From eeb020d7f1a37e0bfa913d0948c6d0cc1e9d5ef4 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 19 Jun 2019 22:40:28 +0000
Subject: [PATCH] pagure: Get and use a letsencrypt cert for
 pagure.org/stg.pagure.org

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/pagure/frontend/tasks/main.yml          | 11 +++++++++
 roles/pagure/frontend/templates/0_pagure.conf | 23 ++++++++++++++++---
 2 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/roles/pagure/frontend/tasks/main.yml b/roles/pagure/frontend/tasks/main.yml
index 4a455e6b01..b3be7a2c3f 100644
--- a/roles/pagure/frontend/tasks/main.yml
+++ b/roles/pagure/frontend/tasks/main.yml
@@ -245,6 +245,17 @@
     site_name: releases.stg.pagure.org
   when: env == 'pagure-staging'
 
+- name: Letsencrypt for stg.pagure.org
+  include_role: name=letsencrypt
+  vars:
+    site_name: stg.pagure.org
+  when: env == 'pagure-staging'
+
+- name: Letsencrypt for pagure.org
+  include_role: name=letsencrypt
+  vars:
+    site_name: pagure.org
+
 - name: Install the SSL cert so that we can use https
   copy: >
       src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }}
diff --git a/roles/pagure/frontend/templates/0_pagure.conf b/roles/pagure/frontend/templates/0_pagure.conf
index 87009fce04..a809f46f98 100644
--- a/roles/pagure/frontend/templates/0_pagure.conf
+++ b/roles/pagure/frontend/templates/0_pagure.conf
@@ -38,6 +38,17 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
   #Redirect permanent / https://releases.pagure.org/
 {% endif %}
 
+<VirtualHost *:80>
+{% if env == 'pagure-staging' %}
+  ServerName stg.pagure.org
+  #Redirect permanent / https://releases.stg.pagure.org/
+  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
+{% else %}
+  ServerName pagure.org
+  #Redirect permanent / https://releases.pagure.org/
+  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
+{% endif %}
+
 # Added until we can get the cert out
   DocumentRoot "/var/www/releases"
 
@@ -119,9 +130,15 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
   # Use secure TLSv1.1 and TLSv1.2 ciphers
   Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
 
-  SSLCertificateFile /etc/pki/tls/certs/docs.pagure.org.crt
-  SSLCertificateChainFile /etc/pki/tls/certs/docs.pagure.org.intermediate.crt
-  SSLCertificateKeyFile /etc/pki/tls/certs/docs.pagure.org.key
+{% if env == 'pagure-staging' %}
+  SSLCertificateFile /etc/pki/tls/certs/stg.pagure.org.crt
+  SSLCertificateChainFile /etc/pki/tls/certs/stg.pagure.org.intermediate.crt
+  SSLCertificateKeyFile /etc/pki/tls/certs/stg.pagure.org.key
+{% else %}
+  SSLCertificateFile /etc/pki/tls/certs/pagure.org.crt
+  SSLCertificateChainFile /etc/pki/tls/certs/pagure.org.intermediate.crt
+  SSLCertificateKeyFile /etc/pki/tls/certs/pagure.org.key
+{% endif %}
 {% if env == 'pagure-staging' %}
   Redirect permanent / https://stg.pagure.io/
 {% else %}