# DO NOT EDIT - This file is being maintained by Chef
-<% [80, 443].each do |port| -%>
-<VirtualHost *:<%= port %>>
+<VirtualHost *:443>
# Basic server configuration
- ServerName <%= node[:fqdn] %>
- ServerAlias gps-tile.openstreetmap.org
+ ServerName gps-tile.openstreetmap.org
ServerAlias *.gps-tile.openstreetmap.org
+ ServerAlias gps.tile.openstreetmap.org
+ ServerAlias gps-*.tile.openstreetmap.org
ServerAdmin webmaster@openstreetmap.org
-<% if port == 443 -%>
# Enable SSL
SSLEngine on
-<% end -%>
+ SSLCertificateFile /etc/ssl/certs/gps-tile.openstreetmap.org.pem
+ SSLCertificateKeyFile /etc/ssl/private/gps-tile.openstreetmap.org.key
# Configure location of static files
DocumentRoot /srv/gps-tile.openstreetmap.org/html
RedirectPermanent /gps-lines/tile /lines
# Setup logging
- CustomLog /var/log/apache2/access.log combined
+ CustomLog /var/log/apache2/access.log combined_extended
ErrorLog /var/log/apache2/error.log
BufferedLogs on
Header set Access-Control-Allow-Origin "*"
</VirtualHost>
-<% end -%>
+<VirtualHost *:80>
+ # Basic server configuration
+ ServerName gps-tile.openstreetmap.org
+ ServerAlias *.gps-tile.openstreetmap.org
+ ServerAlias gps.tile.openstreetmap.org
+ ServerAlias gps-*.tile.openstreetmap.org
+ ServerAdmin webmaster@openstreetmap.org
+
+ # Enable rewriting
+ RewriteEngine On
+
+ # Redirect for ACME challenge validation
+ RewriteRule ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 [R=permanent,L]
+
+ # Redirect to https
+ RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=permanent,L]
+
+ # Setup logging
+ CustomLog /var/log/apache2/access.log combined_extended
+ ErrorLog /var/log/apache2/error.log
+ BufferedLogs on
+</VirtualHost>
+
<Directory /srv/gps-tile.openstreetmap.org/html>
Options None
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all granted
+</Directory>
+
+<Directory /srv/gps-tile.openstreetmap.org/updater>
+ <Files tile>
+ Require all granted
+ </Files>
</Directory>