diff --git a/roles/web_server/templates/nginx-default.j2 b/roles/web_server/templates/nginx-default.j2
new file mode 100644
index 0000000000000000000000000000000000000000..3379e22dab9c7591d0eb61dc98c6fa82e37fa95d
--- /dev/null
+++ b/roles/web_server/templates/nginx-default.j2
@@ -0,0 +1,26 @@
+#
+# Default server (vhost) configuration.
+#
+server {
+    # HTTP (plaintext) configuration.
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    # HTTPS (TLS) configuration.
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+    ssl_certificate_key /etc/ssl/private/{{ https_tls_key | basename }};
+    ssl_certificate /etc/ssl/certs/{{ https_tls_certificate | basename }};
+
+    # Set-up the serving of default page.
+    root /var/www/default/;
+    index index.html;
+
+    # Set server_name to something that won't be matched (for default server).
+    server_name _;
+
+    location / {
+        # Always point user to the same index page.
+        try_files $uri /index.html;
+    }
+}