diff --git a/playbooks/roles/static/files/50-registry.zuul-ci.org.conf b/playbooks/roles/static/files/50-registry.zuul-ci.org.conf
new file mode 100644
index 0000000000..14a683e5b6
--- /dev/null
+++ b/playbooks/roles/static/files/50-registry.zuul-ci.org.conf
@@ -0,0 +1,45 @@
+<VirtualHost *:80>
+    ServerName registry.zuul-ci.org
+
+    RewriteEngine on
+    RewriteRule ^/(.*) https://registry.zuul-ci.org/$1 [last,redirect=permanent]
+
+    ErrorLog /var/log/apache2/registry.zuul-ci.org_error.log
+    LogLevel warn
+    CustomLog /var/log/apache2/registry.zuul-ci.org_access.log combined
+    ServerSignature Off
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+    ServerName registry.zuul-ci.org
+
+    RewriteEngine on
+
+    SSLEngine on
+    SSLProtocol All -SSLv2 -SSLv3
+    # Once the machine is using something to terminate TLS that supports ECDHE
+    # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
+    # only is guarenteed.
+    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+    SSLHonorCipherOrder on
+    SSLCertificateFile /etc/letsencrypt-certs/registry.zuul-ci.org/registry.zuul-ci.org.cer
+    SSLCertificateKeyFile /etc/letsencrypt-certs/registry.zuul-ci.org/registry.zuul-ci.org.key
+    SSLCertificateChainFile /etc/letsencrypt-certs/registry.zuul-ci.org/ca.cer
+
+    DocumentRoot /afs/openstack.org/project/zuul-ci.org/registry
+    <Directory /afs/openstack.org/project/zuul-ci.org/registry>
+        Options Indexes FollowSymLinks MultiViews
+        Require all granted
+        AllowOverride None
+        # Allow mod_rewrite rules
+        AllowOverrideList Redirect RedirectMatch
+        ErrorDocument 404 /errorpage.html
+    </Directory>
+
+    ErrorLog /var/log/apache2/registry.zuul-ci.org_error.log
+    LogLevel warn
+    CustomLog /var/log/apache2/registry.zuul-ci.org_access.log combined
+    ServerSignature Off
+</VirtualHost>
+</IfModule>
diff --git a/playbooks/roles/static/tasks/main.yaml b/playbooks/roles/static/tasks/main.yaml
index 74eb093b00..6c18d86b9d 100644
--- a/playbooks/roles/static/tasks/main.yaml
+++ b/playbooks/roles/static/tasks/main.yaml
@@ -107,6 +107,7 @@
     - 50-meetings.opendev.org
     - 50-nova.openstack.org
     - 50-planet.openstack.org
+    - 50-registry.zuul-ci.org
     - 50-security.openstack.org
     - 50-service-types.openstack.org
     - 50-specs.openstack.org