diff --git a/roles/fedora-web/main/files/deflate.conf b/roles/fedora-web/main/files/deflate.conf
new file mode 100644
index 0000000000..76c9733f79
--- /dev/null
+++ b/roles/fedora-web/main/files/deflate.conf
@@ -0,0 +1,29 @@
+LoadModule deflate_module modules/mod_deflate.so
+SetOutputFilter DEFLATE
+
+
+ # Insert filter
+ SetOutputFilter DEFLATE
+
+ # Netscape 4.x has some problems...
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+
+ # Netscape 4.06-4.08 have some more problems
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+
+ # MSIE masquerades as Netscape, but it is fine
+ # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+ # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
+ # the above regex won't work. You can use the following
+ # workaround to get the desired effect:
+ BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+
+ # Don't compress images
+ SetEnvIfNoCase Request_URI \
+ \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+
+ # Make sure proxies don't deliver the wrong content
+ Header append Vary User-Agent env=!dont-vary
+
+
diff --git a/roles/fedora-web/main/files/expires.conf b/roles/fedora-web/main/files/expires.conf
new file mode 100644
index 0000000000..4c7262d95a
--- /dev/null
+++ b/roles/fedora-web/main/files/expires.conf
@@ -0,0 +1,17 @@
+ExpiresActive On
+ExpiresByType image/png "access plus 1 week"
+ExpiresByType image/gif "access plus 1 week"
+ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
+
+ ExpiresDefault "access plus 1 week"
+
+FileETag none
+#
+# We want this file to never cache, it's used to determine if a client is
+# behind a caching proxy of some kind.
+#
+
+ Header set Cache-Control "must-revalidate"
+ ExpiresActive On
+ ExpiresDefault "now"
+
diff --git a/roles/fedora-web/main/files/fedora-web.conf b/roles/fedora-web/main/files/fedora-web.conf
new file mode 100644
index 0000000000..e369744939
--- /dev/null
+++ b/roles/fedora-web/main/files/fedora-web.conf
@@ -0,0 +1,24 @@
+Alias /favicon.ico /srv/web/fedoraproject.org/static/images/favicon.ico
+DocumentRoot /srv/web/fedoraproject.org/
+
+ErrorDocument 404 /e/404
+
+FileETag MTime Size
+
+AddType image/svg+xml .svg
+AddType image/svg+xml .svgz
+AddEncoding gzip .svgz
+
+
+ mod_gzip_on No
+
+
+
+
+ SetEnvIfNoCase Origin "https?://.*\.fedora(project|people|hosted)\.org" ACAO=$0
+ Header set Access-Control-Allow-Origin %{ACAO}e env=ACAO
+
+
+
+ Options Indexes
+
diff --git a/roles/fedora-web/main/files/persona.conf b/roles/fedora-web/main/files/persona.conf
new file mode 100644
index 0000000000..febd293ef2
--- /dev/null
+++ b/roles/fedora-web/main/files/persona.conf
@@ -0,0 +1,5 @@
+Alias /.well-known/browserid /srv/web/browserid.fedoraproject.org
+
+
+ ForceType application/json
+
diff --git a/roles/fedora-web/main/files/redirects.conf.prod b/roles/fedora-web/main/files/redirects.conf.prod
new file mode 100644
index 0000000000..8fc9f96687
--- /dev/null
+++ b/roles/fedora-web/main/files/redirects.conf.prod
@@ -0,0 +1,35 @@
+RewriteEngine On
+
+# TODO: Are these still necessary?
+RewriteRule ^/CodecBuddy http://fedoraproject.org/wiki/CodecBuddy [NC]
+RewriteRule ^/soc.*$ http://fedoraproject.org/wiki/SummerOfCode [R=301,L]
+
+# Legal redirects
+RewriteRule ^/([^/]+/)?legal/licenses/export https://fedoraproject.org/wiki/Legal:Export [R=301,L]
+RewriteRule ^/([^/]+/)?legal/licenses https://fedoraproject.org/wiki/Legal:Licenses/LicenseAgreement [R=301,L]
+RewriteRule ^/([^/]+/)?legal/trademarks http://fedoraproject.org/wiki/Legal:Trademark_guidelines [R=301,L]
+RewriteRule ^/([^/]+/)?legal https://fedoraproject.org/wiki/Legal:Main [R=301,L]
+
+# Drop distributed web referrer hits
+RewriteCond %{HTTP_REFERER} ^http://.*/feed/index\.php\?pid2=.*&sid2=.*&mb2=.*&partnerid2=.*&redir=.*&multi=.*&aff_id=.*$
+RewriteCond %{HTTP_REFERER} ^http://playdot.net/.*$
+RewriteRule .* - [F]
+
+# Drop connections from .ru site thats spawning thousands of connections at a time.
+RewriteCond %{REMOTE_ADDR} ^95\.24\.237\.122$
+RewriteRule .* - [F]
+
+# With f20 we dropped this options link
+RewriteRule ^(/.*)?/get-fedora-options.*$ $1/get-fedora [R=302]
+
+# Comment this when there is a prerelease available
+#RewriteRule ^(/.*)?/get-prerelease.*$ $1/get-fedora [R=302]
+#RewriteRule ^(/.*)?/get-spin-prerelease.*$ $1/get-fedora [R=302]
+
+RewriteEngine On
+RewriteCond %{HTTPS} off
+RewriteRule ^/([^/]+/)?(keys|verify)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+
+
+RewriteCond %{HTTP_REFERER} .*fedorproject.*
+RewriteRule .* http://mmcgrath.fedorapeople.org/spam.html [R=301,L]
diff --git a/roles/fedora-web/main/files/redirects.conf.stg b/roles/fedora-web/main/files/redirects.conf.stg
new file mode 100644
index 0000000000..6910a053de
--- /dev/null
+++ b/roles/fedora-web/main/files/redirects.conf.stg
@@ -0,0 +1,22 @@
+RewriteEngine On
+
+# TODO: Are these still necessary?
