# DO NOT EDIT - This file is being maintained by Chef
# Basic server configuration
ServerName <%= node[:fqdn] %>
ServerAlias tile.openstreetmap.org
ServerAlias render.openstreetmap.org
ServerAlias *.render.openstreetmap.org
ServerAlias parent.tile.openstreetmap.org
ServerAdmin webmaster@openstreetmap.org
# Configure location of static files and CGI scripts
DocumentRoot /srv/tile.openstreetmap.org/html
ScriptAlias /cgi-bin/ /srv/tile.openstreetmap.org/cgi-bin/
# Get the real remote IP for requests via a trusted proxy
RemoteIPHeader X-Forwarded-For
<% @caches.each do |cache| -%>
<% cache.ipaddresses(:role => :external).sort.each do |address| -%>
RemoteIPTrustedProxy <%= address %>
<% end -%>
<% end -%>
# Setup logging
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_with_remoteip
CustomLog /var/log/apache2/access.log combined_with_remoteip
ErrorLog /var/log/apache2/error.log
BufferedLogs on
# Always set Access-Control-Allow-Origin so that simple CORS requests
# will always work and can be cached
Header set Access-Control-Allow-Origin "*"
# Remove Proxy request header to mitigate https://httpoxy.org/
RequestHeader unset Proxy early
# Enable the rewrite engine
RewriteEngine on
# Rewrite tile requests to the default style
RewriteRule ^/(-?\d+)/(-?\d+)/(-?\d+)\.png$ /default/$1/$2/$3.png [PT,T=image/png,L]
RewriteRule ^/(-?\d+)/(-?\d+)/(-?\d+)\.png/status/?$ /default/$1/$2/$3.png/status [PT,T=text/plain,L]
RewriteRule ^/(-?\d+)/(-?\d+)/(-?\d+)\.png/dirty/?$ /default/$1/$2/$3.png/dirty [PT,T=text/plain,L]
# Historical Files redirect
Redirect /processed_p.tar.bz2 http://planet.openstreetmap.org/historical-shapefiles/processed_p.tar.bz2
Redirect /shoreline_300.tar.bz2 http://planet.openstreetmap.org/historical-shapefiles/shoreline_300.tar.bz2
Redirect /world_boundaries-spherical.tgz http://planet.openstreetmap.org/historical-shapefiles/world_boundaries-spherical.tgz
Options None
AllowOverride None
Require all granted
Options ExecCGI
AllowOverride None
Require all granted
Require all granted
Require not ip 60.199.131.39
Require not ip 92.217.67.26
Require not ip 103.53.208.109
Require not ip 113.196.123.178
Require not ip 118.193.51.194
Require not ip 119.188.70.34
Require not ip 165.228.125.15
Require not ip 171.13.14.152
Require not ip 171.15.132.56
Require not ip 199.203.108.5
Require not ip 210.209.89.127
Require not ip 210.65.88.6