Add first cut at httpd config for people/planet.

2015-06-22 19:37:52 +00:00 · 2015-06-22 19:37:52 +00:00 · 5df3d94fbb
commit 5df3d94fbb
parent a5bc52c240
5 changed files with 449 additions and 14 deletions
--- a/playbooks/groups/people.yml
+++ b/playbooks/groups/people.yml
@ -96,20 +96,6 @@
  - role: httpd/certificate
    name: planet.fedoraproject.org

-  - role: httpd/website
-    name: fedorapeople.org
-    cert_name: wildcard-2014.fedorapeople.org
-    server_aliases:
-    - "*.fedorapeople.org"
-
-  - role: httpd/website
-    cert_name: planet.fedoraproject.org
-    name: fedoraplanet.org
-
-  - role: httpd/website
-    cert_name: planet.fedoraproject.org
-    name: planet.fedoraproject.org
-
  - people
 
  tasks:
--- a/roles/people/files/cgit.conf
+++ b/roles/people/files/cgit.conf
@ -0,0 +1,2 @@
+Alias /cgit-data /usr/share/cgit
+ScriptAlias /cgit /var/www/cgi-bin/cgit
--- a/roles/people/files/people.conf
+++ b/roles/people/files/people.conf
@ -0,0 +1,360 @@
+NameVirtualHost *:80
+
+<VirtualHost *:80>
+  ServerName fedorapeople.org
+  ServerAlias *.fedorapeople.org
+  ServerAlias ols.fedoraproject.org
+  ServerAlias people.fedoraproject.org
+  ServerAlias people1.fedoraproject.org
+
+  RewriteEngine on
+  RewriteCond %{SERVER_PORT} !^443$
+  RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
+</VirtualHost>
+
+# This is particularly ugly - these have to be updated if the box moves.
+NameVirtualHost 152.19.134.196:443
+NameVirtualHost [2610:28:3090:3001:5054:ff:feff:683f]:443
+
+<VirtualHost 152.19.134.196:443 [2610:28:3090:3001:5054:ff:feff:683f]:443>
+  ##
+  # Domain: people.fedoraproject.org fedorapeople.org
+  # Owner: admin@fedoraproject.org
+  #
+  ServerName fedorapeople.org
+  ServerAlias *.fedorapeople.org
+  ServerAlias ols.fedoraproject.org
+  ServerAlias people.fedoraproject.org
+  ServerAlias people1.fedoraproject.org
+  ServerAdmin admin@fedoraproject.org
+
+  DocumentRoot /srv/people
+
+  SSLEngine on
+  SSLCertificateFile    /etc/pki/tls/certs/wildcard-2014.fedorapeople.org.cert
+  SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2014.fedorapeople.org.key
+  SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedorapeople.org.intermediate.cert
+  SSLHonorCipherOrder On
+  SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+  SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
+
+  Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+
+  LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
+  ErrorLog "| /usr/sbin/rotatelogs /var/log/httpd/fedorapeople.org-error.log-%Y-%m-%d 86400 -l"
+  CustomLog "| /usr/sbin/rotatelogs /var/log/httpd/fedorapeople.org-access.log-%Y-%m-%d 86400 -l" vcommon
+
+    <Location /userdefs/>
+        ExpiresActive On
+        ExpiresDefault "access plus 5 days"
+    </Location>
+
+  <Directory /srv/people/site>
+    Options Indexes FollowSymLinks
+    Require all granted
+  </Directory>
+
+  UserDir public_html
+  <Directory /home/fedora/*/public_html>
+    AllowOverride FileInfo AuthConfig Limit Indexes
+    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+
+    <Limit GET POST OPTIONS>
+      Require all granted
+    </Limit>
+
+    <LimitExcept GET POST OPTIONS>
+     Require all granted
+    </LimitExcept>
+  </Directory>
+
+  <Directory /project>
+    AllowOverride FileInfo AuthConfig Limit Indexes
+    Options MultiViews Indexes FollowSymLinks IncludesNoExec
+    <Limit GET POST OPTIONS>
+     Require all granted
+    </Limit>
+
+    <LimitExcept GET POST OPTIONS>
+     Require all granted
+    </LimitExcept>
+  </Directory>
+
+ # uncomment me after the people03 move
+  Alias /groups /project
+
+  Alias /404Error.html /srv/people/site/404Error.html
+  ErrorDocument 404 /404Error.html
+
+  RewriteEngine on
+  RewriteMap lowercase int:tolower
+
+  # redirect all favicons (not just DocRoot-level) to fedoraproject.org
+  # needs to terminate before other rewrite rules start
+  RewriteRule /favicon\.ico$ https://fedoraproject.org/static/images/favicon.ico [proxy]
+
+  # ols.fedoraproject.org
+  RewriteCond ${lowercase:%{SERVER_NAME}} ^ols\.fedoraproject\.org$
+  #RewriteRule ^(.*)$ /home/fedora/lockhart/proceedings/$1 [L]
+  # Content moved after lockhart's account was inactive 2011-12-15
+  RewriteRule ^(.*)$ /srv/web/ols/proceedings/$1 [L]
+
+  # skvidal lives on in his code
+  RewriteCond ${lowercase:%{SERVER_NAME}} ^skvidal\.fedorapeople\.org$
+  RewriteRule ^(.*)$ /srv/web/skvidal/public_html/$1 [L]
+  RewriteCond %{REQUEST_URI} /~skvidal/(.*) [OR]
+  RewriteRule ^/~skvidal/(.*)$ /srv/web/skvidal/public_html/$1 [L]
+
+  <Directory /srv/web/skvidal/public_html>
+    AllowOverride FileInfo AuthConfig Limit Indexes
+    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+    HeaderName /_defaults/HEADER.shtml
+    ReadmeName /_defaults/FOOTER.shtml
+
