diff --git a/inventory/service/group_vars/static.yaml b/inventory/service/group_vars/static.yaml
index ce452a3541..9202bb7121 100644
--- a/inventory/service/group_vars/static.yaml
+++ b/inventory/service/group_vars/static.yaml
@@ -4,6 +4,8 @@ letsencrypt_certs:
- '{{ inventory_hostname }}'
- files.openstack.org
- static.openstack.org
+ static-api-openstack-org:
+ - api.openstack.org
static-ask-openstack-org:
- ask.openstack.org
static-docs-airshipit-org:
diff --git a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
index 206402889f..ef3414f7df 100644
--- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
+++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
@@ -52,6 +52,9 @@
- name: letsencrypt updated static-opendev-org-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+- name: letsencrypt updated static-api-openstack-org
+ include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
+
- name: letsencrypt updated static-ask-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
diff --git a/playbooks/roles/static/files/50-api.openstack.org.conf b/playbooks/roles/static/files/50-api.openstack.org.conf
new file mode 100644
index 0000000000..3b92b27797
--- /dev/null
+++ b/playbooks/roles/static/files/50-api.openstack.org.conf
@@ -0,0 +1,31 @@
+
+ ServerName api.openstack.org
+
+ RewriteEngine On
+ RewriteRule ^/(.*) https://developer.openstack.org/$1 [last,redirect=permanent]
+
+ LogLevel warn
+ ErrorLog /var/log/apache2/api.openstack.org_error.log
+ CustomLog /var/log/apache2/api.openstack.org_access.log combined
+ ServerSignature Off
+
+
+
+ ServerName api.openstack.org
+
+ SSLCertificateFile /etc/letsencrypt-certs/api.openstack.org/api.openstack.org.cer
+ SSLCertificateKeyFile /etc/letsencrypt-certs/api.openstack.org/api.openstack.org.key
+ SSLCertificateChainFile /etc/letsencrypt-certs/api.openstack.org/ca.cer
+ SSLProtocol All -SSLv2 -SSLv3
+ # Note: this list should ensure ciphers that provide forward secrecy
+ SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+ SSLHonorCipherOrder on
+
+ RewriteEngine On
+ RewriteRule ^/(.*) https://developer.openstack.org/$1 [last,redirect=permanent]
+
+ LogLevel warn
+ ErrorLog /var/log/apache2/api.openstack.org_error.log
+ CustomLog /var/log/apache2/api.openstack.org_access.log combined
+ ServerSignature Off
+
diff --git a/playbooks/roles/static/tasks/main.yaml b/playbooks/roles/static/tasks/main.yaml
index 00b9c6439c..81bf731d51 100644
--- a/playbooks/roles/static/tasks/main.yaml
+++ b/playbooks/roles/static/tasks/main.yaml
@@ -105,6 +105,7 @@
include_tasks: enable_site.yaml
loop:
- 00-static.opendev.org
+ - 50-api.openstack.org
- 50-ask.openstack.org
- 50-ci.openstack.org
- 50-cinder.openstack.org
diff --git a/testinfra/test_static.py b/testinfra/test_static.py
index bf9c93161b..5373fc61c7 100644
--- a/testinfra/test_static.py
+++ b/testinfra/test_static.py
@@ -187,6 +187,17 @@ def test_doc_redirects(host, hostname, target):
assert '301 Moved Permanently' in cmd.stdout
assert target in cmd.stdout
+def test_api_openstack_org(host):
+ cmd = host.run('curl --resolve api.openstack.org:80:127.0.0.1'
+ ' http://api.openstack.org')
+ assert '301 Moved Permanently' in cmd.stdout
+ assert 'https://developer.openstack.org/' in cmd.stdout
+
+ cmd = host.run('curl --resolve api.openstack.org:443:127.0.0.1'
+ ' https://api.openstack.org')
+ assert '301 Moved Permanently' in cmd.stdout
+ assert 'https://developer.openstack.org/' in cmd.stdout
+
def test_summit_openstack_org(host):
cmd = host.run('curl --resolve summit.openstack.org:80:127.0.0.1'
' http://summit.openstack.org')