diff --git a/templates/pottwal/spaceapi-apache-site.j2 b/templates/pottwal/spaceapi-apache-site.j2
new file mode 100644
index 0000000..5d6961d
--- /dev/null
+++ b/templates/pottwal/spaceapi-apache-site.j2
@@ -0,0 +1,53 @@
+{% if 'address' in ansible_default_ipv6 %}
+<VirtualHost {{ ansible_default_ipv4.address }}:80 [{{ ansible_default_ipv6.address }}]:80>
+{% else %}
+<VirtualHost {{ ansible_default_ipv4.address }}:80>
+{% endif %}
+    ServerAdmin {{ server_admin }}
+    ServerName {{ site_name }}
+    ServerAlias {{ site_name }}
+    ErrorLog /var/log/apache2/{{ site_name }}-error.log
+    CustomLog /var/log/apache2/{{ site_name }}-access.log common
+
+    Alias /.well-known/acme-challenge {{ dehydrated_wellknown_dir }}
+
+    <ifmodule mod_rewrite.c>
+        RewriteEngine On
+        RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
+        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+    </ifmodule>
+</VirtualHost>
+
+<IfFile {{dehydrated_certs_dir}}/{{ site_name }}/cert.pem>
+<IfFile {{dehydrated_certs_dir}}/{{ site_name }}/privkey.pem>
+<IfFile {{dehydrated_certs_dir}}/{{ site_name }}/chain.pem>
+{% if 'address' in ansible_default_ipv6 %}
+<VirtualHost {{ ansible_default_ipv4.address }}:443 [{{ ansible_default_ipv6.address }}]:443>
+{% else %}
+<VirtualHost {{ ansible_default_ipv4.address }}:443>
+{% endif %}
+    ServerAdmin {{ server_admin }}
+    ServerName {{ site_name }}
+    ServerAlias {{ site_name }}
+
+    ErrorLog /var/log/apache2/{{ site_name }}-error.log
+    CustomLog /var/log/apache2/{{ site_name }}-access.log common
+
+    SSLEngine on
+    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+    SSLCertificateFile    {{dehydrated_certs_dir}}/{{ site_name }}/cert.pem
+    SSLCertificateKeyFile {{dehydrated_certs_dir}}/{{ site_name }}/privkey.pem
+    SSLCertificateChainFile {{dehydrated_certs_dir}}/{{ site_name }}/chain.pem
+
+    AllowEncodedSlashes NoDecode
+    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
+    RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
+    ProxyPreserveHost {{ proxy_preserve_host | default("Off") }}
+
+    ProxyPass /json http://172.23.48.7/spaceapi
+    ProxyPass /text http://172.23.48.7/state.txt
+    ProxyPass /state.png  http://172.23.48.7/state.png
+</VirtualHost>
+</IfFile>
+</IfFile>
+</IfFile>