diff --git a/defaults/main.yaml b/defaults/main.yaml
index ed97d53..627eeeb 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -1 +1,2 @@
 ---
+alerta_server_name: "{{ inventory_hostname }}"
diff --git a/tasks/main.yaml b/tasks/main.yaml
index 655b174..74d6037 100644
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@@ -81,3 +81,21 @@
     content: from alerta import app
     dest: /opt/alerta/wsgi.py
   notify: restart uwsgi
+
+- include_role:
+    name: certificate
+  vars:
+    certificate_name: alerta
+    certificate_directory: /etc/ssl
+    certificate_key_usage:
+      - digitalSignature
+      - keyEncipherment
+    certificate_extended_key_usage:
+      - serverAuth
+    certificate_alt_names:
+      - "{{ alerta_server_name | regex_replace( '(.*)','DNS:\\1' ) }}"
+
+- include_role:
+    name: nginx
+  vars:
+    nginx_vhosts: "{{ alerta_nginx_vhosts }}"
diff --git a/vars/main.yaml b/vars/main.yaml
index e4f952e..d9d909c 100644
--- a/vars/main.yaml
+++ b/vars/main.yaml
@@ -15,3 +15,24 @@ alerta_uwsgi_config:
 
 alerta_webui_config:
   endpoint: /api
+
+alerta_nginx_vhosts:
+  - name: alerta
+    server_names:
+      - "{{ alerta_server_name }}"
+    custom: |-
+      root /opt/alerta/webui/dist;
+      index index.html;
+
+      location /api { try_files $uri @api; }
+      location @api {
+        include uwsgi_params;
+        uwsgi_pass unix:/run/uwsgi/app/alerta/socket;
+        proxy_set_header Host $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      }
+      location /config.json { alias /opt/alerta/config.json; }
+      location / {
+        try_files $uri $uri/ /index.html;
+      }