diff --git a/roles/pdc/tasks/main.yml b/roles/pdc/tasks/main.yml
index dea633f724..794244b376 100644
--- a/roles/pdc/tasks/main.yml
+++ b/roles/pdc/tasks/main.yml
@@ -26,3 +26,15 @@
   - pdc-server
   tags:
   - pdc
+
+- name: Copy over settings_local.py
+  template: src=settings_local.py dest=/usr/lib/python2.7/site-packages/pdc/settings_local.py
+  notify: restart httpd
+  tags:
+  - pdc
+
+- name: Copy over httpd config
+  template: src=pdf.conf dest=/etc/httpd/conf.d/pdc.conf
+  notify: restart httpd
+  tags:
+  - pdc
diff --git a/roles/pdc/templates/pdc.conf b/roles/pdc/templates/pdc.conf
new file mode 100644
index 0000000000..70dfb6fd48
--- /dev/null
+++ b/roles/pdc/templates/pdc.conf
@@ -0,0 +1,105 @@
+WSGISocketPrefix /var/run/wsgi
+WSGIPythonOptimize 1
+WSGIDaemonProcess pdc user=apache group=apache maximum-requests=1000 display-name=pdc processes=2 threads=1 shutdown-timeout=10
+
+<VirtualHost {{ansible_ssh_host}}:80>
+    ServerName {{ansible_ssh_host}}
+
+    CustomLog /var/log/httpd/pdc-access.log combined
+    ErrorLog /var/log/httpd/pdc-error.log
+
+    Alias /static/ /usr/share/pdc/static/
+    Alias /docs/ /usr/share/doc/pdc/docs/build/html/
+
+    # Using SetEnv here will not work as expected as it does not change
+    # os.environ in the application itself. For more details see:
+    # http://stackoverflow.com/a/9017610/1576064
+    #
+    # To override settings provide wsgi.py file with your preferred settings
+    # and point the following directive to it.
+    WSGIScriptAlias /  /usr/lib/python2.7/site-packages/pdc/wsgi.py
+
+    <Location "/">
+        SetHandler wsgi-script
+
+        LimitRequestBody 31457280
+        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript application/x-javascript text/css
+        Require all granted
+    </Location>
+
+    <Location /auth/krb5login>
+        WSGIProcessGroup pdc
+
+        ## Kerberos authentication:
+        #AuthType Kerberos
+        #AuthName "PDC - Kerberos login"
+        #KrbMethodNegotiate on
+        #KrbMethodK5Passwd on
+        #KrbAuthoritative on
+        #KrbServiceName HTTP
+        #KrbAuthRealm EXAMPLE.COM
+        #KrbVerifyKDC on
+        #Krb5Keytab /etc/httpd/conf/httpd.keytab
+        #KrbSaveCredentials off
+        #Require valid-user
+    </Location>
+
+    WSGIPassAuthorization On
+    <Location /rest_api/v1/auth/token>
+        WSGIProcessGroup pdc
+
+        ## Kerberos authentication:
+        #AuthType Kerberos
+        #AuthName "PDC - Kerberos login"
+        #KrbMethodNegotiate on
+        #KrbMethodK5Passwd off
+        #KrbAuthoritative on
+        #KrbServiceName HTTP
+        #KrbAuthRealm EXAMPLE.COM
+        #KrbVerifyKDC on
+        #Krb5Keytab /etc/httpd/conf/httpd.keytab
+        #KrbSaveCredentials off
+        #Require valid-user
+    </Location>
+
+    <Location "/static">
+        SetHandler None
+
+        # Disable auth on the static content, so that we're aren't forced to
+        # use Kerberos.  Doing so would remove "Expires" headers from the static
+        # content, which would lead to poor page-load times.
+        AuthType none
+        Satisfy Any
+        Require all granted
+
+        # Many file types are likely to benefit from compression
+        # Enable gzip compression on them:
+        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript application/x-javascript text/css
+
+        # Set far-future Expires headers on static content
+        # (trac 184):
+        ExpiresActive On
+        ExpiresDefault "access plus 10 years"
+    </Location>
+
+    <Location "/docs">
+        SetHandler None
+
+        # Disable auth on the static content, so that we're aren't forced to
+        # use Kerberos.  Doing so would remove "Expires" headers from the static
+        # content, which would lead to poor page-load times.
