From 0937ce6e8370a6c93af71098bf4a360ab6824944 Mon Sep 17 00:00:00 2001
From: Alex Dehnert <alex@dehnerts.com>
Date: Wed, 19 Jul 2023 01:30:41 +0000
Subject: [PATCH] Fixes to work better on chankillo

- Handle missing certs (fall back to snakeoil)
  - Once we have newer Apache2, we should use the `Warning` directive
- Consistently use vhost_combined log format so it's easier to debug wrong-vhost issues
- Fix server names
- Use the default vhost DocumentRoot for less confusion
---
 sites-available/000-default-ssl.conf | 15 +++++++++++----
 sites-available/mit-proxy.conf       | 13 ++++++++++---
 sites-common/alex                    |  2 +-
 sites-common/default                 |  8 ++++----
 sites-common/docs.mit.edu            |  2 +-
 sites-common/roost                   |  2 +-
 6 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/sites-available/000-default-ssl.conf b/sites-available/000-default-ssl.conf
index 56446b7..1dadd35 100644
--- a/sites-available/000-default-ssl.conf
+++ b/sites-available/000-default-ssl.conf
@@ -11,10 +11,17 @@
 	#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
 	#   If both key and certificate are stored in the same file, only the
 	#   SSLCertificateFile directive is needed.
-	SSLCertificateFile /etc/ssl/local-certs/dehnerts-web.chain.crt
-	SSLCertificateChainFile /etc/ssl/local-certs/dehnerts-web.chain.crt
-	#SSLCertificateFile    /etc/ssl/certs/general-web.crt
-	SSLCertificateKeyFile /etc/ssl/private/general-web.key
+	<IfFile "/etc/ssl/local-certs/dehnerts-web.chain.crt">
+		SSLCertificateFile /etc/ssl/local-certs/dehnerts-web.chain.crt
+		SSLCertificateChainFile /etc/ssl/local-certs/dehnerts-web.chain.crt
+		#SSLCertificateFile    /etc/ssl/certs/general-web.crt
+		SSLCertificateKeyFile /etc/ssl/private/general-web.key
+	</IfFile>
+	<IfFile ! "/etc/ssl/local-certs/dehnerts-web.chain.crt">
+		#Warning "correct default cert not detected, falling back to snakeoil"
+		SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+		SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+	</IfFile>
 
 	#   Server Certificate Chain:
 	#   Point SSLCertificateChainFile at a file containing the
diff --git a/sites-available/mit-proxy.conf b/sites-available/mit-proxy.conf
index 088d5d3..7babd55 100644
--- a/sites-available/mit-proxy.conf
+++ b/sites-available/mit-proxy.conf
@@ -22,9 +22,16 @@
     ProxyPassReverse "/"  "https://squaresdb.augsburg.vms.dehnerts.com/"
     ProxyPreserveHost on
     Include sites-common/ssl-common
-    SSLCertificateFile /etc/letsencrypt/live/squaresdb.dehnerts.com/fullchain.pem
-    SSLCertificateChainFile /etc/letsencrypt/live/squaresdb.dehnerts.com/fullchain.pem
-    SSLCertificateKeyFile /etc/letsencrypt/live/squaresdb.dehnerts.com/privkey.pem
+    <IfFile "/etc/letsencrypt/live/squaresdb.dehnerts.com/">
+        SSLCertificateFile /etc/letsencrypt/live/squaresdb.dehnerts.com/fullchain.pem
+        SSLCertificateChainFile /etc/letsencrypt/live/squaresdb.dehnerts.com/fullchain.pem
+        SSLCertificateKeyFile /etc/letsencrypt/live/squaresdb.dehnerts.com/privkey.pem
+    </IfFile>
+    <IfFile ! "/etc/letsencrypt/live/squaresdb.dehnerts.com/">
+        #Warning "correct default cert not detected, falling back to snakeoil"
+        SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+    </IfFile>
 </VirtualHost>
 </IfModule>
 
diff --git a/sites-common/alex b/sites-common/alex
index c40e8a7..df11cba 100644
--- a/sites-common/alex
+++ b/sites-common/alex
@@ -18,4 +18,4 @@ ErrorLog /var/log/apache2/error.alex.log
 # alert, emerg.
 LogLevel warn
 
-CustomLog /var/log/apache2/access.alex.log combined
+CustomLog /var/log/apache2/access.alex.log vhost_combined
diff --git a/sites-common/default b/sites-common/default
index 8d6b8c3..7fbca5c 100644
--- a/sites-common/default
+++ b/sites-common/default
@@ -1,8 +1,8 @@
 ServerAdmin webmaster@dehnerts.com
-ServerName olinda.mit.edu
-ServerAlias www.dehnerts.com www.dehnert.arctic.org
+ServerName chankillo.dehnerts.com
+ServerAlias chankillo.mit.edu dehnerts.com www.dehnerts.com www.dehnert.arctic.org
 
-DocumentRoot /var/www/default
+DocumentRoot /var/www/html/
 <Directory />
 	Options FollowSymLinks
 	AllowOverride None
@@ -38,7 +38,7 @@ ErrorLog ${APACHE_LOG_DIR}/error.log
 # alert, emerg.
 LogLevel warn
 
-CustomLog ${APACHE_LOG_DIR}/access.log combined
+CustomLog ${APACHE_LOG_DIR}/access.log vhost_combined
 
 Alias /doc/ "/usr/share/doc/"
 <Directory "/usr/share/doc/">
diff --git a/sites-common/docs.mit.edu b/sites-common/docs.mit.edu
index 535eeed..ff83e79 100644
--- a/sites-common/docs.mit.edu
+++ b/sites-common/docs.mit.edu
@@ -22,4 +22,4 @@ ErrorLog /var/log/apache2/error.docs.mit.edu.log
 # alert, emerg.
 LogLevel warn
 
-CustomLog /var/log/apache2/access.docs.mit.edu.log combined
+CustomLog /var/log/apache2/access.docs.mit.edu.log vhost_combined
diff --git a/sites-common/roost b/sites-common/roost
index 7aa3b10..8e54821 100644
--- a/sites-common/roost
+++ b/sites-common/roost
@@ -17,4 +17,4 @@ ErrorLog /var/log/apache2/error.roost.log
 # alert, emerg.
 LogLevel warn
 
-CustomLog /var/log/apache2/access.roost.log combined
+CustomLog /var/log/apache2/access.roost.log vhost_combined
-- 
2.34.1