diff --git a/roles/nginx/application/defaults/main.yml b/roles/nginx/application/defaults/main.yml
new file mode 100644
index 0000000..786a4a9
--- /dev/null
+++ b/roles/nginx/application/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+
+nginx_system_user: www-data
+
+nginx_installation_directory: "/etc/nginx"
+nginx_upstreams_directory: "{{ nginx_installation_directory }}/upstreams"
+nginx_sites_directory: "{{ nginx_installation_directory }}/sites"
+nginx_streams_directory: "{{ nginx_installation_directory }}/streams"
+
+nginx_global_log_directory: "/var/log/nginx"
+nginx_global_access_log: "{{ nginx_global_log_directory }}/access.log"
+nginx_global_error_log: "{{ nginx_global_log_directory }}/error.log"
diff --git a/roles/nginx/application/handlers/main.yml b/roles/nginx/application/handlers/main.yml
new file mode 100644
index 0000000..21732df
--- /dev/null
+++ b/roles/nginx/application/handlers/main.yml
@@ -0,0 +1,13 @@
+---
+
+- name: reload nginx
+  systemd:
+    enabled: yes
+    name: nginx
+    state: reloaded
+
+- name: restart nginx
+  systemd:
+    enabled: yes
+    name: nginx
+    state: restarted
diff --git a/roles/nginx/application/tasks/main.yml b/roles/nginx/application/tasks/main.yml
new file mode 100644
index 0000000..2178dd8
--- /dev/null
+++ b/roles/nginx/application/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+
+- name: Install nginx
+  apt:
+    state: present
+    name:
+      - nginx-full
+
+- name: Remove uneccesary directories
+  file:
+    state: absent
+    name: "{{ nginx_installation_directory }}/{{ item }}"
+  with_items: "{{ nginx_unnecessary_files }}"
+
+- name: Create directory {{ item }}
+  file:
+    state: directory
+    name: "{{ item }}"
+    owner: root
+    group: root
+    mode: "u=rwx,g=rx,o=rx"
+  with_items:
+    - "{{ nginx_upstreams_directory }}"
+    - "{{ nginx_sites_directory }}"
+    - "{{ nginx_streams_directory }}"
+
+- name: Enable nginx service
+  systemd:
+    enabled: yes
+    name: nginx
+
+- name: Configure nginx
+  template:
+    src: nginx.conf
+    dest: "{{ nginx_installation_directory }}/nginx.conf"
+  notify: reload nginx
+
+# TODO Configure global log
diff --git a/roles/nginx/application/templates/nginx.conf b/roles/nginx/application/templates/nginx.conf
new file mode 100644
index 0000000..bedb0c1
--- /dev/null
+++ b/roles/nginx/application/templates/nginx.conf
@@ -0,0 +1,92 @@
+user {{ nginx_system_user }} {{ nginx_system_user }};
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+  worker_connections 768;
+  # multi_accept on;
+}
+
+http {
+
+  ##
+  # Basic Settings
+  ##
+
+  sendfile on;
+  tcp_nopush on;
+  tcp_nodelay on;
+  keepalive_timeout 65;
+  types_hash_max_size 2048;
+  # server_tokens off;
+
+  # server_names_hash_bucket_size 64;
+  # server_name_in_redirect off;
+
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
+  ##
+  # SSL Settings
+  ##
+
+  ssl_protocols TLSv1.2;
+  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+  ssl_prefer_server_ciphers on;
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_timeout 10m;
+
+  ##
+  # Logging Settings
+  ##
+
+  access_log {{ nginx_global_access_log }};
+  error_log {{ nginx_global_error_log }};
+
+  ##
+  # Gzip Settings
+  ##
+
+  gzip on;
+  gzip_disable "msie6";
+
+  # gzip_vary on;
+  # gzip_proxied any;
+  # gzip_comp_level 6;
+  # gzip_buffers 16 8k;
+  # gzip_http_version 1.1;
+  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+  ##
+  # HTTP to HTTPs redirect
+  ##
+
+  server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    return 301 https://$host$request_uri;
+  }
+
+  ##
+  # Virtual Host Configs
+  ##
+
+  include /etc/nginx/conf.d/*.conf;
+
+  include {{ nginx_sites_directory }}/*;
+
+}
+
+stream {
+
+  ##
+  # Logging Settings
+  ##
+
+  access_log {{ nginx_global_access_log }};
+  error_log {{ nginx_global_error_log }};
+
+  include {{ nginx_streams_directory }}/*;
+
+}
diff --git a/roles/nginx/application/vars/main.yml b/roles/nginx/application/vars/main.yml
new file mode 100644
index 0000000..86e9dd6
--- /dev/null
+++ b/roles/nginx/application/vars/main.yml
@@ -0,0 +1,17 @@
+---
+
+nginx_unnecessary_files:
+  - sites-available
+  - sites-enabled
+
+nginx_ssl_configuration: |
+  ssl_protocols TLSv1.2;
+  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+  ssl_prefer_server_ciphers on;
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_timeout 10m;
+
+nginx_https_configuration: |
+  {{ nginx_ssl_configuration }}
+  add_header Strict-Transport-Security 'max-age=15768000; includeSubDomains; preload;'; # default max age: 2592000 = 30 * 24 * 60 * 60s
+  add_header 'Referrer-Policy' 'same-origin';