first cut at using letsencrypt cert for fpaste.org. ticket 5784

files/httpd/fpaste.org.conf

@@ -0,0 +1,2 @@
+RewriteEngine on
+RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]

playbooks/groups/proxies.yml

@@ -23,9 +23,14 @@
       when: env == "staging" or "'mirrorlist-proxy' in group_names" }
   - { role: openvpn/client,
       when: env != "staging" }
+  - { role: certbot,
+      when: inventory_hostname == 'proxy01.phx2.fedoraproject.org' }
   - apache
 
   tasks:
+  - name: install special fpaste.conf with letsencrypt info
+    copy: src={{ files }}/files/httpd/fpaste.conf dest=/etc/httpd/conf.d/fpaste.org/fpaste.org.conf
+    when: inventory_hostname == 'proxy01.phx2.fedoraproject.org'
   - include: "{{ tasks }}/yumrepos.yml"
   - include: "{{ tasks }}/2fa_client.yml"
   - include: "{{ tasks }}/motd.yml"

playbooks/include/proxies-websites.yml

@@ -463,11 +463,19 @@
 #
 # Make a website here so we can redirect it to paste.fedoraproject.org
 #
+  - role: httpd/website
+    name: fpaste.org
+    server_aliases:
+    - www.fpaste.org
+    cert_name: fpaste.org
+    when: inventory_hostname == 'proxy01.phx2.fedoraproject.org'
+
   - role: httpd/website
     name: fpaste.org
     server_aliases:
     - www.fpaste.org
     cert_name: "{{wildcard_cert_name}}"
+    when: inventory_hostname != 'proxy01.phx2.fedoraproject.org'
 
   - role: httpd/website
     name: koji.fedoraproject.org