+        AuthType none
+        Satisfy Any
+        Require all granted
+
+        # Many file types are likely to benefit from compression
+        # Enable gzip compression on them:
+        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript application/x-javascript text/css
+
+        # Set far-future Expires headers on static content
+        # (trac 184):
+        ExpiresActive On
+        ExpiresDefault "access plus 2 weeks"
+    </Location>
+
+</VirtualHost>
diff --git a/roles/pdc/templates/settings_local.py b/roles/pdc/templates/settings_local.py
new file mode 100644
index 0000000000..f05cc7ec3b
--- /dev/null
+++ b/roles/pdc/templates/settings_local.py
@@ -0,0 +1,110 @@
+# Feel free to `cp settings_local.py.dist settings.local.py`
+# and customize your settings, changes here will be populated
+# automatically.
+#
+# This file only contains the minimized settings you should do,
+# please look into settings.py to see the whole avaiable settings
+# you can do for your PDC instance.
+#
+# NOTE: For developers or others who want to extend the default
+#       settings, please remember to update your settings_local.py
+#       when the items you extended got updated in settings.py.
+#
+# Example 1: if you want to enable `debug_toolbar` and
+# `django_extensions` in INSTALLED_APPS, please remember
+# to also include all the other apps listed in the settings.py,
+# otherwise, the missed apps will not get installed.
+#
+#     INSTALLED_APPS = (
+#         ...
+#
+#         'django_extensions',
+#         'debug_toolbar',
+#     )
+#
+# Example 2: when you run PDC locally, you may not want to enable
+# the permission check system of the `REST_FRAMEWORK`, to do
+# this, just need to comment out the `DEFAULT_PERMISSION_CLASSES`
+# section.
+#
+#     REST_FRAMEWORK = {
+#         'DEFAULT_AUTHENTICATION_CLASSES': (
+#             'pdc.apps.auth.authentication.TokenAuthenticationWithChangeSet',
+#             'rest_framework.authentication.SessionAuthentication',
+#         ),
+#
+#     #    'DEFAULT_PERMISSION_CLASSES': [
+#     #        'rest_framework.permissions.DjangoModelPermissions'
+#     #    ],
+#
+#         'DEFAULT_FILTER_BACKENDS': ('rest_framework.filters.DjangoFilterBackend',),
+#
+#         'DEFAULT_METADATA_CLASS': 'contrib.bulk_operations.metadata.BulkMetadata',
+#
+#         'DEFAULT_RENDERER_CLASSES': (
+#             'rest_framework.renderers.JSONRenderer',
+#             'pdc.apps.common.renderers.ReadOnlyBrowsableAPIRenderer',
+#         ),
+#
+#         'EXCEPTION_HANDLER': 'pdc.apps.common.handlers.exception_handler',
+#
+#         'DEFAULT_PAGINATION_CLASS': 'pdc.apps.common.pagination.AutoDetectedPageNumberPagination',
+#     }
+
+
+import os.path
+
+BASE_DIR = os.path.dirname(os.path.dirname(__file__))
+
+DEBUG = False
+
+# NOTE: this is needed when DEGUB is False.
+#       https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts
+#ALLOWED_HOSTS = ['pdc.fedoraproject.org']
+ALLOWED_HOSTS = []
+
+# ADMINS and MANAGERS
+# ADMINS = ()
+# MANAGERS = ADMINS
+
+# Database settings
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.sqlite3',
+        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
+        # 'USER': '',
+        # 'PASSWORD': '',
+        # 'HOST': '',
+        # 'PORT': '',
+    }
+}
+
+REST_API_URL = 'rest_api/'
+REST_API_VERSION = 'v1'
+
+BROWSABLE_DOCUMENT_MACROS = {
+    # need to be rewrite with the real host name when deploy.
+    'HOST_NAME': 'http://{{ansible_ssh_host}}:80',
+    # make consistent with rest api root.
+    'API_PATH': '%s%s' % (REST_API_URL, REST_API_VERSION),
+}
+
+def get_setting(setting):
+    import pdc.settings
+    return getattr(pdc.settings, setting)
+
+# ======== Email configuration =========
+# Email addresses who would like to receive email
+ADMINS = (('PDC Admins', 'ralph@fedoraproject.org'),)
+# Email SMTP HOST configuration
+EMAIL_HOST = 'bastion.fedoraproject.org'
+# Email sender's address
+SERVER_EMAIL = 'nobody@fedoraproject.org'
+EMAIL_SUBJECT_PREFIX = '[PDC]'
+
+# un-comment below 4 lines if enable email notification as meet any error
+get_setting('LOGGING').get('loggers').update({'pdc.apps.common.handlers': {
+    'handlers': ['mail_admins'],
+    'level': 'ERROR',
+}})
+