+<% end -%>
+
+ # Setup logging
+ LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_with_remoteip
+ CustomLog /var/log/apache2/access.log combined_with_remoteip
+ ErrorLog /var/log/apache2/error.log
+ BufferedLogs on
+
+ # Always set Access-Control-Allow-Origin so that simple CORS requests
+ # will always work and can be cached
+ Header set Access-Control-Allow-Origin "*"
+
+ # Remove Proxy request header to mitigate https://httpoxy.org/
+ RequestHeader unset Proxy early
+
+ # Enable the rewrite engine
+ RewriteEngine on
+
+ # Redirect ACME certificate challenges
+ RewriteRule ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 [R=permanent,L]
+
+ # Redirect to https
+ RewriteCond %{REQUEST_URI} !^/server-status$
+ RewriteCond %{REQUEST_URI} !^/mod_tile$
+ RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=permanent,L]
+</VirtualHost>
+