diff --git a/roles/ipsilon/files/ipsilon-httpd.conf b/roles/ipsilon/files/ipsilon-httpd.conf
new file mode 100644
index 0000000000..4bda04e303
--- /dev/null
+++ b/roles/ipsilon/files/ipsilon-httpd.conf
@@ -0,0 +1,24 @@
+Alias /ui /usr/share/ipsilon/ui
+Alias /.well-known /etc/ipsilon/wellknown
+WSGIScriptAlias / /usr/sbin/ipsilon
+WSGIDaemonProcess ipsilon user=ipsilon group=ipsilon home=/var/lib/ipsilon
+
+
+<Location />
+    WSGIProcessGroup ipsilon
+</Location>
+
+<Directory /usr/sbin>
+    Require all granted
+</Directory>
+
+<Directory /usr/share/ipsilon>
+    Require all granted
+</Directory>
+
+<Directory /etc/ipsilon/wellknown>
+    Require all granted
+</Directory>
+<Location /.well-known/browserid>
+    ForceType application/json
+</Location>
diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml
index 966c3811ae..f9e0c7c138 100644
--- a/roles/ipsilon/tasks/main.yml
+++ b/roles/ipsilon/tasks/main.yml
@@ -29,8 +29,8 @@
         owner=ipsilon group=ipsilon mode=0666 
 
 - name: copy ipsilon configuration
-  template: src={{ item }}.cfg
-            dest=/etc/ipsilon/{{ item }}.cfg
+  template: src={{ item }}.conf
+            dest=/etc/ipsilon/{{ item }}.conf
             owner=ipsilon group=ipsilon mode=0600
   with_items:
   - ipsilon
@@ -41,7 +41,7 @@
   - restart apache
 
 - name: copy ipsilon httpd config
-  copy: src=ipsilon.conf
+  copy: src=ipsilon-httpd.conf
         dest=/etc/httpd/conf.d/ipsilon.conf
 
 - name: copy persona private key
diff --git a/roles/ipsilon/templates/ipsilon.conf b/roles/ipsilon/templates/ipsilon.conf
new file mode 100644
index 0000000000..f2ad40818a
--- /dev/null
+++ b/roles/ipsilon/templates/ipsilon.conf
@@ -0,0 +1,22 @@
+[global]
+debug = False
+tools.log_request_response.on = False
+template_dir = "/srv/ipsilon/templates"
+
+log.screen = False
+base.mount = ""
+base.dir = "/usr/share/ipsilon"
+admin.config.db = "configfile:///etc/ipsilon/configuration.cfg"
+user.prefs.db = "configfile:///etc/ipsilon/configuration.cfg"
+{% if env == 'staging' %}
+transactions.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}.stg/{{ ipsilon_db_name }}"
+{% else %}
+transactions.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_name }}"
+{% endif %}
+
+tools.sessions.on = True
+tools.sessions.name = "fedora_ipsilon_session_id"
+tools.sessions.storage_type = "Sql"
+tools.sessions.timeout = 60
+tools.sessions.httponly = True
+tools.sessions.secure = True