diff --git a/roles/web_server/playbook.yml b/roles/web_server/playbook.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7406fb82c0c76b1e1ca869ab52632b84ebcf560d
--- /dev/null
+++ b/roles/web_server/playbook.yml
@@ -0,0 +1,77 @@
+---
+
+- hosts: all
+  tasks:
+
+    - name: Update all caches to avoid errors due to missing remote archives
+      apt:
+        update_cache: yes
+
+- hosts: all
+  tasks:
+
+    - name: Set-up /etc/hosts entries
+      lineinfile:
+        dest: /etc/hosts
+        line: "{{ item.key }} {{ item.value }}"
+      with_dict:
+        10.31.127.20: "client1"
+        10.31.127.30: "parameters-mandatory"
+        10.31.127.31: "parameters-optional"
+
+- hosts: client1
+  tasks:
+
+    - name: Install tool for testing TCP connectivity
+      apt:
+        name: hping3
+        state: installed
+
+    - name: Install console-based web browser for interactive testing
+      apt:
+        name: lynx
+        state: installed
+
+    - name: Deploy CA certificate
+      copy:
+        src: tests/data/x509/ca.cert.pem
+        dest: /usr/local/share/ca-certificates/testca.crt
+        owner: root
+        group: root
+        mode: 0644
+      notify:
+        - Update CA certificate cache
+
+  handlers:
+
+    - name: Update CA certificate cache
+      command: /usr/sbin/update-ca-certificates --fresh
+
+- hosts: parameters-mandatory
+  roles:
+    - role: web_server
+
+      # common
+      ca_certificates:
+        testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
+
+      # Common parameters (general, not role).
+      tls_certificate_dir: tests/data/x509/
+      tls_private_key_dir: tests/data/x509/
+
+- hosts: parameters-optional
+  roles:
+    - role: web_server
+      default_enforce_https: no
+      default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional_https.cert.pem') }}"
+      default_https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional_https.key.pem') }}"
+      web_default_title: "Optional Welcome"
+      web_default_message: "Welcome to parameters-optional, default virtual host."
+      web_server_tls_protocols:
+        - TLSv1.1
+        - TLSv1.2
+      web_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:!aNULL:!MD5:!EXPORT"
+
+      # common
+      ca_certificates:
+        testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"