ssl the backend site too

Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>

roles/graphite/graphite/templates/graphite-web.conf

@@ -11,9 +11,6 @@
     CustomLog /var/log/httpd/graphite-web-access.log common
 
     Header set Access-Control-Allow-Origin "*"
-    # Header set Access-Control-Allow-Methods "GET, OPTIONS"
-    # Header set Access-Control-Allow-Headers "origin, authorization, accept"
-    # Header set Access-Control-Allow-Credentials true
    
     WSGIScriptAlias / /usr/share/graphite/graphite-web.wsgi
     WSGIImportScript /usr/share/graphite/graphite-web.wsgi process-group=%{GLOBAL} application-group=%{GLOBAL}
@@ -27,17 +24,22 @@
         SetHandler None
     </Location>
 
-   #<Directory "/usr/share/graphite/">
+    # certbot/letsencrypt
-   #    <IfModule mod_authz_core.c>
+    RewriteEngine on
-   #        # Apache 2.4
+    RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
-   #        Require local
+</VirtualHost>
-   #    </IfModule>
+
-   #    <IfModule !mod_authz_core.c>
+<VirtualHost {{public_ip}}:443 _default_:443>
-   #        # Apache 2.2
+  ServerName graphite.cloud.fedoraproject.org
-   #        Order Deny,Allow
+
-   #        Deny from all
+  SSLEngine on
-   #        Allow from 127.0.0.1
+  SSLCertificateFile    /etc/letsencrypt/live/graphite.cloud.fedoraproject.org/cert.pem
-   #        Allow from ::1
+  SSLCertificateKeyFile /etc/letsencrypt/live/graphite.cloud.fedoraproject.org/privkey.pem
-   #    </IfModule>
+  SSLCertificateChainFile /etc/letsencrypt/live/graphite.cloud.fedoraproject.org/fullchain.pem
-   #</Directory>
+  SSLHonorCipherOrder On
+  SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
+  SSLProtocol ALL -SSLv2
+
+  ProxyPass / http://graphite.cloud.fedoraproject.org/
+  ProxyPassReverse / http://graphite.cloud.fedoraproject.org/
 </VirtualHost>