+RewriteRule ^/CodecBuddy http://fedoraproject.org/wiki/CodecBuddy [NC]
+RewriteRule ^/soc.*$ http://fedoraproject.org/wiki/SummerOfCode [R=301,L]
+
+# Legal redirects
+RewriteRule ^/([^/]+/)?legal/licenses/export https://fedoraproject.org/wiki/Legal:Export [R=301,L]
+RewriteRule ^/([^/]+/)?legal/licenses https://fedoraproject.org/wiki/Legal:Licenses/LicenseAgreement [R=301,L]
+RewriteRule ^/([^/]+/)?legal/trademarks http://fedoraproject.org/wiki/Legal:Trademark_guidelines [R=301,L]
+RewriteRule ^/([^/]+/)?legal https://fedoraproject.org/wiki/Legal:Main [R=301,L]
+
+# Comment this when there is a prerelease available
+#RewriteRule ^(/.*)?/get-prerelease$ $1/get-fedora [R=302]
+
+RewriteEngine On
+RewriteCond %{HTTPS} off
+RewriteRule ^/([^/]+/)?(keys|verify)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+
+
+RewriteCond %{HTTP_REFERER} .*fedorproject.*
+RewriteRule .* http://mmcgrath.fedorapeople.org/spam.html [R=301,L]
diff --git a/roles/fedora-web/main/tasks/main.yml b/roles/fedora-web/main/tasks/main.yml
new file mode 100644
index 0000000000..1913940e82
--- /dev/null
+++ b/roles/fedora-web/main/tasks/main.yml
@@ -0,0 +1,71 @@
+
+# TODO -- still port this cronjob
+# cron { "sync-fedora-web":
+# # TODO: Make add some locking to this.
+# command => "/usr/bin/rsync --delete -a --no-owner --no-group bapp02::fedoraproject.org/ /srv/web/fedoraproject.org/",
+# user => "root",
+# minute => 25,
+# }
+
+- name: Copy some config files for {{website}}
+ copy: >
+ src={{item}} dest=/etc/httpd/conf.d/{{website}}/{{item}}
+ owner=root group=root mode=0644
+ with_items:
+ - fedora-web.conf
+ - languages.conf
+ - cache.conf
+ - persona.conf
+ - expires.conf
+ - deflate.conf
+ notify:
+ - restart httpd
+ tags:
+ - fedora-web
+ - fedora-web/main
+
+- name: And one template (for {{website}})
+ template: >
+ src={{item}} dest=/etc/httpd/conf.d/{{website}}/{{item}}
+ owner=root group=root mode=0644
+ with_items:
+ - sponsors.conf
+ notify:
+ - restart httpd
+ tags:
+ - fedora-web
+ - fedora-web/main
+
+- name: And, copy over a template for browserid
+ template: >
+ src=browserid.fedoraproject.org dest=/srv/web/browserid.fedoraproject.org
+ owner=root group=root mode=0644
+ notify:
+ - restart httpd
+ tags:
+ - fedora-web
+ - fedora-web/main
+
+# TODO -- turn these into redirects in playbooks/groups/proxies-redirect.yml
+- name: Copy over some miscellaneous redirects (for stg)
+ copy: >
+ src=redirects.conf.stg dest=/etc/httpd/conf.d/{{website}}/redirects.conf
+ owner=root group=root mode=0644
+ when: env == "staging"
+ notify:
+ - restart httpd
+ tags:
+ - fedora-web
+ - fedora-web/main
+
+# TODO -- turn these into redirects in playbooks/groups/proxies-redirect.yml
+- name: Copy over some miscellaneous redirects (for prod)
+ copy: >
+ src=redirects.conf.prod dest=/etc/httpd/conf.d/{{website}}/redirects.conf
+ owner=root group=root mode=0644
+ when: env != "staging"
+ notify:
+ - restart httpd
+ tags:
+ - fedora-web
+ - fedora-web/main
diff --git a/roles/fedora-web/main/templates/browserid.fedoraproject.org b/roles/fedora-web/main/templates/browserid.fedoraproject.org
new file mode 100644
index 0000000000..9620c5adf3
--- /dev/null
+++ b/roles/fedora-web/main/templates/browserid.fedoraproject.org
@@ -0,0 +1,5 @@
+ {% if env == "staging" %}
+ "authority": "id.stg.fedoraproject.org"
+ {% else %}
+ "authority": "id.fedoraproject.org"
+ {% end %}
diff --git a/roles/fedora-web/main/templates/sponsor.conf b/roles/fedora-web/main/templates/sponsor.conf
new file mode 100644
index 0000000000..c5d13842ae
--- /dev/null
+++ b/roles/fedora-web/main/templates/sponsor.conf
@@ -0,0 +1 @@
+Alias /static/js/sponsor.js /srv/web/<%= website %>/static/js/sponsors/<%= sponsor %>.js