From 0adb8eaabcbb0797a434eb815f8ea969d7935d7b Mon Sep 17 00:00:00 2001
From: clime <clime@redhat.com>
Date: Fri, 29 Jun 2018 11:03:44 +0200
Subject: [PATCH] copr-dist-git: add exception for acme challenge, fix
 indenting

---
 roles/copr/dist_git/templates/ssl.conf.j2 | 52 ++++++++++++-----------
 1 file changed, 27 insertions(+), 25 deletions(-)

diff --git a/roles/copr/dist_git/templates/ssl.conf.j2 b/roles/copr/dist_git/templates/ssl.conf.j2
index 849d0540dc..6bc391147a 100644
--- a/roles/copr/dist_git/templates/ssl.conf.j2
+++ b/roles/copr/dist_git/templates/ssl.conf.j2
@@ -1,44 +1,46 @@
 <VirtualHost *:80>
-        RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,R=301,NE]
+    RewriteEngine on
+    RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
+    RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,R=301,NE]
 </VirtualHost>
 
 Listen 443 https
 
 SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
-SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
+SSLSessionCache     shmcb:/run/httpd/sslcache(512000)
 SSLSessionCacheTimeout  300
 SSLRandomSeed startup file:/dev/urandom  256
 SSLRandomSeed connect builtin
 SSLCryptoDevice builtin
 
 <VirtualHost _default_:443>
-        SSLCertificateFile    /etc/letsencrypt/live/{{ inventory_hostname }}/cert.pem
-        SSLCertificateKeyFile  /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem
-        SSLCertificateChainFile /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
+    SSLCertificateFile    /etc/letsencrypt/live/{{ inventory_hostname }}/cert.pem
+    SSLCertificateKeyFile  /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
 
-        ErrorLog logs/ssl_error_log
-        TransferLog logs/ssl_access_log
-        LogLevel warn
+    ErrorLog logs/ssl_error_log
+    TransferLog logs/ssl_access_log
+    LogLevel warn
 
-        SSLEngine on
+    SSLEngine on
 
-        SSLProtocol all -SSLv3
-        SSLProxyProtocol all -SSLv3
-        SSLHonorCipherOrder on
-        SSLCipherSuite PROFILE=SYSTEM
-        SSLProxyCipherSuite PROFILE=SYSTEM
+    SSLProtocol all -SSLv3
+    SSLProxyProtocol all -SSLv3
+    SSLHonorCipherOrder on
+    SSLCipherSuite PROFILE=SYSTEM
+    SSLProxyCipherSuite PROFILE=SYSTEM
 
-        <FilesMatch "\.(cgi|shtml|phtml|php)$">
-            SSLOptions +StdEnvVars
-        </FilesMatch>
-        <Directory "/var/www/cgi-bin">
-            SSLOptions +StdEnvVars
-        </Directory>
+    <FilesMatch "\.(cgi|shtml|phtml|php)$">
+        SSLOptions +StdEnvVars
+    </FilesMatch>
+    <Directory "/var/www/cgi-bin">
+        SSLOptions +StdEnvVars
+    </Directory>
 
-        BrowserMatch "MSIE [2-5]" \
-                 nokeepalive ssl-unclean-shutdown \
-                 downgrade-1.0 force-response-1.0
+    BrowserMatch "MSIE [2-5]" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
 
-        CustomLog logs/ssl_request_log \
-                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+    CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 </VirtualHost>