+
+<VirtualHost *:80>
+ ServerName www.openstreetmap.org
+ ServerAlias *
+
+ Header always set Cache-Control "max-age=31536000"
+ Header always set Expires "Tue, 19 Jan 2038 03:14:07 GMT"
+
+ RewriteEngine on
+
+ RewriteRule ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 [R=permanent,L]
+
+ RewriteCond %{REQUEST_URI} !^/server-status$
+ RewriteRule ^(.*)$ https://www.openstreetmap.org$1 [L,NE,R=permanent]
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName openstreetmap.org
+ ServerAlias *
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem
+ SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key
+
+ Header always set Cache-Control "max-age=31536000"
+ Header always set Expires "Tue, 19 Jan 2038 03:14:07 GMT"
+
+ RedirectPermanent / https://www.openstreetmap.org/
+</VirtualHost>
+
+<Directory <%= node[:web][:base_directory] %>/rails/public>
+ Require all granted
+
+ RewriteCond "%{HTTP:Accept-encoding}" "gzip"
+ RewriteCond "%{REQUEST_FILENAME}\.gz" -s
+ RewriteRule "^(.*)\.(css|ico|js|json|svg|xml)$" "$1\.$2\.gz" [QSA]
+
+ RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1]
+ RewriteRule "\.ico\.gz$" "-" [T=image/vnd.microsoft.icon,E=no-gzip:1]
+ RewriteRule "\.js\.gz$" "-" [T=text/javascript,E=no-gzip:1]
+ RewriteRule "\.json\.gz$" "-" [T=application/json,E=no-gzip:1]
+ RewriteRule "\.svg\.gz$" "-" [T=image/svg+xml,E=no-gzip:1]
+ RewriteRule "\.xml\.gz$" "-" [T=application/xml,E=no-gzip:1]
+
+ <FilesMatch "\.(css|ico|js|json|svg|xml)\.gz$">
+ Header append Content-Encoding gzip
+ Header append Vary Accept-Encoding
+ </FilesMatch>
+</Directory>
+
+<Directory /srv/www.openstreetmap.org/static>
+ Require all granted
+</Directory>
+
+<Directory /srv/www.openstreetmap.org/rails/app/assets>
+ Require all granted
+</Directory>
+
+<Directory /srv/www.openstreetmap.org/rails/vendor/assets>
+ Require all granted
+</Directory>
+
+<Directory /store/rails/stats>
+ Require all granted
+</Directory>
+
+<Directory /store/rails/user/image>
+ Require all granted
+</Directory>
+
+<Directory /store/rails/attachments>
+ Require all granted
+</Directory>