diff --git a/roles/infinote/files/infinote.fedoraproject.org.conf b/roles/infinote/files/infinote.fedoraproject.org.conf
new file mode 100644
index 0000000000..f8dd27812f
--- /dev/null
+++ b/roles/infinote/files/infinote.fedoraproject.org.conf
@@ -0,0 +1,97 @@
+Listen 443
+
+ ServerName infinote.fedoraproject.org
+ ServerAdmin webmaster@fedoraproject.org
+ TraceEnable Off
+
+ # enable git smart http cloning.
+ SetEnv GIT_PROJECT_ROOT /srv/web/infra/
+ SetEnv GIT_HTTP_EXPORT_ALL
+ ScriptAliasMatch \
+ "(?x)^/(.*/(HEAD | \
+ info/refs | \
+ objects/(info/[^/]+ | \
+ [0-9a-f]{2}/[0-9a-f]{38} | \
+ pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
+ git-(upload|receive)-pack))$" \
+ /usr/libexec/git-core/git-http-backend/$1
+
+ #
+ # redirect everyone to use https
+ #
+ # We can't do this until virt-install can handle https
+
+ RewriteEngine on
+ RewriteCond %{SERVER_PORT} !^443$
+ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
+
+# robots location
+Alias /robots.txt /srv/web/robots.txt.infinote
+
+DocumentRoot /srv/web
+
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+# Needed for cgit cgi
+ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
+
+ AllowOverride None
+ Options None
+ Require all granted
+
+
+ AllowOverride None
+ Options None
+ Require all granted
+
+
+ AllowOverride None
+ Options None
+ Require all granted
+
+
+
+
+ ServerName infinote.fedoraproject.org
+ ServerAdmin webmaster@fedoraproject.org
+
+ # enable git smart http cloning.
+ SetEnv GIT_PROJECT_ROOT /srv/web/infra/
+ SetEnv GIT_HTTP_EXPORT_ALL
+ ScriptAliasMatch \
+ "(?x)^/(.*/(HEAD | \
+ info/refs | \
+ objects/(info/[^/]+ | \
+ [0-9a-f]{2}/[0-9a-f]{38} | \
+ pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
+ git-(upload|receive)-pack))$" \
+ /usr/libexec/git-core/git-http-backend/$1
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert
+ SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2014.fedoraproject.org.key
+ SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert
+
+ Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+
+ SSLHonorCipherOrder On
+
+ # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14
+ # If you change the protocols or cipher suites, you should probably update
+ # modules/squid/files/squid.conf-el6 too, to keep it in sync.
+ SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
+ SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+
+# robots location
+Alias /robots.txt /srv/web/robots.txt.lockbox01
+
+DocumentRoot /srv/web
+
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+