diff --git a/roles/graphite/graphite/templates/graphite-web.conf b/roles/graphite/graphite/templates/graphite-web.conf
index f9d70957cf..5789d9a242 100644
--- a/roles/graphite/graphite/templates/graphite-web.conf
+++ b/roles/graphite/graphite/templates/graphite-web.conf
@@ -11,9 +11,6 @@
CustomLog /var/log/httpd/graphite-web-access.log common
Header set Access-Control-Allow-Origin "*"
- # Header set Access-Control-Allow-Methods "GET, OPTIONS"
- # Header set Access-Control-Allow-Headers "origin, authorization, accept"
- # Header set Access-Control-Allow-Credentials true
WSGIScriptAlias / /usr/share/graphite/graphite-web.wsgi
WSGIImportScript /usr/share/graphite/graphite-web.wsgi process-group=%{GLOBAL} application-group=%{GLOBAL}
@@ -27,17 +24,22 @@
SetHandler None
- #
- #
- # # Apache 2.4
- # Require local
- #
- #
- # # Apache 2.2
- # Order Deny,Allow
- # Deny from all
- # Allow from 127.0.0.1
- # Allow from ::1
- #
- #
+ # certbot/letsencrypt
+ RewriteEngine on
+ RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
+
+
+
+ ServerName graphite.cloud.fedoraproject.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/letsencrypt/live/graphite.cloud.fedoraproject.org/cert.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/graphite.cloud.fedoraproject.org/privkey.pem
+ SSLCertificateChainFile /etc/letsencrypt/live/graphite.cloud.fedoraproject.org/fullchain.pem
+ SSLHonorCipherOrder On
+ SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
+ SSLProtocol ALL -SSLv2
+
+ ProxyPass / http://graphite.cloud.fedoraproject.org/
+ ProxyPassReverse / http://graphite.cloud.fedoraproject.org/