diff --git a/files/keyserver/sks.conf b/files/keyserver/sks.conf
new file mode 100644
index 0000000000..769adbe758
--- /dev/null
+++ b/files/keyserver/sks.conf
@@ -0,0 +1,57 @@
+ServerName keys.fedoraproject.org
+Listen 80.239.156.219:11371
+
+
+ LoadModule proxy_module modules/mod_proxy.so
+
+
+
+ LoadModule proxy_http_module modules/mod_proxy_http.so
+
+
+
+ LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+
+
+
+ LoadModule headers_module modules/mod_headers.so
+
+
+
+ LoadModule authz_host_module modules/mod_authz_host.so
+
+
+
+ LoadModule log_config_module modules/mod_log_config.so
+
+
+
+ LoadModule env_module modules/mod_env.so
+
+
+
+ Options FollowSymLinks
+ AllowOverride None
+ Order deny,allow
+ Deny from all
+
+
+
+
+ ServerAdmin sysadmin-keys-members@fedoraproject.org
+ ServerName keys.fedoraproject.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
+ SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
+ ProxyPass / http://localhost:11371/
+ ProxyPassReverse / http://localhost:11371/
+
+
+ ServerAdmin sysadmin-keys-members@fedoraproject.org
+ ServerName keys.fedoraproject.org
+ ProxyPass / http://127.0.0.1:11371/
+ ProxyPassReverse / http://127.0.0.1:11371/
+ SetEnv proxy-nokeepalive 1
+
+
diff --git a/files/keyserver/sksconf b/files/keyserver/sksconf
index 2a29eb3ece..e0cd4899a5 100644
--- a/files/keyserver/sksconf
+++ b/files/keyserver/sksconf
@@ -1,5 +1,6 @@
basedir: /srv/sks
hostname: keys.fedoraproject.org
+hkp_address: 127.0.0.1
hkp_port: 11371
recon_port: 11370
gossip_interval: 1440
diff --git a/tasks/keyserver.yml b/tasks/keyserver.yml
index f586be5a78..dbc04752d7 100644
--- a/tasks/keyserver.yml
+++ b/tasks/keyserver.yml
@@ -36,6 +36,11 @@
tags:
- config
+- name: /etc/httpd/conf.d/sks.conf
+ copy: src=$files/keyserver/sks.conf dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
+ tags:
+ - config
+
- cron: name="regenerate stats hourly"
hour="*"
minute="5"