+    IndexOptions +FoldersFirst +IgnoreCase +NameWidth=* +SuppressIcon +VersionSort
+    IndexOptions +XHTML +SuppressRules +SuppressHTMLPreamble
+    Require all granted
+  </Directory>
+
+  #<Directory /home/fedora/lockhart/proceedings>
+  #  AllowOverride FileInfo AuthConfig Limit Indexes
+  #  Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+  #</Directory>
+  <Directory /srv/web/ols/proceedings>
+    AllowOverride FileInfo AuthConfig Limit Indexes
+    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+    Require all granted
+  </Directory>
+
+  # the openstack folks need to symlink to a pkg to work
+  <Directory /srv/repos/openstack>
+   Options +FollowSymLinks
+    Require all granted
+  </Directory>
+
+
+
+  # www.fedorapeople.org
+  RewriteCond ${lowercase:%{SERVER_NAME}} ^www\.fedorapeople\.org$
+  RewriteRule ^/(.*)$ https://fedorapeople.org/$1 [R,L]
+  # rdo.fedorapeople.org -> repos.fedorapeople.org/repos/openstack
+  # for the rdo announce day - 2013-04-15 - skvidal
+  RewriteCond ${lowercase:%{SERVER_NAME}} ^rdo\.fedorapeople\.org$
+  RewriteRule ^/(.*)$ https://repos.fedorapeople.org/repos/openstack/$1 [R,L]
+
+  # [username].fedorapeople.org
+  # directory absolute header/readme path must be relative to document root
+  # so fake it with an alias chained to a rewrite before the URI rewrite
+  RewriteRule ^/_defaults/(.*) /_default/$1 [PT]
+  Alias /_default/ /srv/people/site/userdefs/
+
+  RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9-]+\.fedorapeople\.org$
+  RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C]
+  RewriteRule ^([a-z0-9-]+)\.fedorapeople\.org/(.*) /home/fedora/$1/public_html/$2 [L]
+
+  # Use cgit and redirect (some) old gitweb-caching things
+  RewriteRule ^/cgit-data/(.*)$    /cgit-data/$1  [L,PT]
+  RewriteRule ^/cgit/(.*)$    /cgit/$1  [L,PT]
+
+  # blob
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/blob/(.+)/(.+):/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=blob;h=(.+);hb=(.+);f=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/%5?id=%3;id2=%4 [R,L,NE]
+
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/blob/(.+):/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=blob;hb=(.+);f=(.+)
+  RewriteRule ^/.*$  https://fedorapeople.org/cgit/%1.git/tree/%4?id=%3 [R,L,NE]
+
+  RewriteCond %{query_string} p=(.+)(\.git);a=blob;f=(.+);h=(.+);hb=(.+)
+  RewriteRule ^/.*$  https://fedorapeople.org/cgit/%1.git/tree/%3?id=%4;id2=%5 [R,L,NE]
+
+  RewriteCond %{query_string} p=(.+)(\.git);a=blob;f=(.+);h=(.+)
+  RewriteRule ^/.*$  https://fedorapeople.org/cgit/%1.git/tree/%3?id=%4 [R,L,NE]
+
+  # tree
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/tree/(.+)/(.+):/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=tree;h=(.+);hb=(.+);f=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/%5?id=%4?h=%3 [R,L,NE]
+
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/tree/(.+):/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=tree;hb=(.+);f=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/%4?id=%3 [R,L,NE]
+
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/tree/(.+)/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=tree;h=(.+);hb=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/?id=%4 [R,L,NE]
+
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/tree/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=tree;hb=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/?id=%3 [R,L,NE]
+
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/tree [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=tree
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/? [R,L,NE]
+
+  # commitdiff
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/commitdiff/(.+)/(.+):/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=blobdiff;h=(.+);hp=(.+);hb=(.+);f=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/diff/%6?id2=%4;id=%3;id3=%5 [R,L,NE]
+
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/commitdiff/(.+)/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=commitdiff;h=(.+);hp=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/diff/?id=%4;id2=%3 [R,L,NE]
+
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/commitdiff/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=commitdiff;h=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/diff/?id=%3 [R,L,NE]
+
+  # commit
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/commit/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=commit;h=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/commit/?id=%3 [R,L,NE]
+
+  # summary
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/summary [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=summary
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/? [R,L,NE]
+
+  # shortlog
