prep ssl stuff for grafana, maybe. I will commit the start of a certbot role later.

Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>

roles/graphite/grafana/files/grafana.conf

@@ -1,7 +0,0 @@
-<VirtualHost *:80>
-  ServerName grafana.cloud.fedoraproject.org
-  ErrorLog /var/log/httpd/grafana-error.log
-  CustomLog /var/log/httpd/grafana-access.log common
-  ProxyPass / http://localhost:3000/
-  ProxyPassReverse / http://localhost:3000/
-</VirtualHost>

roles/graphite/grafana/tasks/main.yml

@@ -36,7 +36,7 @@
   - grafana
 
 - name: grafana apache proxy config file
-  copy: src=grafana.conf dest=/etc/httpd/conf.d/grafana.conf owner=root group=root mode=644
+  template: src=grafana.conf dest=/etc/httpd/conf.d/grafana.conf owner=root group=root mode=644
   notify:
   - restart apache
   tags:

roles/graphite/grafana/templates/grafana.conf

@@ -0,0 +1,28 @@
+<VirtualHost *:80>
+  ServerName grafana.cloud.fedoraproject.org
+  ServerAlias grafana.fedorainfracloud.org
+  ErrorLog /var/log/httpd/grafana-error.log
+  CustomLog /var/log/httpd/grafana-access.log common
+  ProxyPass / http://localhost:3000/
+  ProxyPassReverse / http://localhost:3000/
+
+  RewriteEngine on
+  RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
+</VirtualHost>
+
+<VirtualHost {{public_ip}}:443 _default_:443>
+  ServerName grafana.cloud.fedoraproject.org
+  ServerAlias grafana.fedorainfracloud.org
+
+  SSLEngine on
+  SSLCertificateFile    /etc/letsencrypt/live/grafana.cloud.fedoraproject.org/cert.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/grafana.cloud.fedoraproject.org/privkey.pem
+  SSLCertificateChainFile /etc/letsencrypt/live/grafana.cloud.fedoraproject.org/fullchain.pem
+  SSLHonorCipherOrder On
+  SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
+  SSLProtocol ALL -SSLv2
+
+  ProxyPass / http://localhost:3000/
+  ProxyPassReverse / http://localhost:3000/
+</VirtualHost>
+