From e75a75dcec6ef6fcb91f6c1b229bb6cd907ce2f6 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Mon, 13 Feb 2017 15:35:05 +0000 Subject: [PATCH] Switch chef.osm.org to letsencrypt --- cookbooks/chef/recipes/server.rb | 6 ++++++ cookbooks/chef/templates/default/apache.erb | 3 +++ 2 files changed, 9 insertions(+) diff --git a/cookbooks/chef/recipes/server.rb b/cookbooks/chef/recipes/server.rb index ac6f0d95e..2ebf64f72 100644 --- a/cookbooks/chef/recipes/server.rb +++ b/cookbooks/chef/recipes/server.rb @@ -78,6 +78,12 @@ end apache_module "alias" apache_module "proxy_http" +ssl_certificate "chef.openstreetmap.org" do + domains ["chef.openstreetmap.org", "chef.osm.org"] + fallback_certificate "openstreetmap" + notifies :reload, "service[apache2]" +end + apache_site "chef.openstreetmap.org" do template "apache.erb" end diff --git a/cookbooks/chef/templates/default/apache.erb b/cookbooks/chef/templates/default/apache.erb index f6c1806b1..1fb417fcb 100644 --- a/cookbooks/chef/templates/default/apache.erb +++ b/cookbooks/chef/templates/default/apache.erb @@ -8,6 +8,7 @@ CustomLog /var/log/apache2/chef.openstreetmap.org-access.log combined ErrorLog /var/log/apache2/chef.openstreetmap.org-error.log + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ Redirect permanent / https://chef.openstreetmap.org/ @@ -20,6 +21,8 @@ SSLEngine on SSLProxyEngine on + SSLCertificateFile /etc/ssl/certs/chef.openstreetmap.org.pem + SSLCertificateKeyFile /etc/ssl/private/chef.openstreetmap.org.key ProxyPass / https://<%= node[:fqdn] %>:4443/ -- 2.43.2