+ # Historical Files redirect
+ RedirectPermanent /processed_p.tar.bz2 https://planet.openstreetmap.org/historical-shapefiles/processed_p.tar.bz2
+ RedirectPermanent /shoreline_300.tar.bz2 https://planet.openstreetmap.org/historical-shapefiles/shoreline_300.tar.bz2
+ RedirectPermanent /world_boundaries-spherical.tgz https://planet.openstreetmap.org/historical-shapefiles/world_boundaries-spherical.tgz
+
+ # Redirect ACME certificate challenges
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+</VirtualHost>
+
+<VirtualHost *:80>
+ # Basic server configuration
+ ServerName <%= node[:fqdn] %>
+ ServerAlias tile.openstreetmap.org
+ ServerAlias render.openstreetmap.org
+ ServerAdmin webmaster@openstreetmap.org
+
+ # Get the real remote IP for requests via a trusted proxy
+ RemoteIPHeader X-Forwarded-For
+<% @caches.each do |cache| -%>
+<% cache.ipaddresses(:role => :external).sort.each do |address| -%>
+ RemoteIPTrustedProxy <%= address %>
+<% end -%>
+<% end -%>
+
+ # Setup logging
+ LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_with_remoteip
+ CustomLog /var/log/apache2/access.log combined_with_remoteip
+ ErrorLog /var/log/apache2/error.log
+ BufferedLogs on
+
+ # Always set Access-Control-Allow-Origin so that simple CORS requests
+ # will always work and can be cached
+ Header set Access-Control-Allow-Origin "*"
+
+ # Remove Proxy request header to mitigate https://httpoxy.org/
+ RequestHeader unset Proxy early
+
+ # Enable the rewrite engine
+ RewriteEngine on
+
+ # Redirect ACME certificate challenges
+ RewriteRule ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 [R=permanent,L]
+
+ # Redirect to https
+ RewriteCond %{REQUEST_URI} !^/server-status$
+ RewriteCond %{REQUEST_URI} !^/mod_tile$
+ RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=permanent,L]