cookbooks/taginfo/recipes/default.rb @@ -80,14 +80,14 @@ template "/etc/sudoers.d/taginfo" do end node[:taginfo][:sites].each do |site| - name = site[:name] - directory = site[:directory] || "/srv/#{name}" + site_name = site[:name] + directory = site[:directory] || "/srv/#{site_name}" description = site[:description] about = site[:about] icon = site[:icon] contact = site[:contact] - directory "/var/log/taginfo/#{name}" do + directory "/var/log/taginfo/#{site_name}" do owner "taginfo" group "taginfo" mode 0o755 @@ -126,13 +126,13 @@ node[:taginfo][:sites].each do |site| settings = Chef::DelayedEvaluator.new do settings = JSON.parse(IO.read("#{directory}/taginfo/taginfo-config-example.json")) - settings["instance"]["url"] = "http://#{name}/" + settings["instance"]["url"] = "http://#{site_name}/" settings["instance"]["description"] = description settings["instance"]["about"] = about settings["instance"]["icon"] = "/img/logo/#{icon}.png" settings["instance"]["contact"] = contact settings["instance"]["access_control_allow_origin"] = "" - settings["logging"]["directory"] = "/var/log/taginfo/#{name}" + settings["logging"]["directory"] = "/var/log/taginfo/#{site_name}" settings["opensearch"]["shortname"] = "Taginfo" settings["opensearch"]["contact"] = "webmaster@openstreetmap.org" settings["sources"]["download"] = "" @@ -231,10 +231,16 @@ node[:taginfo][:sites].each do |site| owner "taginfo" group "taginfo" mode 0o755 - variables :name => name, :directory => directory + variables :name => site_name, :directory => directory end - apache_site name do + ssl_certificate site_name do + domains site_name + fallback_certificate "openstreetmap" + notifies :reload, "service[apache2]" + end + + apache_site site_name do template "apache.erb" directory "#{directory}/taginfo/web/public" end diff --git a/cookbooks/taginfo/templates/default/apache.erb b/cookbooks/taginfo/templates/default/apache.erb index 288b13ff1..3ae9fed71 100644 --- a/cookbooks/taginfo/templates/default/apache.erb +++ b/cookbooks/taginfo/templates/default/apache.erb @@ -1,14 +1,12 @@ # DO NOT EDIT - This file is being maintained by Chef -<% [80, 443].each do |port| -%> - -> + ServerName <%= @name %> ServerAdmin webmaster@openstreetmap.org -<% if port == 443 -%> SSLEngine on -<% end -%> + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log @@ -26,7 +24,17 @@ Header setifempty Access-Control-Allow-Origin * -<% end -%> + + + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ + > Require all granted -- 2.43.2