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/shortlog/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=shortlog;h=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/?id=%3 [R,L,NE]
+
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/shortlog [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=shortlog
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/? [R,L,NE]
+
+  # log
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/log/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=log;h=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/?id=%3 [R,L,NE]
+
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/log [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=log
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log? [R,L,NE]
+
+  # history
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/history/(.+)/(.+):/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=history;h=(.+);hb=(.+);f=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/%5?id=%4 [R,L,NE]
+
+  RewriteCond %{query_string} p=(.+)(\.git);a=history;f=(.+);h=(.+);hb=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/%3?id=%4;id2=%5 [R,L,NE]
+
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/history/(.+):/(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/%4?id=%3 [R,L,NE]
+
+  RewriteCond %{query_string} p=(.+)(\.git);a=history;f=(.+);h=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/%3?id=%4 [R,L,NE]
+
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/history/(.+)/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=history;h=(.+);hb=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/?id=%4 [R,L,NE]
+
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/history/(.+):/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=history;hb=(.+);f=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/%4?id=%3 [R,L,NE]
+
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/history/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=history;hb=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/?id=%3 [R,L,NE]
+
+  # tag
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/tag/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=tag;h=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tag/?id=%3 [R,L,NE]
+
+  # blob_plain
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/blob_plain/(.+):/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=blob_plain;h=(.+);f=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/plain/%4?id=%3 [R,L,NE]
+
+  RewriteCond %{query_string} p=(.+)(\.git);a=blob_plain;f=(.+);hb=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/plain/%3?id2=%4 [R,L,NE]
+
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/blob_plain/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=blob_plain;f=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/plain/%3 [R,L,NE]
+
+  # rss|atom
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/(rss|atom)/refs/heads/(.+) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=(rss|atom);h=refsheads/(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/atom?h=%4 [R,L,NE]
+
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/(rss|atom) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=(rss|atom)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/atom? [R,L,NE]
+
+  # snapshot
+  RewriteCond %{REQUEST_URI} /(.+)(\.git)/snapshot/(.+)(\.tar\.gz|\.tar\.bz2) [OR]
+  RewriteCond %{query_string} p=(.+)(\.git);a=snapshot;h=(.+);sf=(.+)
+  RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/snapshot/%3.tar.gz [R,L,NE]
+
+  # Fail safes incase nothing above matches, try at least to put the person in the project
+  #RewriteCond %{REQUEST_URI} /([^/]+)\.git.* [OR]
+  #RewriteCond %{query_string} p=(.+)\.git.*
+  #RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/? [R,L,NE]
+
+  # Or else in the root of cgit
+  RewriteRule ^/git/(.+)\.git$    /cgit/$1.git  [L,PT]
+  RewriteRule ^/git/(.*)/$    /cgit/$1.git  [L,PT]
+  RewriteRule ^/git/([^/]*)$    /cgit/$1.git  [L,PT]
+  RewriteRule ^/gitweb          /cgit/  [L,PT]
+    
+  # for cgit clone repos
+  RewriteRule ^/gitrepos/(.*)/public_git/(.*)$ /~$1/git/$2 [L,PT]
+
+  <Directory /srv/people/site/userdefs>
+    Options IncludesNoExec
+  </Directory>
+
+  HeaderName /_defaults/HEADER.shtml
+  ReadmeName /_defaults/FOOTER.shtml
+
+  IndexOptions +FoldersFirst +IgnoreCase +NameWidth=* +SuppressIcon +VersionSort
+  IndexOptions +XHTML +SuppressRules +SuppressHTMLPreamble
+  ServerSignature Off
+  AddOutputFilter INCLUDES .html
+</VirtualHost>
+
+LoadModule deflate_module modules/mod_deflate.so
+SetOutputFilter DEFLATE
+
+# need this type
+AddType video/webm .webm
+AddType text/plain .spec
+AddType application/vnd.android.package-archive .apk
+
+<Location />
+    # Insert filter
+    SetOutputFilter DEFLATE
+
+    # Netscape 4.x has some problems...
