diff --git a/playbooks/roles/gitea/files/apache-connection-tuning b/playbooks/roles/gitea/files/apache-connection-tuning
new file mode 100644
index 0000000000..8cc4e55431
--- /dev/null
+++ b/playbooks/roles/gitea/files/apache-connection-tuning
@@ -0,0 +1,14 @@
+# worker MPM
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+#
+# We've noticed that our mirrors occasionally have stale workers. This leads
+# to ssl certs not being refreshed properly after reload and we've also seen
+# ssl connections to round robin backend services have trouble. Restarting
+# the workers so that they load up new info seems to fix this. Try and force
+# that to happen regularly with a connections limit per worker.
+<IfModule mpm_worker_module>
+    MaxConnectionsPerChild 8192
+</IfModule>
+<IfModule mpm_event_module>
+    MaxConnectionsPerChild 8192
+</IfModule>
diff --git a/playbooks/roles/gitea/handlers/main.yaml b/playbooks/roles/gitea/handlers/main.yaml
index a06fe5144d..f20b3d0896 100644
--- a/playbooks/roles/gitea/handlers/main.yaml
+++ b/playbooks/roles/gitea/handlers/main.yaml
@@ -2,3 +2,8 @@
   service:
     name: apache2
     state: reloaded
+
+- name: gitea Restart apache2
+  service:
+    name: apache2
+    state: restarted
diff --git a/playbooks/roles/gitea/tasks/proxy.yaml b/playbooks/roles/gitea/tasks/proxy.yaml
index f05168fcdb..a1268929ce 100644
--- a/playbooks/roles/gitea/tasks/proxy.yaml
+++ b/playbooks/roles/gitea/tasks/proxy.yaml
@@ -24,3 +24,12 @@
     group: root
     mode: 0644
   notify: gitea Reload apache2
+
+- name: Copy apache tuning
+  copy:
+    src: apache-connection-tuning
+    dest: /etc/apache2/conf-enabled/connection-tuning.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: gitea Restart apache2