diff --git a/inventory/group_vars/libravatar b/inventory/group_vars/libravatar
index e03c6a9df9..1f2f8baf09 100644
--- a/inventory/group_vars/libravatar
+++ b/inventory/group_vars/libravatar
@@ -2,4 +2,5 @@ resolvconf: "resolv.conf/cloud"
git_branch: master
server_name: www.libravatar.org
server_alias: "*.libravatar.org"
+server_seccdn_name: seccdn.libravatar.org
server_redirect_name: "libravatar.org libravatar.com www.libravatar.com"
diff --git a/inventory/group_vars/libravatar-stg b/inventory/group_vars/libravatar-stg
index 1a398333c0..1107c12592 100644
--- a/inventory/group_vars/libravatar-stg
+++ b/inventory/group_vars/libravatar-stg
@@ -2,4 +2,5 @@ resolvconf: "resolv.conf/cloud"
git_branch: devel
server_name: libravatar-stg.fedorainfracloud.org
server_alias: libravatar-stg.fedorainfracloud.org
+server_seccdn_name: libravatar-stg.fedorainfracloud.org
server_redirect_name: libravatar-stg.fedorainfracloud.org
diff --git a/roles/libravatar/tasks/main.yml b/roles/libravatar/tasks/main.yml
index 2388b6d6af..47048d1519 100644
--- a/roles/libravatar/tasks/main.yml
+++ b/roles/libravatar/tasks/main.yml
@@ -112,6 +112,7 @@
template: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
with_items:
- "libravatar.conf"
+ - "libravatar-app.include"
notify:
- reload httpd
tags:
diff --git a/roles/libravatar/templates/httpd/libravatar-app.include b/roles/libravatar/templates/httpd/libravatar-app.include
new file mode 100644
index 0000000000..34dbf3c9ed
--- /dev/null
+++ b/roles/libravatar/templates/httpd/libravatar-app.include
@@ -0,0 +1,29 @@
+WSGIPassAuthorization On
+WSGIDaemonProcess libravatar user=apache group=apache threads=25 display-name=libravatar maximum-requests=10000 graceful-timeout=20 python-home=/mnt/data/.virtualenv python-path=/srv/libravatar
+WSGIScriptAlias / /mnt/data/wsgi.py
+
+ScriptAlias "/cgi-bin/" "/mnt/data/cgi-bin/"
+
+Alias /robots.txt /srv/libravatar/static/robots.txt
+Alias /favicon.ico /srv/libravatar/static/favicon.ico
+
+Alias /media/ /srv/libravatar/media/
+Alias /static/ /srv/libravatar/static/
+
+
+ Require all granted
+
+
+
+ Require all granted
+
+
+
+ WSGIProcessGroup libravatar
+ Require all granted
+
+
+
+ WSGIApplicationGroup %{GLOBAL}
+ Require all granted
+
diff --git a/roles/libravatar/templates/httpd/libravatar.conf b/roles/libravatar/templates/httpd/libravatar.conf
index 0785343d0b..34d7edf49c 100644
--- a/roles/libravatar/templates/httpd/libravatar.conf
+++ b/roles/libravatar/templates/httpd/libravatar.conf
@@ -23,35 +23,20 @@ RewriteEngine on
RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
- WSGIPassAuthorization On
- WSGIDaemonProcess libravatar user=apache group=apache threads=25 display-name=libravatar maximum-requests=10000 graceful-timeout=20 python-home=/mnt/data/.virtualenv python-path=/srv/libravatar
- WSGIScriptAlias / /mnt/data/wsgi.py
+ Include /etc/httpd/conf.d/libravatar-app.include
+
- ScriptAlias "/cgi-bin/" "/mnt/data/cgi-bin/"
+
+ ServerName {{ server_seccdn_name }}
- Alias /robots.txt /srv/libravatar/static/robots.txt
- Alias /favicon.ico /srv/libravatar/static/favicon.ico
+ SSLCertificateFile /etc/letsencrypt/live/{{ server_seccdn_name }}/cert.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_seccdn_name }}/privkey.pem
+ SSLCertificateChainFile /etc/letsencrypt/live/{{ server_seccdn_name }}/fullchain.pem
+ Header always add Strict-Transport-Security "max-age=31536000; preload"
- Alias /media/ /srv/libravatar/media/
- Alias /static/ /srv/libravatar/static/
+ RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
-
- Require all granted
-
-
-
- Require all granted
-
-
-
- WSGIProcessGroup libravatar
- Require all granted
-
-
-
- WSGIApplicationGroup %{GLOBAL}
- Require all granted
-
+ Include /etc/httpd/conf.d/libravatar-app.include