+    BrowserMatch ^Mozilla/4 gzip-only-text/html
+
+    # Netscape 4.06-4.08 have some more problems
+    BrowserMatch ^Mozilla/4\.0[678] no-gzip
+
+    # MSIE masquerades as Netscape, but it is fine
+    # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+    # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
+    # the above regex won't work. You can use the following
+    # workaround to get the desired effect:
+    BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+
+    # Don't compress images or already compressed files.
+    SetEnvIfNoCase Request_URI \
+    \.(?:gif|jpe?g|png|gz|bz2|tgz|xz|iso|rpm|sqlite|pdf)$ no-gzip dont-vary
+
+    # Make sure proxies don't deliver the wrong content
+    Header append Vary User-Agent env=!dont-vary
+</Location>
+
+<LocationMatch "/repos/.*\.(xml|xml\.gz|xml\.asc|sqlite.+)$">
+    Header set Cache-Control "must-revalidate"
+    ExpiresActive On
+    ExpiresDefault "now"
+</LocationMatch>
+
+FileETag MTime Size
--- a/roles/people/files/planet.conf
+++ b/roles/people/files/planet.conf
@ -0,0 +1,80 @@
+<VirtualHost *:80>
+    ##
+    # Domain: planet.fedoraproject.org
+    # Owner: admin@fedoraproject.org
+    #
+    ServerAdmin admin@fedoraproject.org
+    ServerName planet.fedoraproject.org
+    ServerName fedoraplanet.org
+
+    DocumentRoot "/srv/planet/site/"
+
+    ErrorLog logs/planet-error.log
+    CustomLog logs/planet.fedoraproject.org-access.log common
+
+    UserDir disable
+    AddCharset UTF-8 .xml
+
+    <Location /images/>
+        ExpiresActive On
+        ExpiresDefault "access plus 5 days"
+    </Location>
+
+    <Location /css/>
+        ExpiresActive On
+        ExpiresDefault "access plus 5 days"
+    </Location>
+
+    <Directory "/srv/planet/site/">
+      Options Indexes FollowSymLinks
+    </Directory>
+
+    RedirectMatch 301 /favicon\.ico$ http://fedoraproject.org/static/images/favicon.ico
+    Redirect /ldc http://fedoraldc.wordpress.com/feed/
+    Alias /justfedora /srv/planet/site/edited
+
+</VirtualHost>
+<VirtualHost 152.19.134.196:443 [2610:28:3090:3001:5054:ff:feff:683f]:443>
+    ##
+    # Domain: planet.fedoraproject.org
+    # Owner: admin@fedoraproject.org
+    #
+    ServerAdmin admin@fedoraproject.org
+    ServerName planet.fedoraproject.org
+    ServerName fedoraplanet.org
+
+    SSLEngine on
+    SSLCertificateFile    /etc/pki/tls/certs/planet.fedoraproject.org.cert
+    SSLCertificateKeyFile /etc/pki/tls/private/planet.fedoraproject.org.key
+    SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedorapeople.org.intermediate.cert
+    SSLHonorCipherOrder On
+    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+    SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
+
+    DocumentRoot "/srv/planet/site/"
+
+    ErrorLog logs/planet-error.log
+    CustomLog logs/planet.fedoraproject.org-access.log common
+
+    UserDir disable
+    AddCharset UTF-8 .xml
+
+    <Location /images/>
+        ExpiresActive On
+        ExpiresDefault "access plus 5 days"
+    </Location>
+
+    <Location /css/>
+        ExpiresActive On
+        ExpiresDefault "access plus 5 days"
+    </Location>
+
+    <Directory "/srv/planet/site/">
+      Options Indexes FollowSymLinks
+    </Directory>
+
+    RedirectMatch 301 /favicon\.ico$ https://fedoraproject.org/static/images/favicon.ico
+    Redirect /ldc http://fedoraldc.wordpress.com/feed/
+    Alias /justfedora /srv/planet/site/edited
+
+</VirtualHost>
--- a/roles/people/tasks/main.yml
+++ b/roles/people/tasks/main.yml
@ -16,6 +16,13 @@
  tags:
  - packages

+- name: install httpd config
+  copy: src={{item}} dest=/etc/httpd/conf.d/{{item}}
+  with_items:
+  - cgit.conf
+  - people.conf
+  - planet.conf
+
 - name: set selinux booleans needed for people
  seboolean: name=httpd_enable_homedirs state=true persistent=true
  with_items: