diff --git a/roles/nginx/forward/defaults/main.yml b/roles/nginx/forward/defaults/main.yml
new file mode 100644
index 0000000..4c49000
--- /dev/null
+++ b/roles/nginx/forward/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+
+domain: example.com
+destination: example.com
diff --git a/roles/nginx/forward/meta/main.yml b/roles/nginx/forward/meta/main.yml
new file mode 100644
index 0000000..cf3cd67
--- /dev/null
+++ b/roles/nginx/forward/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+  - role: acme/certificate
+    domain: "{{ domain }}"
+  - role: nginx/application
diff --git a/roles/nginx/forward/tasks/main.yml b/roles/nginx/forward/tasks/main.yml
new file mode 100644
index 0000000..8f8732b
--- /dev/null
+++ b/roles/nginx/forward/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Enable forwarding {{ domain }} to {{ destination }}
+  template:
+    src: forwarding.conf
+    dest: "{{ nginx_sites_directory }}/{{ domain }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+  notify: reload nginx
diff --git a/roles/nginx/forward/templates/forward.conf b/roles/nginx/forward/templates/forward.conf
new file mode 100644
index 0000000..3bfc116
--- /dev/null
+++ b/roles/nginx/forward/templates/forward.conf
@@ -0,0 +1,13 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name {{ domain }};
+
+  ssl on;
+  ssl_certificate {{ acme_certificate_location }};
+  ssl_certificate_key {{ acme_key_location }};
+
+  {{ nginx_https_configuration }}
+
+  redirect 301 https://{{ destination }}$request_uri;
+}