Fixes to work better on chankillo

- Handle missing certs (fall back to snakeoil)
  - Once we have newer Apache2, we should use the `Warning` directive
- Consistently use vhost_combined log format so it's easier to debug wrong-vhost issues
- Fix server names
- Use the default vhost DocumentRoot for less confusion

diff --git a/sites-available/000-default-ssl.conf b/sites-available/000-default-ssl.conf
index 56446b7edfc265ac02a47f7740aa1ea308d722ac..1dadd35824a9613425481ef7640263760e5a08b8 100644 (file)
--- a/sites-available/000-default-ssl.conf
+++ b/sites-available/000-default-ssl.conf
@@ -11,10 +11,17 @@
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
-       SSLCertificateFile /etc/ssl/local-certs/dehnerts-web.chain.crt
-       SSLCertificateChainFile /etc/ssl/local-certs/dehnerts-web.chain.crt
-       #SSLCertificateFile    /etc/ssl/certs/general-web.crt
-       SSLCertificateKeyFile /etc/ssl/private/general-web.key
+       <IfFile "/etc/ssl/local-certs/dehnerts-web.chain.crt">
+               SSLCertificateFile /etc/ssl/local-certs/dehnerts-web.chain.crt
+               SSLCertificateChainFile /etc/ssl/local-certs/dehnerts-web.chain.crt
+               #SSLCertificateFile    /etc/ssl/certs/general-web.crt
+               SSLCertificateKeyFile /etc/ssl/private/general-web.key
+       </IfFile>
+       <IfFile ! "/etc/ssl/local-certs/dehnerts-web.chain.crt">
+               #Warning "correct default cert not detected, falling back to snakeoil"
+               SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+               SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+       </IfFile>
 
        #   Server Certificate Chain:
        #   Point SSLCertificateChainFile at a file containing the

diff --git a/sites-available/mit-proxy.conf b/sites-available/mit-proxy.conf
index 088d5d3f04eba30d458969d4aeb8ccd337d94a4a..7babd55198662df5320bdb57f06e1e0091fea685 100644 (file)
--- a/sites-available/mit-proxy.conf
+++ b/sites-available/mit-proxy.conf
@@ -22,9 +22,16 @@
     ProxyPassReverse "/"  "https://squaresdb.augsburg.vms.dehnerts.com/"
     ProxyPreserveHost on
     Include sites-common/ssl-common
-    SSLCertificateFile /etc/letsencrypt/live/squaresdb.dehnerts.com/fullchain.pem
-    SSLCertificateChainFile /etc/letsencrypt/live/squaresdb.dehnerts.com/fullchain.pem
-    SSLCertificateKeyFile /etc/letsencrypt/live/squaresdb.dehnerts.com/privkey.pem
+    <IfFile "/etc/letsencrypt/live/squaresdb.dehnerts.com/">
+        SSLCertificateFile /etc/letsencrypt/live/squaresdb.dehnerts.com/fullchain.pem
+        SSLCertificateChainFile /etc/letsencrypt/live/squaresdb.dehnerts.com/fullchain.pem
+        SSLCertificateKeyFile /etc/letsencrypt/live/squaresdb.dehnerts.com/privkey.pem
+    </IfFile>
+    <IfFile ! "/etc/letsencrypt/live/squaresdb.dehnerts.com/">
+        #Warning "correct default cert not detected, falling back to snakeoil"
+        SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+    </IfFile>
 </VirtualHost>
 </IfModule>
 

diff --git a/sites-common/alex b/sites-common/alex
index c40e8a708e70c1ee0c834ea971bb7da619fcd057..df11cba216ebaa3bc97753695e9822e8623fb81d 100644 (file)
--- a/sites-common/alex
+++ b/sites-common/alex
@@ -18,4 +18,4 @@ ErrorLog /var/log/apache2/error.alex.log
 # alert, emerg.
 LogLevel warn
 
-CustomLog /var/log/apache2/access.alex.log combined
+CustomLog /var/log/apache2/access.alex.log vhost_combined

diff --git a/sites-common/default b/sites-common/default
index 8d6b8c32f090411fd612329a4d051c4c0f983ed6..7fbca5c66db93dcb4ec67486430ec2947a45a31b 100644 (file)
--- a/sites-common/default
+++ b/sites-common/default
@@ -1,8 +1,8 @@
 ServerAdmin webmaster@dehnerts.com
-ServerName olinda.mit.edu
-ServerAlias www.dehnerts.com www.dehnert.arctic.org
+ServerName chankillo.dehnerts.com
+ServerAlias chankillo.mit.edu dehnerts.com www.dehnerts.com www.dehnert.arctic.org
 
-DocumentRoot /var/www/default
+DocumentRoot /var/www/html/
 <Directory />
        Options FollowSymLinks
        AllowOverride None
@@ -38,7 +38,7 @@ ErrorLog ${APACHE_LOG_DIR}/error.log
 # alert, emerg.
 LogLevel warn
 
-CustomLog ${APACHE_LOG_DIR}/access.log combined
+CustomLog ${APACHE_LOG_DIR}/access.log vhost_combined
 
 Alias /doc/ "/usr/share/doc/"
 <Directory "/usr/share/doc/">

diff --git a/sites-common/docs.mit.edu b/sites-common/docs.mit.edu
index 535eeed0b3aa458cc6a708244ab8bfbfc6ed53a9..ff83e79cb80b4b2056b3d6a085e17f0d9afde154 100644 (file)
--- a/sites-common/docs.mit.edu
+++ b/sites-common/docs.mit.edu
@@ -22,4 +22,4 @@ ErrorLog /var/log/apache2/error.docs.mit.edu.log
 # alert, emerg.
 LogLevel warn
 
-CustomLog /var/log/apache2/access.docs.mit.edu.log combined
+CustomLog /var/log/apache2/access.docs.mit.edu.log vhost_combined

diff --git a/sites-common/roost b/sites-common/roost
index 7aa3b10cc14207d8fb901e62dec1951fe6efaa7d..8e54821048d7fc4f644d5568032a33c4d0a8f658 100644 (file)
--- a/sites-common/roost
+++ b/sites-common/roost
@@ -17,4 +17,4 @@ ErrorLog /var/log/apache2/error.roost.log
 # alert, emerg.
 LogLevel warn
 
-CustomLog /var/log/apache2/access.roost.log combined
+CustomLog /var/log/apache2/access.roost.log vhost_combined