proxies/forge: fix SSL failures with attachment reverse proxy

The attachment reverse proxy was failing for several reasons, one
of which is that SSL options weren't set up correctly so the SSL
connection to pagure.io failed. This adds a Proxy section for
stg.pagure.io with the appropriate settings to make it work.

There are still several other issues, but this at least fixes the
SSL problem.

Signed-off-by: Adam Williamson <awilliam@redhat.com>

roles/httpd/reverseproxy/templates/reversepassproxy.forge.conf

@@ -1,7 +1,13 @@
 # Redirect links from Fedora Forge for Pagure attachments
 # Currently only enabled in staging for testing
 {% if env == "staging" %}
+<Proxy "https://stg.pagure.io">
+SSLProxyEngine On
+SSLProxyVerify require
+SSLProxyVerifyDepth 2
+SSLProxyCACertificateFile "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"
+</Proxy>
 ProxyPassMatch ^/(.+?)/issue/raw/files/(.*)$ https://stg.pagure.io/$1/issue/raw/files/$2
 {% endif %}
 
-{% include 'reversepassproxy.conf' %}
+{% include 'reversepassproxy.conf' %}