diff --git a/inventory/group_vars/pagure-stg b/inventory/group_vars/pagure-stg
index 2faf7cff1b..ed37c4eac7 100644
--- a/inventory/group_vars/pagure-stg
+++ b/inventory/group_vars/pagure-stg
@@ -13,6 +13,10 @@ tcp_ports: [ 22, 25, 80, 443, 9418,
     # This is for the pagure public fedmsg relay
     9940]
 
+stunnel_service: "eventsource"
+stunnel_source_port: 8080
+stunnel_destination_port: 8080
+
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell
diff --git a/roles/pagure/frontend/files/stunnel.service b/roles/pagure/frontend/files/stunnel.service
new file mode 100644
index 0000000000..8701ba266f
--- /dev/null
+++ b/roles/pagure/frontend/files/stunnel.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=stunnel
+After=network.target
+Documentation=https://infrastructure.fedoraproject.org/infra/docs/fedmsg-websocket.txt
+
+[Service]
+ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
+Type=forking
+User=root
+Group=root
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/pagure/frontend/tasks/main.yml b/roles/pagure/frontend/tasks/main.yml
index 3a176399e9..c9384ee65b 100644
--- a/roles/pagure/frontend/tasks/main.yml
+++ b/roles/pagure/frontend/tasks/main.yml
@@ -127,6 +127,39 @@
   - restart pagure_milter
 
 
+# Set-up stunnel for the event source server
+
+- name: install stunnel service definition
+  copy: src=stunnel.service
+        dest=/usr/lib/systemd/system/stunnel.service
+        owner=root group=root mode=0755
+  notify:
+  - reload systemd
+  - restart stunnel
+  tags:
+  - pagure
+  - stunnel
+
+- name: ensure old stunnel init file is gone
+  file: dest=/etc/init.d/stunnel/stunnel.init state=absent
+  tags:
+  - pagure
+  - stunnel
+  - config
+
+- name: install stunnel.conf
+  template: src={{ item.file }}
+            dest={{ item.dest }}
+            owner=root group=root mode=0600
+  with_items:
+  - { file: stunnel-conf.j2, dest: /etc/stunnel/stunnel.conf }
+  notify: restart stunnel
+  tags:
+  - pagure
+  - stunnel
+  - config
+
+
 # Set-up Pagure
 
 - name: create the /var/www/releases folder
@@ -165,6 +198,7 @@
   copy: >
       src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }}
       owner=root group=root mode=0600
+  notify: restart stunnel
   with_items:
   - pagure.io.cert
   - pagure.io.key
diff --git a/roles/pagure/frontend/templates/stunnel-conf.j2 b/roles/pagure/frontend/templates/stunnel-conf.j2
new file mode 100644
index 0000000000..6dcf68a09d
--- /dev/null
+++ b/roles/pagure/frontend/templates/stunnel-conf.j2
@@ -0,0 +1,8 @@
+cert = /etc/pki/tls/certs/pagure.io.cert
+key = /etc/pki/tls/certs/pagure.io.key
+pid = /var/run/stunnel.pid
+
+[{{ stunnel_service }}]
+
+accept = {{ stunnel_source_port }}
+connect = {{ stunnel_destination_port }}