From 1176de7808dddddb19056c82a837d4bc352a7db8 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 8 Sep 2021 12:28:16 -0700
Subject: [PATCH] pagure / staging: use normal cert, not bundle for stunnel

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 playbooks/include/proxies-reverseproxy.yml | 1 -
 playbooks/include/proxies-websites.yml     | 3 +--
 roles/pagure/templates/stunnel-conf.j2     | 2 +-
 3 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml
index d771a0144e..a2e0788cd4 100644
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -366,7 +366,6 @@
     website: mirrors.centos.org
     destname: mirrormanager-mirrorlist
     proxyurl: http://localhost:10002
-    when: env == "staging"
 
   - role: httpd/reverseproxy
     website: download.fedoraproject.org
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index 99fef15cbb..fb144733fc 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -158,8 +158,7 @@
     server_aliases:
     - mirrors.stg.centos.org
     cert_name: "{{mirrors_centos_org_cert_name}}"
-    SSLCertificateChainFile: mirrors.stg.centos.org.intermediate.cert
-    when: env == "staging"
+    SSLCertificateChainFile: "mirrors{{env_suffix}}.centos.org.intermediate.cert"
 
   - role: httpd/website
     site_name: src.fedoraproject.org
diff --git a/roles/pagure/templates/stunnel-conf.j2 b/roles/pagure/templates/stunnel-conf.j2
index 805f68aea2..77d916e846 100644
--- a/roles/pagure/templates/stunnel-conf.j2
+++ b/roles/pagure/templates/stunnel-conf.j2
@@ -1,5 +1,5 @@
 {% if env == 'pagure-staging' %}
-cert = /etc/pki/tls/certs/stg.pagure.io.bundle.cert
+cert = /etc/pki/tls/certs/stg.pagure.io.cert
 key = /etc/pki/tls/private/stg.pagure.io.key
 {% else %}
 cert = /etc/pki/tls/certs/pagure.io.cert