diff --git a/roles/copr/backend/files/cgi-resalloc b/roles/copr/backend/files/cgi-resalloc
new file mode 100755
index 0000000000..ff24ee775e
--- /dev/null
+++ b/roles/copr/backend/files/cgi-resalloc
@@ -0,0 +1,4 @@
+#!/usr/bin/python3
+from wsgiref.handlers import CGIHandler
+from resallocwebui.app import app
+CGIHandler().run(app)
diff --git a/roles/copr/backend/tasks/main.yml b/roles/copr/backend/tasks/main.yml
index 7d912d8189..7cc4e54867 100644
--- a/roles/copr/backend/tasks/main.yml
+++ b/roles/copr/backend/tasks/main.yml
@@ -143,6 +143,9 @@
 - name: install custom lighttpd template for directory listings
   template: src="lighttpd/dir-generator.php.j2" dest="/var/lib/copr/public_html/dir-generator.php" owner=copr group=copr mode=0755
 
+- name: install resalloc CGI script
+  copy: src=cgi-resalloc dest=/var/www/ setype=httpd_sys_script_exec_t
+
 - name: install the helper scripts for lighttpd log rotation
   copy:
     src: "{{ item }}"
@@ -408,3 +411,9 @@
 - name: copr-ping-account
   import_tasks: copr-ping.yml
   tags: copr_ping
+
+- name: add lighttpd user to the resalloc group
+  user:
+    name: lighttpd
+    groups: resalloc
+    append: yes
diff --git a/roles/copr/backend/tasks/resalloc.yml b/roles/copr/backend/tasks/resalloc.yml
index 4b83d00021..5e5fa9e452 100644
--- a/roles/copr/backend/tasks/resalloc.yml
+++ b/roles/copr/backend/tasks/resalloc.yml
@@ -35,6 +35,23 @@
   become: yes
   become_user: postgres
 
+- name: allow lighttpd user to conenct into the database as resalloc
+  lineinfile:
+    path: /var/lib/pgsql/data/pg_ident.conf
+    line: "resalloc lighttpd resalloc"
+    owner: postgres
+    group: postgres
+    mode: 0600
+
+- name: configure access to the resalloc database
+  postgresql_pg_hba:
+    dest: /var/lib/pgsql/data/pg_hba.conf
+    contype: local
+    databases: all
+    users: all
+    method: peer
+    options: map=resalloc
+
 - set_fact:
     provision_directory: /var/lib/resallocserver/provision
     ibmcloud_token_file: /var/lib/resallocserver/.ibm-cloud-token
diff --git a/roles/copr/backend/templates/lighttpd/lighttpd.conf b/roles/copr/backend/templates/lighttpd/lighttpd.conf
index 4abfc37ea0..f13f8a37df 100644
--- a/roles/copr/backend/templates/lighttpd/lighttpd.conf
+++ b/roles/copr/backend/templates/lighttpd/lighttpd.conf
@@ -80,6 +80,7 @@ var.socket_dir  = home_dir + "/sockets"
 server.modules = (
   "mod_access",
   "mod_accesslog",
+  "mod_alias",
   "mod_magnet",
   "mod_setenv",
   "mod_redirect",
@@ -151,6 +152,11 @@ server.pid-file = state_dir + "/lighttpd.pid"
 ##
 server.errorlog = log_pipe + log_root + "/error.log"
 
+##
+## Log STDERR from CGI processes into a file
+##
+server.breakagelog = log_pipe + log_root + "/breakage.log"
+
 ##
 ## If you want to log to syslog you have to unset the
 ## server.errorlog setting and uncomment the next line.
@@ -316,6 +322,12 @@ $HTTP["url"] == "/dir-generator.php" {
   cgi.assign = ( "/dir-generator.php" => "/usr/bin/php-cgi" )
 }
 
+$HTTP["url"] =~ "^/resalloc(?:/|$)" {
+  alias.url = ( "/resalloc" => server_root + "/cgi-resalloc" )
+  cgi.assign = ( "" => "" )
+}
+
+
 ##
 ## deny access the file-extensions
 ##