From c605827917355fa73e1bbcff26d8fb347951b9c3 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Sun, 12 Feb 2017 10:31:16 +0000 Subject: [PATCH] Switch svn to letsencrypt --- cookbooks/subversion/recipes/default.rb | 6 ++++++ .../subversion/templates/default/apache.erb | 19 ++++++++++++++----- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/cookbooks/subversion/recipes/default.rb b/cookbooks/subversion/recipes/default.rb index 96941ed73..8419bbc40 100644 --- a/cookbooks/subversion/recipes/default.rb +++ b/cookbooks/subversion/recipes/default.rb @@ -51,6 +51,12 @@ apache_module "authz_svn" do package "libapache2-svn" end +ssl_certificate site_name do + domains site_name + fallback_certificate "openstreetmap" + notifies :reload, "service[apache2]" +end + apache_site site_name do template "apache.erb" directory repository_directory diff --git a/cookbooks/subversion/templates/default/apache.erb b/cookbooks/subversion/templates/default/apache.erb index ae5c40317..2ae7d0a19 100644 --- a/cookbooks/subversion/templates/default/apache.erb +++ b/cookbooks/subversion/templates/default/apache.erb @@ -1,13 +1,12 @@ # DO NOT EDIT - This file is being maintained by Chef -<% [80, 443].each do |port| -%> -> + ServerName <%= @name %> ServerAdmin webmaster@openstreetmap.org -<% if port == 443 -%> SSLEngine on -<% end -%> + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key CustomLog /var/log/apache2/<%= @name %>-access.log combined CustomLog /var/log/apache2/<%= @name %>-svn-access.log "%h %t %u %{SVN-ACTION}e" env=SVN-ACTION @@ -33,4 +32,14 @@ -<% end -%> + + + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ + -- 2.43.2