From 458631cf815746a47ef7cdf8d0844dab04b6d27c Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 21 Oct 2016 20:26:51 +0000
Subject: [PATCH] jenkins ssl stuff

---
 inventory/host_vars/jenkins.fedorainfracloud.org | 2 +-
 playbooks/groups/jenkins-master.yml              | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/inventory/host_vars/jenkins.fedorainfracloud.org b/inventory/host_vars/jenkins.fedorainfracloud.org
index fc449de5fd..e7ca807480 100644
--- a/inventory/host_vars/jenkins.fedorainfracloud.org
+++ b/inventory/host_vars/jenkins.fedorainfracloud.org
@@ -2,7 +2,7 @@
 image: "{{ fedora24_x86_64 }}"
 instance_type: m1.small
 keypair: fedora-admin-20130801
-security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,default,all-icmp-persistent
+security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,default,web-443-anywhere-persistent,all-icmp-persistent
 zone: nova
 tcp_ports: [22, 80, 443, 8080]
 
diff --git a/playbooks/groups/jenkins-master.yml b/playbooks/groups/jenkins-master.yml
index 2f6e0badbb..17c9500842 100644
--- a/playbooks/groups/jenkins-master.yml
+++ b/playbooks/groups/jenkins-master.yml
@@ -38,10 +38,13 @@
   - jenkins/master
   #- fedmsg/base
   - apache
+  - certbot
   - role: httpd/website
     name: jenkins.fedorainfracloud.org
-    ssl: false
+    ssl: true
+    sslonly: true
   - role: httpd/reverseproxy
+    header_scheme: true
     website: jenkins.fedorainfracloud.org
     destname: jenkins
     proxyurl: http://localhost:8080