From efec66a495fa0b332d86aefc76af1311a011c4c2 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Thu, 4 Jan 2018 17:58:45 +0000
Subject: [PATCH 1/1] Enable SSL for user sites on the dev server

---
 cookbooks/dev/recipes/default.rb              |  5 +++
 .../dev/templates/default/apache.user.erb     | 35 ++++++++++++++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/cookbooks/dev/recipes/default.rb b/cookbooks/dev/recipes/default.rb
index 5186e1109..35efa45f7 100644
--- a/cookbooks/dev/recipes/default.rb
+++ b/cookbooks/dev/recipes/default.rb
@@ -136,6 +136,11 @@ search(:accounts, "*:*").each do |account|
     notifies :reload, "service[php7.0-fpm]"
   end
 
+  ssl_certificate "#{name}.dev.openstreetmap.org" do
+    domains ["#{name}.dev.openstreetmap.org", "#{name}.dev.osm.org"]
+    notifies :reload, "service[apache2]"
+  end
+
   apache_site "#{name}.dev.openstreetmap.org" do
     template "apache.user.erb"
     directory "#{user_home}/public_html"
diff --git a/cookbooks/dev/templates/default/apache.user.erb b/cookbooks/dev/templates/default/apache.user.erb
index 39f1cd60f..13afb27c2 100644
--- a/cookbooks/dev/templates/default/apache.user.erb
+++ b/cookbooks/dev/templates/default/apache.user.erb
@@ -2,11 +2,15 @@
 
 WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivity-timeout=600
 
-<VirtualHost *:80>
+<VirtualHost *:443>
 	ServerName <%= @user %>.dev.openstreetmap.org
 	ServerAdmin webmaster@openstreetmap.org
 	ServerAlias <%= @user %>.dev.osm.org
 
+	SSLEngine on
+	SSLCertificateFile /etc/ssl/certs/<%= @user %>.dev.openstreetmap.org.pem
+	SSLCertificateKeyFile /etc/ssl/private/<%= @user %>.dev.openstreetmap.org.key
+
 	# Remove Proxy request header to mitigate https://httpoxy.org/
 	RequestHeader unset Proxy early
 
@@ -29,6 +33,35 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit
 	RewriteRule ^/(.*\.ph(p|ps|p3|tml)(/.*)?)$ fcgi://127.0.0.1:<%= @port %><%= @directory %>/$1 [P]
 </VirtualHost>
 
+<VirtualHost *:80>
+	ServerName <%= @user %>.dev.openstreetmap.org
+	ServerAdmin webmaster@openstreetmap.org
+	ServerAlias <%= @user %>.dev.osm.org
+
+	# Remove Proxy request header to mitigate https://httpoxy.org/
+	RequestHeader unset Proxy early
+
+	UseCanonicalName Off
+	DocumentRoot <%= @directory %>
+	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+
+	RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+
+        WSGIProcessGroup <%= @user %>.dev.openstreetmap.org
+
+	RewriteEngine on
+	#LogLevel rewrite:trace2
+
+	CustomLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log combined
+	ErrorLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log
+
+	RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
+	RewriteRule ^/cgi-bin/(.*)$ /~<%= @user %>/cgi-bin/$1 [PT,L]
+
+	RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
+	RewriteRule ^/(.*\.ph(p|ps|p3|tml)(/.*)?)$ fcgi://127.0.0.1:<%= @port %><%= @directory %>/$1 [P]
+</VirtualHost>
+
 <Directory <%= @directory %>>
 	AllowOverride AuthConfig FileInfo Indexes Options=RailsBaseURI
 	Options SymLinksIfOwnerMatch Indexes Includes
-- 
2.43.2