diff --git a/roles/distgit/templates/lookaside-upload.conf b/roles/distgit/templates/lookaside-upload.conf
index 3119a3419f..1fafd9c790 100644
--- a/roles/distgit/templates/lookaside-upload.conf
+++ b/roles/distgit/templates/lookaside-upload.conf
@@ -12,13 +12,17 @@ SSLRandomSeed startup file:/dev/urandom  256
 SSLRandomSeed connect builtin
 SSLCryptoDevice builtin
 
-# SSL host
+<VirtualHost _default_:80>
+    ServerName pkgs.{{ env_suffix }}fedoraproject.org
+    Redirect "/" "https://src{{ env_suffix }}.fedoraprojet.org/"
+</VirtualHost>
+
 <VirtualHost _default_:443>
     # This alias must come before the /repo/ one to avoid being overridden.
     ScriptAlias /repo/pkgs/upload.cgi /srv/web/upload.cgi
 
     Alias /repo/ /srv/cache/lookaside/
-    ServerName pkgs.fedoraproject.org
+    ServerName pkgs{{ env_suffix }}.fedoraproject.org
     ServerAdmin webmaster@fedoraproject.org
 
     SSLEngine on
@@ -31,56 +35,7 @@ SSLCryptoDevice builtin
     SSLProtocol {{ ssl_protocols }}
     SSLCipherSuite {{ ssl_ciphers }}
 
-# Must be 'optional' everywhere in order to have POST operations work to upload.cgi
-    SSLVerifyClient optional
-# Must be here for POST operations to upload.cgi
-    SSLOptions +OptRenegotiate
-    ErrorLog logs/ssl_error_log
-    CustomLog logs/ssl_access_log \
-         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%{SSL_CLIENT_S_DN_OU}x\" %{SSL_CLIENT_S_DN_CN}x %{SSL_CLIENT_S_DN_emailAddress}x \"%r\" %b"
-
-   <Directory /repo/pkgs/>
-       SSLVerifyClient optional
-       SSLVerifyDepth 1
-       SSLOptions +StrictRequire +StdEnvVars +OptRenegotiate
-   </Directory>
-
-   <Location /repo/pkgs/upload.cgi>
-       SSLRequireSSL
-
-       Options +ExecCGI
-
-{% if env == "production" %}
-       SSLVerifyClient optional
-       SSLVerifyDepth 1
-       SSLOptions +StrictRequire +StdEnvVars +OptRenegotiate
-{% endif %}
-
-       AuthType GSSAPI
-       GssapiSSLonly On
-       AuthName "GSSAPI Single Sign On Login"
-       GssapiCredStore keytab:/etc/httpd.keytab
-
-{% if env == "production" %}
-       SetEnvIfExpr "%{SSL_CLIENT_S_DN_O} == 'Fedora Project'" cert_s_o_valid
-       SetEnvIfExpr "%{SSL_CLIENT_S_DN_OU} == 'Fedora User Cert'" cert_s_ou_valid
-       SetEnvIfExpr "%{SSL_CLIENT_I_DN_O} == 'Fedora Project'" cert_i_o_valid
-       SetEnvIfExpr "%{SSL_CLIENT_I_DN_OU} == 'Fedora Project CA'" cert_i_ou_valid
-
-       <RequireAny>
-           <RequireAll>
-               Require env cert_s_o_valid
-               Require env cert_s_ou_valid
-               Require env cert_i_o_valid
-               Require env cert_i_ou_valid
-           </RequireAll>
-           Require valid-user
-       </RequireAny>
-{% else %}
-       Require valid-user
-{% endif %}
-    </Location>
-
+    Redirect "/" "https://src{{ env_suffix }}.fedoraprojet.org/"
 </VirtualHost>
 
 # Allow upload via src