From f5296ebe7c9608620d72fe3936706a0408a30c5b Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Sun, 12 Feb 2017 09:53:49 +0000 Subject: [PATCH] Generate letsencrypt certificates for mediawiki sites --- .rubocop_todo.yml | 2 +- cookbooks/mediawiki/.foodcritic | 1 + cookbooks/mediawiki/providers/site.rb | 10 +++++++--- cookbooks/mediawiki/resources/site.rb | 2 -- cookbooks/mediawiki/templates/default/apache.erb | 5 +++++ 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index f5b756028..d566e2bcc 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -13,7 +13,7 @@ Metrics/AbcSize: # Offense count: 27 # Configuration parameters: CountComments. Metrics/BlockLength: - Max: 356 + Max: 359 # Offense count: 3 Metrics/CyclomaticComplexity: diff --git a/cookbooks/mediawiki/.foodcritic b/cookbooks/mediawiki/.foodcritic index a085263c8..26719e832 100644 --- a/cookbooks/mediawiki/.foodcritic +++ b/cookbooks/mediawiki/.foodcritic @@ -1,3 +1,4 @@ ~FC001 +~FC021 ~FC064 ~FC065 diff --git a/cookbooks/mediawiki/providers/site.rb b/cookbooks/mediawiki/providers/site.rb index 7c5792aa0..24b53c8fa 100644 --- a/cookbooks/mediawiki/providers/site.rb +++ b/cookbooks/mediawiki/providers/site.rb @@ -454,15 +454,19 @@ action :create do ports = new_resource.ssl_enabled ? [80, 443] : [80] + ssl_certificate new_resource.name do + domains [new_resource.name] + Array(new_resource.aliases) + only_if { new_resource.ssl_enabled } + end + apache_site new_resource.name do cookbook "mediawiki" template "apache.erb" directory site_directory variables :aliases => Array(new_resource.aliases), :private => new_resource.private, - :ports => ports, - :ssl_certificate => new_resource.ssl_certificate, - :ssl_certificate_chain => new_resource.ssl_certificate_chain + :ssl_enabled => new_resource.ssl_enabled, + :ports => ports reload_apache false end diff --git a/cookbooks/mediawiki/resources/site.rb b/cookbooks/mediawiki/resources/site.rb index b05ebe4c3..2521bc65d 100644 --- a/cookbooks/mediawiki/resources/site.rb +++ b/cookbooks/mediawiki/resources/site.rb @@ -40,8 +40,6 @@ attribute :site_readonly, :kind_of => [String, TrueClass, FalseClass], :default attribute :admin_user, :kind_of => String, :default => "Admin" attribute :admin_password, :kind_of => String, :required => true attribute :ssl_enabled, :kind_of => [TrueClass, FalseClass], :default => false -attribute :ssl_certificate, :kind_of => String -attribute :ssl_certificate_chain, :kind_of => String attribute :private_accounts, :kind_of => [TrueClass, FalseClass], :default => false attribute :private, :kind_of => [TrueClass, FalseClass], :default => false attribute :recaptcha_public_key, :kind_of => String diff --git a/cookbooks/mediawiki/templates/default/apache.erb b/cookbooks/mediawiki/templates/default/apache.erb index 7aed4b3e7..a3cb02ad1 100644 --- a/cookbooks/mediawiki/templates/default/apache.erb +++ b/cookbooks/mediawiki/templates/default/apache.erb @@ -21,6 +21,10 @@ DocumentRoot <%= @directory %> +<% if @ssl_enabled -%> + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ +<% end -%> + php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/ #php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open" php_value memory_limit 128M @@ -57,6 +61,7 @@ RewriteCond %{REQUEST_URI} !^/api\.php$ RewriteCond %{REQUEST_URI} !^/opensearch_desc\.php$ RewriteCond %{REQUEST_URI} !^/server-status + RewriteCond %{REQUEST_URI} !^/.well-known/ RewriteCond %{LA-U:REQUEST_FILENAME} !-f RewriteCond %{LA-U:REQUEST_FILENAME} !-d RewriteRule ^/(.*) /wiki/$1 [R,L] -- 2.43.2