From 3b44a4b78606984327c25611405b8782a3f89bf4 Mon Sep 17 00:00:00 2001
From: Doormouse2House <graham@ridl.no>
Date: Wed, 7 Dec 2016 17:12:10 +0000
Subject: [PATCH 1/2] support SSL redirect support self-signed cert in default
 location (Debian) support Lets Encrypt

---
 templates/default/wordpress.conf.erb | 33 ++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/templates/default/wordpress.conf.erb b/templates/default/wordpress.conf.erb
index 2fc691b..ead37e9 100644
--- a/templates/default/wordpress.conf.erb
+++ b/templates/default/wordpress.conf.erb
@@ -1,3 +1,19 @@
+<% if node['wordpress']['ssl']['redirect'] %>
+<VirtualHost *:80>
+        ServerName <%= @params[:server_name] %>
+        ServerAlias <% @params[:server_aliases].each do |a| %><%= a %> <% end %>
+        DocumentRoot <%= @params[:docroot] %>
+
+        LogLevel info
+        ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-error.log
+        CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined
+
+        RewriteEngine On
+        RewriteCond %{HTTPS} off
+        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
+<% end %>
+
 <VirtualHost *:<%= @params[:server_port] %>>
   ServerName <%= @params[:server_name] %>
   ServerAlias <% @params[:server_aliases].each do |a| %><%= a %> <% end %>
@@ -20,12 +36,25 @@
   </Directory>
 
   LogLevel info
-  ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-error.log
-  CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined
+  ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-ssl-error.log
+  CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-ssl-access.log combined
 
   RewriteEngine On
 <% unless node['apache']['version'] == '2.4' %>
   RewriteLog <%= node['apache']['log_dir'] %>/<%= @application_name %>-rewrite.log
   RewriteLogLevel 0
 <% end %>
+
+<% if node['wordpress']['ssl']['enabled'] %>
+  SSLEngine on
+  <% if node['wordpress']['ssl']['lets_encrypt'] %>
+  SSLCertificateFile /etc/letsencrypt/live/<%= @params[:server_name] %>/cert.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/<%= @params[:server_name] %>/privkey.pem
+  Include /etc/letsencrypt/options-ssl-apache.conf
+  SSLCertificateChainFile /etc/letsencrypt/live/<%= @params[:server_name] %>/chain.pem
+  <% else %>
+  SSLCertificateFile /etc/ssl/certs/<%= node['wordpress']['ssl']['cert_name'] %>.crt
+  SSLCertificateKeyFile /etc/ssl/private/<%= node['wordpress']['ssl']['cert_name'] %>.key
+  <% end %>
+<% end %>
 </VirtualHost>

From 90501b81feb60778972684e666d77d5dd97f1cb3 Mon Sep 17 00:00:00 2001
From: Doormouse2House <graham@ridl.no>
Date: Wed, 7 Dec 2016 17:18:03 +0000
Subject: [PATCH 2/2] change logfile name, dependent on wordpress.ssl.redirect
 attribute

---
 templates/default/wordpress.conf.erb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/templates/default/wordpress.conf.erb b/templates/default/wordpress.conf.erb
index ead37e9..56341c5 100644
--- a/templates/default/wordpress.conf.erb
+++ b/templates/default/wordpress.conf.erb
@@ -36,8 +36,13 @@
   </Directory>
 
   LogLevel info
+  <% if node['wordpress']['ssl']['redirect'] %>
   ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-ssl-error.log
   CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-ssl-access.log combined
+  <% else %>
+  ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-error.log
+  CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined
+  <% end %>
 
   RewriteEngine On
 <% unless node['apache']['version'] == '2.4' %>