From bb6e5e4fd7db0bd72c27a81df01a9b572d89c145 Mon Sep 17 00:00:00 2001
From: Grant Slater <git@firefishy.com>
Date: Sun, 26 Mar 2017 11:20:46 +0100
Subject: [PATCH] Add certificate for opengeodata.org

---
 cookbooks/blog/recipes/default.rb             |  4 +++
 .../blog/templates/default/opengeodata.erb    | 27 ++++++++++++++++---
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/cookbooks/blog/recipes/default.rb b/cookbooks/blog/recipes/default.rb
index e9440d75c..83f022ee3 100644
--- a/cookbooks/blog/recipes/default.rb
+++ b/cookbooks/blog/recipes/default.rb
@@ -91,6 +91,10 @@ git "/srv/blog.openstreetmap.org/static" do
   group "wordpress"
 end
 
+ssl_certificate "opengeodata.org" do
+  domains ["opengeodata.org", "www.opengeodata.org", "old.opengeodata.org"]
+  notifies :reload, "service[apache2]"
+end
 apache_site "opengeodata.org" do
   template "opengeodata.erb"
   directory "/srv/opengeodata.org"
diff --git a/cookbooks/blog/templates/default/opengeodata.erb b/cookbooks/blog/templates/default/opengeodata.erb
index 43dbf01bd..1150145a4 100644
--- a/cookbooks/blog/templates/default/opengeodata.erb
+++ b/cookbooks/blog/templates/default/opengeodata.erb
@@ -3,7 +3,7 @@
 <VirtualHost *:80>
   ServerName opengeodata.org
   ServerAlias www.opengeodata.org
-  ServerAlias old.opengeodata.org
+  ServerAlias old.opengeodata.org # https://blog.openstreetmap.org/2010/02/25/old-opengeodata-posts-now-up-at-old-opengeodata-org/
 
   ServerAdmin webmaster@openstreetmap.org
 
@@ -11,7 +11,28 @@
   ErrorLog /var/log/apache2/<%= @name %>-error.log
 
   RewriteEngine on
-  RewriteRule ^(.*/)index\.html$ http://blog.openstreetmap.org/$1 [R,L]
+  RewriteRule ^(.*/)index\.html$ https://blog.openstreetmap.org/$1 [R=permanent,L]
 
-  RedirectPermanent / http://blog.openstreetmap.org/
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+  RedirectPermanent / https://blog.openstreetmap.org/
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName opengeodata.org
+  ServerAlias www.opengeodata.org
+  ServerAlias old.opengeodata.org # https://blog.openstreetmap.org/2010/02/25/old-opengeodata-posts-now-up-at-old-opengeodata-org/
+
+  ServerAdmin webmaster@openstreetmap.org
+
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/opengeodata.org.pem
+  SSLCertificateKeyFile /etc/ssl/private/opengeodata.org.key
+
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+  RewriteEngine on
+  RewriteRule ^(.*/)index\.html$ https://blog.openstreetmap.org/$1 [R=permanent,L]
+
+  RedirectPermanent / https://blog.openstreetmap.org/
 </VirtualHost>
-- 
2.43.2