diff --git a/playbooks/roles/static/files/apache-connection-tuning b/playbooks/roles/static/files/apache-connection-tuning
new file mode 100644
index 0000000000..8cc4e55431
--- /dev/null
+++ b/playbooks/roles/static/files/apache-connection-tuning
@@ -0,0 +1,14 @@
+# worker MPM
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+#
+# We've noticed that our mirrors occasionally have stale workers. This leads
+# to ssl certs not being refreshed properly after reload and we've also seen
+# ssl connections to round robin backend services have trouble. Restarting
+# the workers so that they load up new info seems to fix this. Try and force
+# that to happen regularly with a connections limit per worker.
+
+ MaxConnectionsPerChild 8192
+
+
+ MaxConnectionsPerChild 8192
+
diff --git a/playbooks/roles/static/handlers/main.yaml b/playbooks/roles/static/handlers/main.yaml
index 4c5855ec0f..fe996bf164 100644
--- a/playbooks/roles/static/handlers/main.yaml
+++ b/playbooks/roles/static/handlers/main.yaml
@@ -1,4 +1,9 @@
- name: Reload apache2
service:
name: apache2
- state: reloaded
\ No newline at end of file
+ state: reloaded
+
+- name: Restart apache2
+ service:
+ name: apache2
+ state: restarted
diff --git a/playbooks/roles/static/tasks/main.yaml b/playbooks/roles/static/tasks/main.yaml
index f687fe778f..fcbca23f8c 100644
--- a/playbooks/roles/static/tasks/main.yaml
+++ b/playbooks/roles/static/tasks/main.yaml
@@ -61,6 +61,15 @@
state: present
name: headers
+- name: Copy apache tuning
+ copy:
+ src: apache-connection-tuning
+ dest: /etc/apache2/conf-enabled/connection-tuning.conf
+ owner: root
+ group: root
+ mode: 0644
+ notify: Restart apache2
+
- name: Make sure packaged default site disabled
command: a2dissite 000-default.conf
args: