From d7897a0aa9147b2cea021cf478461ae9df12277c Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 22 Oct 2013 20:32:46 +0100
Subject: [PATCH] Use the tile.openstreetmap.org certificate for the GPS tile
 server

---
 cookbooks/apache/attributes/default.rb     | 2 ++
 cookbooks/apache/recipes/ssl.rb            | 9 ++++++---
 cookbooks/apache/templates/default/ssl.erb | 4 ++--
 roles/gps-tile.rb                          | 5 +++++
 4 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/cookbooks/apache/attributes/default.rb b/cookbooks/apache/attributes/default.rb
index 73184f049..41779d7d7 100644
--- a/cookbooks/apache/attributes/default.rb
+++ b/cookbooks/apache/attributes/default.rb
@@ -27,3 +27,5 @@ default[:apache][:event][:threads_per_child] = 25
 default[:apache][:event][:max_requests_per_child] = 0
 
 default[:apache][:listen_address] = "*"
+
+default[:apache][:ssl][:certificate] = "openstreetmap"
diff --git a/cookbooks/apache/recipes/ssl.rb b/cookbooks/apache/recipes/ssl.rb
index 0841ff0a9..b32c11c8b 100644
--- a/cookbooks/apache/recipes/ssl.rb
+++ b/cookbooks/apache/recipes/ssl.rb
@@ -17,7 +17,9 @@
 # limitations under the License.
 #
 
-node.default[:ssl][:certificates] = node[:ssl][:certificates] | [ "openstreetmap" ]
+certificate = node[:apache][:ssl][:certificate]
+
+node.default[:ssl][:certificates] = node[:ssl][:certificates] | [ certificate ]
 
 include_recipe "apache"
 include_recipe "ssl"
@@ -29,12 +31,13 @@ template "/etc/apache2/conf.d/ssl" do
   owner "root"
   group "root"
   mode 0644
+  variables :certificate => certificate
   notifies :reload, resources(:service => "apache2")
 end
 
 service "apache2" do
   action :nothing
   subscribes :restart, resources(:cookbook_file => "/etc/ssl/certs/rapidssl.pem")
-  subscribes :restart, resources(:cookbook_file => "/etc/ssl/certs/openstreetmap.pem")
-  subscribes :restart, resources(:file => "/etc/ssl/private/openstreetmap.key")
+  subscribes :restart, resources(:cookbook_file => "/etc/ssl/certs/#{certificate}.pem")
+  subscribes :restart, resources(:file => "/etc/ssl/private/#{certificate}.key")
 end
diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb
index 9e91555c0..8035d4289 100644
--- a/cookbooks/apache/templates/default/ssl.erb
+++ b/cookbooks/apache/templates/default/ssl.erb
@@ -3,6 +3,6 @@
 SSLHonorCipherOrder On
 SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
 
-SSLCertificateFile /etc/ssl/certs/openstreetmap.pem
-SSLCertificateKeyFile /etc/ssl/private/openstreetmap.key
+SSLCertificateFile /etc/ssl/certs/<%= @certiifcate %>.pem
+SSLCertificateKeyFile /etc/ssl/private/<%= @certiifcate %>.key
 SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
diff --git a/roles/gps-tile.rb b/roles/gps-tile.rb
index c4aba9dbd..2e26ed85c 100644
--- a/roles/gps-tile.rb
+++ b/roles/gps-tile.rb
@@ -10,6 +10,11 @@ default_attributes(
         :members => [ :enf, :tomh ]
       }
     }
+  },
+  :apache => {
+    :ssl => {
+      :certificate => "tile.openstreetmap"
+    }
   }
 )
 
-- 
2.43.2