diff --git a/defaults/main.yml b/defaults/main.yml
index 31191f4..21c7256 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,3 +6,16 @@ pve_tls_source_use_content: False
 pve_tls_source_use_files: True
 pve_tls_cert_source: mycert.pem
 pve_tls_key_source: mykey.pem
+
+pve_nginx_vhost_enabled: False
+pve_server_name: pve.example.com
+pve_server_ip: 127.0.0.1
+pve_server_port: 8006
+pve_nginx_server: myinventoryname
+pve_nginx_vhost_dir: /etc/nginx/sites-available
+pve_nginx_vhost_symlink: /etc/nginx/sites-enabled
+pve_nginx_iptables_enabled: False
+
+pve_nginx_tls_enabled: True
+pve_nginx_tls_cert_file: mycert.pem
+pve_nginx_tls_key_file: mykey.pem
diff --git a/tasks/main.yml b/tasks/main.yml
index 776fbac..f270ab6 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -2,3 +2,5 @@
 - import_tasks: tls.yml
   when: pve_tls_enabled
   tags: tls_renewal
+- import_tasks: nginx.yml
+  when: unifi_nginx_vhost_enabled
\ No newline at end of file
diff --git a/tasks/nginx.yml b/tasks/nginx.yml
new file mode 100644
index 0000000..4d2016d
--- /dev/null
+++ b/tasks/nginx.yml
@@ -0,0 +1,62 @@
+---
+- block:
+  - name: Copy certs and private key to nginx proxy (content)
+    copy:
+      content: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      mode: "{{ item.mode }}"
+    with_items:
+      - { src: "{{ pve_tls_key_source }}", dest: '/etc/pki/tls/private/{{ pve_nginx_tls_key_file }}', mode: '0600' }
+      - { src: "{{ pve_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ pve_nginx_tls_cert_file }}', mode: '0750' }
+    loop_control:
+      label: "{{ item.dest }}"
+    notify: __nginx_reload
+    when: pve_tls_source_use_content
+
+  - name: Copy certs and private key to nginx proxy (files)
+    copy:
+      src: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      mode: "{{ item.mode }}"
+    with_items:
+      - { src: "{{ pve_tls_key_source }}", dest: '/etc/pki/tls/private/{{ pve_nginx_tls_key_file }}', mode: '0600' }
+      - { src: "{{ pve_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ pve_nginx_tls_cert_file }}', mode: '0750' }
+    loop_control:
+      label: "{{ item.dest }}"
+    notify: __nginx_reload
+    when: pve_tls_source_use_files
+  delegate_to: "{{ pve_nginx_server }}"
+  when: pve_nginx_tls_enabled
+  become: True
+  become_user: root
+  tags: tls_renewal
+
+- block:
+  - name: Add vhost configuration file
+    template:
+      src: nginx/vhost.j2
+      dest: "{{ pve_nginx_vhost_dir }}/pve"
+      owner: root
+      group: root
+      mode: 0640
+    notify: __nginx_reload
+
+  - name: Enable pve vhost
+    file:
+      src: "{{ pve_nginx_vhost_dir }}/pve"
+      dest: "{{ pve_nginx_vhost_symlink }}/pve"
+      owner: root
+      group: root
+      state: link
+    notify: __nginx_reload
+    when: pve_nginx_vhost_symlink is defined
+
+  - name: Open ports in iptables
+    iptables_raw:
+      name: allow_pve_nginx_proxy
+      state: present
+      rules: '-A OUTPUT -m state --state NEW -p tcp -d {{ pve_server_ip }} --dport {{ pve_server_port }} -j ACCEPT'
+    when: pve_nginx_iptables_enabled
+  delegate_to: "{{ pve_nginx_server }}"
+  become: True
+  become_user: root
diff --git a/templates/nginx/vhost.j2 b/templates/nginx/vhost.j2
index e69de29..963f991 100644
--- a/templates/nginx/vhost.j2
+++ b/templates/nginx/vhost.j2
@@ -0,0 +1,55 @@
+#jinja2: lstrip_blocks: True
+# {{ ansible_managed }}
+upstream backend_pve {
+    server {{ pve_server_ip }}:{{ pve_server_port }};
+}
+
+server {
+    listen 80;
+    server_name {{ pve_server_name }};
+
+    {% if pve_nginx_tls_enabled %}
+    return 301 https://$server_name$request_uri;
+    {% else %}
+    proxy_redirect off;
+    location / {
+        proxy_pass https://backend_pve;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_buffering off;
+        client_max_body_size 0;
+        proxy_connect_timeout  3600s;
+        proxy_read_timeout  3600s;
+        proxy_send_timeout  3600s;
+        send_timeout  3600s;
+    }
+    {% endif %}
+}
+
+{% if pve_nginx_tls_enabled %}
+server {
+    listen              443 ssl;
+    server_name         {{ pve_server_name }};
+
+    proxy_redirect off;
+
+    location / {
+        proxy_pass https://backend_pve;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_buffering off;
+        client_max_body_size 0;
+        proxy_connect_timeout  3600s;
+        proxy_read_timeout  3600s;
+        proxy_send_timeout  3600s;
+        send_timeout  3600s;
+    }
+
+    ssl_certificate /etc/pki/tls/certs/{{ pve_nginx_tls_cert_file }};
+    ssl_certificate_key /etc/pki/tls/private/{{ pve_nginx_tls_key_file }};
+}
+{% endif %}