diff --git a/roles/ipa/server/files/ipa-rewrite.conf b/roles/ipa/server/files/ipa-rewrite.conf
index 12722ee807..7e0c29b3d6 100644
--- a/roles/ipa/server/files/ipa-rewrite.conf
+++ b/roles/ipa/server/files/ipa-rewrite.conf
@@ -1 +1,22 @@
 # VERSION 6 - DO NOT REMOVE THIS LINE
+
+RewriteEngine on
+
+# By default forward all requests to /ipa. If you don't want IPA
+# to be the default on your web server comment this line out.
+# RewriteRule ^/$ https://id{{ env_suffix }}.fedoraproject.org/ipa/ui [L,NC,R=301]
+
+# Redirect to the fully-qualified hostname. Not redirecting to secure
+# port so configuration files can be retrieved without requiring SSL.
+# RewriteCond %{HTTP_HOST}    !^id{{ env_suffix }}.fedoraproject.org$ [NC]
+# RewriteRule ^/ipa/(.*)      http://id{{ env_suffix }}.fedoraproject.org/ipa/$1 [L,R=301]
+
+# Redirect to the secure port if not displaying an error or retrieving
+# configuration.
+# RewriteCond %{SERVER_PORT}  !^443$
+# RewriteCond %{REQUEST_URI}  !^/ipa/(errors|config|crl)
+# RewriteCond %{REQUEST_URI}  !^/ipa/[^\?]+(\.js|\.css|\.png|\.gif|\.ico|\.woff|\.svg|\.ttf|\.eot)$
+# RewriteRule ^/ipa/(.*)      https://id{{ env_suffix }}.fedoraproject.org/ipa/$1 [L,R=301,NC]
+
+# Rewrite for plugin index, make it like it's a static file
+RewriteRule ^/ipa/ui/js/freeipa/plugins.js$    /ipa/wsgi/plugins.py [PT]