Deploy split servers to prod

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

playbooks/include/proxies-websites.yml

@@ -658,18 +658,30 @@
 
   - role: httpd/website
     name: id.fedoraproject.org
+    sslonly: true
+    cert_name: "{{wildcard_cert_name}}"
+    SSLCertificateChainFile: wildcard-2017.id.fedoraproject.org.intermediate.cert
+    tags:
+    - id.fedoraproject.org
+
+  - role: httpd/website
+    name: username.id.fedoraproject.org
     server_aliases:
     - "*.id.fedoraproject.org"
     # Must not be sslonly, because example.id.fedoraproject.org must be reachable
     # via plain http for openid identity support
     cert_name: wildcard-2017.id.fedoraproject.org
     SSLCertificateChainFile: wildcard-2017.id.fedoraproject.org.intermediate.cert
+    tags:
+    - id.fedoraproject.org
 
   - role: httpd/website
     name: id.stg.fedoraproject.org
     cert_name: "{{wildcard_cert_name}}"
     SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
     sslonly: true
+    tags:
+    - id.fedoraproject.org
     when: env == "staging"
 
   - role: httpd/website
@@ -680,6 +692,8 @@
     # via plain http for openid identity support
     cert_name: "{{wildcard_cert_name}}"
     SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
+    tags:
+    - id.fedoraproject.org
     when: env == "staging"
 
   - role: httpd/website

roles/httpd/reverseproxy/templates/reversepassproxy.id.conf

@@ -9,17 +9,6 @@ Header always add Strict-Transport-Security "max-age=15768000; preload"
 
 RewriteEngine on
 
-{% if env == "production" %}
-RewriteMap lowercase int:tolower
-RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9-]+\.id\.fedoraproject\.org$
-RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C]
-RewriteRule ^([a-z0-9-]+)\.id\.fedoraproject\.org/.* {{proxyurl}}/openid/id/$1/ [P]
-
-RewriteCond %{HTTPS} off
-RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
-{% endif %}
-
-
 RewriteRule ^(.+) - [PT]
 
 <Location /login>