From f4bdb57179d283094086b70456798ffee045c6e6 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 12 Feb 2017 10:34:32 +0000
Subject: [PATCH 1/1] Enable SSL for dns.osm.org

---
 cookbooks/dns/recipes/default.rb           |  8 +++++++-
 cookbooks/dns/templates/default/apache.erb | 15 +++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/cookbooks/dns/recipes/default.rb b/cookbooks/dns/recipes/default.rb
index e2b41155d..4fbde88c0 100644
--- a/cookbooks/dns/recipes/default.rb
+++ b/cookbooks/dns/recipes/default.rb
@@ -18,7 +18,7 @@
 #
 
 include_recipe "git"
-include_recipe "apache"
+include_recipe "apache::ssl"
 
 passwords = data_bag_item("dns", "passwords")
 
@@ -71,6 +71,12 @@ template "/srv/dns.openstreetmap.org/html/index.html" do
   variables :zones => zones
 end
 
+ssl_certificate "dns.openstreetmap.org" do
+  domains "dns.openstreetmap.org"
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site "dns.openstreetmap.org" do
   template "apache.erb"
   directory "/srv/dns.openstreetmap.org"
diff --git a/cookbooks/dns/templates/default/apache.erb b/cookbooks/dns/templates/default/apache.erb
index 100d24e07..fd555e886 100644
--- a/cookbooks/dns/templates/default/apache.erb
+++ b/cookbooks/dns/templates/default/apache.erb
@@ -7,6 +7,21 @@
 	CustomLog /var/log/apache2/<%= @name %>-access.log combined
 	ErrorLog /var/log/apache2/<%= @name %>-error.log
 
+        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+        RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
+
+<VirtualHost *:443>
+	ServerName <%= @name %>
+	ServerAdmin webmaster@openstreetmap.org
+
+        SSLEngine on
+        SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+        SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+	CustomLog /var/log/apache2/<%= @name %>-access.log combined
+	ErrorLog /var/log/apache2/<%= @name %>-error.log
+
 	DocumentRoot <%= @directory %>/html
 	Alias /json/ /var/lib/dns/json/
 </VirtualHost>
-- 
2.43.2