diff --git a/hosts b/hosts
index 7df402b..81a93d3 100644
--- a/hosts
+++ b/hosts
@@ -56,6 +56,7 @@ atl01.vultr.foo.sh
 
 [centos8:children]
 adm
+git
 mail
 mirror
 nas
@@ -64,7 +65,6 @@ static
 vmhost
 
 [centos7:children]
-git
 ldap
 collab
 
diff --git a/playbooks/git.yml b/playbooks/git.yml
index 0332a49..99e9fa1 100644
--- a/playbooks/git.yml
+++ b/playbooks/git.yml
@@ -24,4 +24,4 @@
     - base
     - git/client
     - git/server
-    - ldap/nss
+    - sssd
diff --git a/roles/git/server/files/git.conf b/roles/git/server/files/git.conf
index 44cd432..7ccb22f 100644
--- a/roles/git/server/files/git.conf
+++ b/roles/git/server/files/git.conf
@@ -1,46 +1,24 @@
 
-error_page 418 = @query_auth;
+SetEnv GIT_PROJECT_ROOT /srv/git
+SetEnv GIT_HTTP_EXPORT_ALL
 
-# Git over HTTP
-location ~ ^/.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
-    root /srv/git;
-}
-# Git operations that require authentication should go here
-location @query_auth {
-    auth_basic "Authentication Required";
-    auth_basic_user_file /etc/nginx/htpasswd;
-    rewrite ^(/.*)$ $1 break;
-    fastcgi_pass unix:/run/fcgiwrap/fcgiwrap-nginx.sock;
-    fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
-    fastcgi_param PATH_INFO $uri;
-    fastcgi_param GIT_PROJECT_ROOT /srv/git;
-    fastcgi_param GIT_HTTP_EXPORT_ALL "";
-    include fastcgi_params;
-    fastcgi_param REMOTE_USER $remote_user;
-}
-location ~ ^(.*\.git/git-receive-pack)$ {
-    return 418;
-}
-location ~ ^/(.*\.git/(HEAD|info/refs|objects/(info/[^/]+)|git-upload-pack))$ {
-    if ( $query_string = "service=git-receive-pack" ) { return 418; }
-    rewrite ^(/.*)$ $1 break;
-    fastcgi_pass unix:/run/fcgiwrap/fcgiwrap-nginx.sock;
-    fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
-    fastcgi_param PATH_INFO $uri;
-    fastcgi_param GIT_PROJECT_ROOT /srv/git;
-    fastcgi_param GIT_HTTP_EXPORT_ALL "";
-    include fastcgi_params;
-}
+Alias /static/ /var/www/git/static/
 
-# Gitweb
-location /gitweb.cgi {
-  root /var/www/git/;
-  include fastcgi_params;
-  fastcgi_param SCRIPT_NAME $uri;
-  fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
-  fastcgi_pass  unix:/run/fcgiwrap/fcgiwrap-nginx.sock;
-}
-location / {
-  root /var/www/git;
-  index gitweb.cgi;
-}
+#AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$          /srv/git/$1
+#AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/git/$1
+
+<Directory /usr/libexec/git-core>
+  Require all granted
+</Directory>
+ScriptAliasMatch \
+	"(?x)^/(.*/(HEAD | \
+			info/refs | \
+			objects/info/[^/]+ | \
+			git-(upload|receive)-pack))$" \
+	/usr/libexec/git-core/git-http-backend/$1
+
+ScriptAlias /gitweb.cgi /var/www/git/gitweb.cgi
+<Location />
+  SetEnv GITWEB_CONFIG /etc/gitweb.conf
+  DirectoryIndex gitweb.cgi
+</Location>
diff --git a/roles/git/server/meta/main.yml b/roles/git/server/meta/main.yml
index 9a25c83..5366061 100644
--- a/roles/git/server/meta/main.yml
+++ b/roles/git/server/meta/main.yml
@@ -2,4 +2,4 @@
 
 dependencies:
   - {role: git/client}
-  - {role: nginx/fcgi}
+  - {role: apache}
diff --git a/roles/git/server/tasks/main.yml b/roles/git/server/tasks/main.yml
index 2533d1d..0c43efc 100644
--- a/roles/git/server/tasks/main.yml
+++ b/roles/git/server/tasks/main.yml
@@ -9,6 +9,11 @@
     - highlight
     - perl-Digest-MD5
 
+- name: fix selinux context from data directory
+  sefcontext:
+    path: /export/git(/.*)?
+    setype: git_sys_content_t
+
 - name: create git directory
   file:
     path: /srv/git
@@ -44,11 +49,11 @@
     - logo.png
     - gitweb-local.css
 
-- name: create nginx git config
+- name: link apache git config
   copy:
-    dest: /etc/nginx/conf.d/{{ inventory_hostname }}/git.conf
+    dest: /etc/httpd/conf.local.d/git.conf
     src: git.conf
     mode: 0644
     owner: root
-    group: root
-  notify: restart nginx
+    group: "{{ ansible_wheel }}"
+  notify: restart apache