diff --git a/roles/httpd/website/templates/website.conf b/roles/httpd/website/templates/website.conf
new file mode 100644
index 0000000000..79bb66fe91
--- /dev/null
+++ b/roles/httpd/website/templates/website.conf
@@ -0,0 +1,50 @@
+
+ ServerName {{ name }}
+{% if server_aliases %}
+ ServerAlias {{ server_aliases.join(" ") }}
+{% endif %}
+ ServerAdmin {{ server_admin }}
+ TraceEnable Off
+
+{% if gzip %}
+ SetOutputFilter DEFLATE
+{% end %}
+
+{% if sslonly %}
+ RewriteEngine On
+ RewriteCond %{HTTPS} off
+ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
+{% else %}
+ Include "conf.d/{{ name }}/*.conf"
+{% end %}
+
+
+{% if ssl %}
+
+ ServerName {{ name }}
+{% if server_aliases %}
+ ServerAlias {{ server_aliases.join(" ") }}
+{% end %}
+ ServerAdmin {{ server_admin }}
+
+{% if gzip %}
+ SetOutputFilter DEFLATE
+{% end %}
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/tls/certs/{{ cert_name }}.cert
+ SSLCertificateKeyFile /etc/pki/tls/private/{{ cert_name }}.key
+{% if SSLCertificateChainFile %}
+ SSLCertificateChainFile /etc/pki/tls/certs/{{ SSLCertificateChainFile }}
+{% end %}
+ SSLHonorCipherOrder On
+
+ # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14
+ # If you change the protocols or cipher suites, you should probably update
+ # modules/squid/files/squid.conf-el6 too, to keep it in sync.
+ SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
+ SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+
+ Include "conf.d/{{ name }}/*.conf"
+
+{% end %}