From 2b6e906b70f7d959c0c219c80752ff1b794c3703 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Wed, 29 May 2019 16:31:49 +0200
Subject: [PATCH] Add VPN vhost

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
 roles/totpcgi/templates/configmap.yml | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/roles/totpcgi/templates/configmap.yml b/roles/totpcgi/templates/configmap.yml
index d80a362160..b7e0374eab 100644
--- a/roles/totpcgi/templates/configmap.yml
+++ b/roles/totpcgi/templates/configmap.yml
@@ -118,5 +118,23 @@ data:
     </VirtualHost>
 
 {% if env == "production" %}
-    # TODO: VPN config
+    <VirtualHost *:8443>
+        ServerName fas-all.vpn.fedoraproject.org:8443
+        SSLEngine on
+        SSLCertificateFile /etc/pki/totp_vpn/tls.crt
+        SSLCertificateKeyFile /etc/pki/totp_vpn/tls.key
+        SSLCACertificateFile /etc/totpcgi/totpcgi-ca.crt
+        SSLHonorCipherOrder On
+        SSLCipherSuite {{ ssl_ciphers }}
+        SSLProtocol {{ ssl_protocols }}
+        AddHandler cgi-script .cgi
+
+        SSLVerifyClient require
+        SSLVerifyDepth 10
+
+         DocumentRoot /var/www/totpcgi
+         <Directory "/var/www/totpcgi">
+                Options ExecCGI
+        </Directory>
+    </VirtualHost>
 {% endif %}