diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml
index 47e3e4d637..6ce5f60746 100644
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -50,6 +50,12 @@
     remotepath: /
     proxyurl: http://noc01.phx2.fedoraproject.org
 
+  - role: httpd/reverseproxy
+    website: keys.fedoraproject.org
+    destname: keys
+    remotepath: /
+    proxyurl: http://pool.sks-keyservers.net
+
   - role: httpd/reverseproxy
     website: lists.fedoraproject.org
     destname: mailman3
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index a2945e6b67..bb6d7dab90 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -392,6 +392,12 @@
     sslonly: true
     cert_name: "{{wildcard_cert_name}}"
 
+  - role: httpd/website
+    site_name: keys.fedoraproject.org
+    server_aliases: [keys.fedoraproject.org]
+    sslonly: true
+    cert_name: "{{wildcard_cert_name}}"
+
   - role: httpd/website
     site_name: people.fedoraproject.org
     server_aliases: [people.fedoraproject.org]
diff --git a/roles/keyserver/tasks/main.yml b/roles/keyserver/tasks/main.yml
index 4f855cdbce..8888b461b2 100644
--- a/roles/keyserver/tasks/main.yml
+++ b/roles/keyserver/tasks/main.yml
@@ -76,7 +76,7 @@
         state=present
 
 - name: Set sks-db to run on boot
-  service: name=sks-db enabled=yes
+  service: name=sks-db enabled=no
   ignore_errors: true
   notify:
   - restart sks-db
@@ -84,7 +84,7 @@
   - service
 
 - name: Set sks-recon to run on boot
-  service: name=sks-recon enabled=yes
+  service: name=sks-recon enabled=no
   ignore_errors: true
   notify:
   - restart sks-recon