diff --git a/roles/totpcgi/tasks/main.yml b/roles/totpcgi/tasks/main.yml
index 2020ba5114..3939fe8fb4 100644
--- a/roles/totpcgi/tasks/main.yml
+++ b/roles/totpcgi/tasks/main.yml
@@ -115,8 +115,8 @@
when: env == "staging"
- name: copy staging server conf file over
- copy: >
- src=totpcgi-httpd.conf.stg
+ template: >
+ src=totpcgi-httpd.conf.stg.j2
dest=/etc/httpd/conf.d/totpcgi.conf
owner=root
group=root
@@ -158,7 +158,7 @@
- name: copy totpcgi httpd config
template: >
- src=totpcgi-httpd.conf
+ src=totpcgi-httpd.conf.j2
dest=/etc/httpd/conf.d/totpcgi.conf
owner=root
group=root
@@ -200,7 +200,7 @@
- name: copy VPN server cert file over
template: >
- src=totpcgi-httpd.conf.vpn
+ src=totpcgi-httpd.conf.vpn.j2
dest=/etc/httpd/conf.d/totpcgi-vpn.conf
owner=root
group=root
diff --git a/roles/totpcgi/templates/totpcgi-httpd.conf.j2 b/roles/totpcgi/templates/totpcgi-httpd.conf.j2
new file mode 100644
index 0000000000..caa1c6767f
--- /dev/null
+++ b/roles/totpcgi/templates/totpcgi-httpd.conf.j2
@@ -0,0 +1,37 @@
+Listen 8443
+
+ # Load this module locally here.
+ LoadModule suexec_module modules/mod_suexec.so
+
+ ServerAdmin admin@fedoraproject.org
+ DocumentRoot /var/www/totpcgi
+ ServerName fas-all.phx2.fedoraproject.org:8443
+ ErrorLog /var/log/httpd/totpcgi-error.log
+ SuexecUserGroup totpcgi totpcgi
+
+ # Use this for totp.cgi
+ AddHandler cgi-script .cgi
+ DirectoryIndex index.cgi
+
+ # Or use this for totp.fcgi:
+ #AddHandler fcgid-script .fcgi
+ #DirectoryIndex index.fcgi
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/totpcgi/totpcgi-server.crt
+ SSLCertificateKeyFile /etc/pki/totpcgi/totpcgi-server.key
+ SSLCACertificateFile /etc/pki/totpcgi/totpcgi-ca.crt
+ SSLHonorCipherOrder On
+ SSLCipherSuite {{ ssl_ciphers }}
+ SSLProtocol {{ ssl_protocols }}
+
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+
+ CustomLog /var/log/httpd/totpcgi-ssl-request-log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+
+ Options ExecCGI
+
+
diff --git a/roles/totpcgi/templates/totpcgi-httpd.conf.stg.j2 b/roles/totpcgi/templates/totpcgi-httpd.conf.stg.j2
new file mode 100644
index 0000000000..4bd0243d91
--- /dev/null
+++ b/roles/totpcgi/templates/totpcgi-httpd.conf.stg.j2
@@ -0,0 +1,37 @@
+Listen 8443
+
+ # Load this module locally here.
+ LoadModule suexec_module modules/mod_suexec.so
+
+ ServerAdmin admin@fedoraproject.org
+ DocumentRoot /var/www/totpcgi
+ ServerName fas-all.stg.phx2.fedoraproject.org:8443
+ ErrorLog /var/log/httpd/totpcgi-error.log
+ SuexecUserGroup totpcgi totpcgi
+
+ # Use this for totp.cgi
+ AddHandler cgi-script .cgi
+ DirectoryIndex index.cgi
+
+ # Or use this for totp.fcgi:
+ #AddHandler fcgid-script .fcgi
+ #DirectoryIndex index.fcgi
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/totpcgi/totpcgi-server.crt
+ SSLCertificateKeyFile /etc/pki/totpcgi/totpcgi-server.key
+ SSLCACertificateFile /etc/pki/totpcgi/totpcgi-ca.crt
+ SSLHonorCipherOrder On
+ SSLCipherSuite {{ ssl_ciphers }}
+ SSLProtocol {{ ssl_protocols }}
+
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+
+ CustomLog /var/log/httpd/totpcgi-ssl-request-log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+
+ Options ExecCGI
+
+
diff --git a/roles/totpcgi/templates/totpcgi-httpd.conf.vpn.j2 b/roles/totpcgi/templates/totpcgi-httpd.conf.vpn.j2
new file mode 100644
index 0000000000..eb88528e3f
--- /dev/null
+++ b/roles/totpcgi/templates/totpcgi-httpd.conf.vpn.j2
@@ -0,0 +1,36 @@
+
+ # Load this module locally here.
+ LoadModule suexec_module modules/mod_suexec.so
+
+ ServerAdmin admin@fedoraproject.org
+ DocumentRoot /var/www/totpcgi
+ ServerName fas-all.vpn.fedoraproject.org:8443
+ ErrorLog /var/log/httpd/totpcgi-error.log
+ SuexecUserGroup totpcgi totpcgi
+
+ # Use this for totp.cgi
+ AddHandler cgi-script .cgi
+ DirectoryIndex index.cgi
+
+ # Or use this for totp.fcgi:
+ #AddHandler fcgid-script .fcgi
+ #DirectoryIndex index.fcgi
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/totpcgi/totpcgi-server-vpn.crt
+ SSLCertificateKeyFile /etc/pki/totpcgi/totpcgi-server-vpn.key
+ SSLCACertificateFile /etc/pki/totpcgi/totpcgi-ca.crt
+ SSLHonorCipherOrder On
+ SSLCipherSuite {{ ssl_ciphers }}
+ SSLProtocol {{ ssl_protocols }}
+
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+
+ CustomLog /var/log/httpd/totpcgi-ssl-request-log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+
+ Options ExecCGI
+
+