diff --git a/roles/web_server/tasks/main.yml b/roles/web_server/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7b383a6dbe195aa55163c5225230bcc73b36f420
--- /dev/null
+++ b/roles/web_server/tasks/main.yml
@@ -0,0 +1,49 @@
+---
+
+- name: Install nginx
+  apt: name=nginx state=installed
+
+- name: Allow nginx user to traverse the directory with TLS private keys
+  user: name=www-data append=yes groups=ssl-cert
+  notify:
+    - Restart nginx
+
+- name: Deploy nginx TLS private key
+  copy: dest="/etc/ssl/private/{{ https_tls_key | basename }}" src="{{ https_tls_key }}"
+        mode=640 owner=root group=root
+  notify:
+    - Restart nginx
+
+- name: Deploy nginx TLS certificate
+  copy: dest="/etc/ssl/certs/{{ https_tls_certificate | basename }}" src="{{ https_tls_certificate }}"
+        mode=644 owner=root group=root
+  notify:
+    - Restart nginx
+
+- name: Deploy default vhost configuration
+  template: src="nginx-default.j2" dest="/etc/nginx/sites-available/default"
+             owner=root group=root mode=644
+  notify:
+    - Restart nginx
+
+- name: Deploy firewall configuration for web server
+  copy: src="ferm_http.conf" dest="/etc/ferm/conf.d/30-web.conf" owner=root group=root mode=640
+  notify:
+    - Restart ferm
+
+- name: Remove the default Debian html files
+  file: path="{{ item }}" state=absent
+  with_items:
+    - /var/www/html/index.nginx-debian.html
+    - /var/www/html/
+
+- name: Create directory for storing the default website page
+  file: path="/var/www/default/" state=directory
+        owner=root group=www-data mode=750
+
+- name: Deploy the default index.html
+  template: src="index.html.j2" dest=/var/www/default/index.html
+            owner=root group=www-data mode=640
+
+- name: Enable nginx service
+  service: name=nginx enabled=yes state=started
\ No newline at end of file