diff --git a/roles/piwik/files/piwik-httpd.conf b/roles/piwik/files/piwik-httpd.conf
new file mode 100644
index 0000000000..11a04ab864
--- /dev/null
+++ b/roles/piwik/files/piwik-httpd.conf
@@ -0,0 +1,25 @@
+<Directory /srv/piwik>
+  Require all granted
+</Directory>
+
+<VirtualHost *:80>
+  ServerName piwik.fedorainfracloud.org
+  Redirect permanent / https://piwik.fedorainfracloud.org/piwik
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName piwik.fedorainfracloud.org
+
+  SSLEngine on
+  SSLProtocol all -SSLv2 -SSLv3
+  # Use secure TLSv1.1 and TLSv1.2 ciphers
+  Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+
+  SSLCertificateFile /etc/pki/tls/certs/piwik.fedorainfracloud.org.cert
+  SSLCertificateChainFile /etc/pki/tls/certs/piwik.fedorainfracloud.org.intermediate.cert
+  SSLCertificateKeyFile /etc/pki/tls/certs/piwik.fedorainfracloud.org.key
+
+  Alias /piwik /srv/piwik
+
+  Redirect / /piwik
+</VirtualHost>
diff --git a/roles/piwik/tasks/main.yml b/roles/piwik/tasks/main.yml
index 908094ca21..3d758aef6b 100644
--- a/roles/piwik/tasks/main.yml
+++ b/roles/piwik/tasks/main.yml
@@ -5,4 +5,27 @@
   - packages
   - piwik
 
-#- name: set up http configs for piwik
+- name: set up http configs for piwik
+  template: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
+            owner=root group=root mode=0644
+  with_items:
+  - piwik-httpd.conf
+  tags:
+  - files
+  - config
+  - piwik
+  notify:
+  - restart apache
+
+- name: Install the SSL cert so that we can use https
+  copy: >
+      src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }}
+      owner=root group=root mode=0600
+  notify: restart stunnel
+  with_items:
+  - piwik.fedorainfracloud.org.cert
+  - piwik.fedorainfracloud.org.key
+  - piwik.fedorainfracloud.org.intermediate.cert
+  tags:
+  - config
+  - piwik