diff --git a/inventory/group_vars/libravatar b/inventory/group_vars/libravatar
index 7135a5c865..9a651e4e53 100644
--- a/inventory/group_vars/libravatar
+++ b/inventory/group_vars/libravatar
@@ -1,2 +1,4 @@
resolvconf: "resolv.conf/cloud"
git_branch: master
+server_name: www.libravatar.org
+server_alias: libravatar.org
diff --git a/inventory/group_vars/libravatar-stg b/inventory/group_vars/libravatar-stg
index 87ffa67d99..aa7c8bc985 100644
--- a/inventory/group_vars/libravatar-stg
+++ b/inventory/group_vars/libravatar-stg
@@ -1,2 +1,4 @@
resolvconf: "resolv.conf/cloud"
git_branch: devel
+server_name: libravatar-stg.fedorainfracloud.org
+server_alias: libravatar-stg.fedorainfracloud.org
diff --git a/roles/libravatar/tasks/main.yml b/roles/libravatar/tasks/main.yml
index dd5bf0cf05..c0a3059d24 100644
--- a/roles/libravatar/tasks/main.yml
+++ b/roles/libravatar/tasks/main.yml
@@ -25,8 +25,8 @@
- name: configure postfix for email encryption and not relaying to bastion
command: "{{ item }}"
with_items:
- - postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem'
- - postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem'
+ - postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/{{ server_name }}/fullchain.pem'
+ - postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/{{ server_name }}/privkey.pem'
- postconf -e 'smtp_use_tls = yes'
- postconf -e 'relayhost ='
diff --git a/roles/libravatar/templates/httpd/libravatar.conf b/roles/libravatar/templates/httpd/libravatar.conf
index 9b1b38acea..a0416d3eb6 100644
--- a/roles/libravatar/templates/httpd/libravatar.conf
+++ b/roles/libravatar/templates/httpd/libravatar.conf
@@ -6,17 +6,18 @@ RewriteEngine on
- ServerName {{ inventory_hostname }}
+ ServerName {{ server_name }}
+ ServerAlias {{ server_alias }}
RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
- RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,R=301,NE]
+ RewriteRule "^/?(.*)" "https://{{ server_name }}/$1" [L,R=301,NE]
- ServerName {{ inventory_hostname }}
+ ServerName {{ server_name }}
- SSLCertificateFile /etc/letsencrypt/live/{{ inventory_hostname }}/cert.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem
- SSLCertificateChainFile /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
+ SSLCertificateFile /etc/letsencrypt/live/{{ server_name }}/cert.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_name }}/privkey.pem
+ SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem
Header always add Strict-Transport-Security "max-age=31536000; preload"
RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
@@ -53,13 +54,13 @@ RewriteEngine on
- SSLCertificateFile /etc/letsencrypt/live/{{ inventory_hostname }}/cert.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem
- SSLCertificateChainFile /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
+ SSLCertificateFile /etc/letsencrypt/live/{{ server_name }}/cert.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_name }}/privkey.pem
+ SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem
Header always add Strict-Transport-Security "max-age=31536000; preload"
- #ServerName {{ inventory_hostname }}
- #RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,R=301,NE]
+ ServerAlias {{ server_alias }}
+ RewriteRule "^/?(.*)" "https://{{ server_name }}/$1" [L,R=301,NE]