From cd8c4b0292f19a782d2758e3e98c881340f8e16a Mon Sep 17 00:00:00 2001
From: Rick Elrod <relrod@redhat.com>
Date: Wed, 6 Jun 2018 16:23:32 +0000
Subject: [PATCH] LE for releases.stg.pagure.org, infra #6576

Signed-off-by: Rick Elrod <relrod@redhat.com>
---
 roles/letsencrypt/defaults/main.yml           | 2 ++
 roles/pagure/frontend/tasks/main.yml          | 6 ++++++
 roles/pagure/frontend/templates/0_pagure.conf | 8 ++++++++
 3 files changed, 16 insertions(+)
 create mode 100644 roles/letsencrypt/defaults/main.yml

diff --git a/roles/letsencrypt/defaults/main.yml b/roles/letsencrypt/defaults/main.yml
new file mode 100644
index 0000000000..a7c53229af
--- /dev/null
+++ b/roles/letsencrypt/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+server_aliases: []
diff --git a/roles/pagure/frontend/tasks/main.yml b/roles/pagure/frontend/tasks/main.yml
index 50d1892759..b345b9b57c 100644
--- a/roles/pagure/frontend/tasks/main.yml
+++ b/roles/pagure/frontend/tasks/main.yml
@@ -239,6 +239,12 @@
   - web
   - pagure
 
+- name: Letsencrypt for releases.stg.pagure.org
+  include_role: name=letsencrypt
+  vars:
+    site_name: releases.stg.pagure.org
+  when: env == 'pagure-staging'
+
 - name: Install the SSL cert so that we can use https
   copy: >
       src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }}
diff --git a/roles/pagure/frontend/templates/0_pagure.conf b/roles/pagure/frontend/templates/0_pagure.conf
index b51d77cba2..cd10048455 100644
--- a/roles/pagure/frontend/templates/0_pagure.conf
+++ b/roles/pagure/frontend/templates/0_pagure.conf
@@ -32,6 +32,7 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
 {% if env == 'pagure-staging' %}
   ServerName releases.stg.pagure.org
   #Redirect permanent / https://releases.stg.pagure.org/
+  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
 {% else %}
   ServerName releases.pagure.org
   #Redirect permanent / https://releases.pagure.org/
@@ -171,6 +172,13 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
   DocumentRoot "/var/www/releases"
 {% if env == 'pagure-staging' %}
   ServerName releases.stg.pagure.org
+  SSLEngine on
+  SSLCertificateFile /etc/pki/tls/certs/releases.stg.pagure.org.cert
+  SSLCertificateKeyFile /etc/pki/tls/private/releases.stg.pagure.org.key
+  SSLCertificateChainFile /etc/pki/tls/certs/releases.stg.pagure.org.intermediate.cert
+  SSLHonorCipherOrder On
+  SSLProtocol {{ ssl_protocols }}
+  SSLCipherSuite {{ ssl_ciphers }}
 {% else %}
   ServerName releases.pagure.org
 {% endif %}