diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml
index 5636fc1..6fd58a8 100644
--- a/roles/apache/tasks/main.yml
+++ b/roles/apache/tasks/main.yml
@@ -57,6 +57,18 @@
     setype=httpd_config_t
   notify: reload httpd
 
+- name: ensure apache userdir module is configured
+  template:
+    src=userdir.httpd.conf.j2
+    dest=/etc/httpd/conf.d/userdir.conf
+    mode=0644
+  notify: reload httpd
+- name: ensure selinux is configured for apache user directories
+  seboolean:
+    name=httpd_enable_homedirs
+    persistent=yes
+    state={{ 'yes' if apache_userdir is defined else 'no' }}
+
 - name: ensure apache mpm module is configured
   template:
     src=mpm.httpd.conf.j2
diff --git a/roles/apache/templates/userdir.httpd.conf.j2 b/roles/apache/templates/userdir.httpd.conf.j2
new file mode 100644
index 0000000..891d58c
--- /dev/null
+++ b/roles/apache/templates/userdir.httpd.conf.j2
@@ -0,0 +1,44 @@
+#
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received.
+#
+# The path to the end user account 'public_html' directory must be
+# accessible to the webserver userid.  This usually means that ~userid
+# must have permissions of 711, ~userid/public_html must have permissions
+# of 755, and documents contained therein must be world-readable.
+# Otherwise, the client will only receive a "403 Forbidden" message.
+#
+<IfModule mod_userdir.c>
+    #
+    # UserDir is disabled by default since it can confirm the presence
+    # of a username on the system (depending on home directory
+    # permissions).
+    #
+{% if apache_userdir is defined %}
+    #UserDir disabled
+{% else %}
+    UserDir disabled
+{% endif %}
+
+    #
+    # To enable requests to /~user/ to serve the user's public_html
+    # directory, remove the "UserDir disabled" line above, and uncomment
+    # the following line instead:
+    # 
+{% if apache_userdir is defined %}
+    UserDir {{ apache_userdir }}
+{% else %}
+    #UserDir public_html
+{% endif %}
+</IfModule>
+
+#
+# Control access to UserDir directories.  The following is an example
+# for a site where these directories are restricted to read-only.
+#
+<Directory "/home/*/public_html">
+    AllowOverride FileInfo AuthConfig Limit Indexes
+    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+    Require method GET POST OPTIONS
+</Directory>
+