diff --git a/httpd.yml b/httpd.yml
new file mode 100644
index 0000000..73dcebf
--- /dev/null
+++ b/httpd.yml
@@ -0,0 +1,33 @@
+---
+- hosts: tau
+  become: true
+
+  vars:
+    - server_admin: "admin@netz39.de"
+
+
+  tasks:
+    - name: Update and clean package cache
+      apt:
+        update_cache: true
+        cache_valid_time: 3600
+        autoclean: true
+
+    - name: Ensure Apache2 and modules are installed and up to date
+      apt:
+        name:
+          - apache2
+        state: latest
+
+    - name: Ensure mod_rewrite is enabled
+      apache2_module:
+        name: rewrite
+        state: present
+
+
+    - name: Setup proxy site testredmine.netz39.de
+      include_role:
+        name: setup-http-site-proxy
+      vars:
+        site_name: testredmine.netz39.de
+        proxy_port: 9004
diff --git a/roles/setup-http-site-proxy/handlers/main.yml b/roles/setup-http-site-proxy/handlers/main.yml
new file mode 100644
index 0000000..670471f
--- /dev/null
+++ b/roles/setup-http-site-proxy/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart apache2
+  service:
+    name: apache2
+    state: restarted
diff --git a/roles/setup-http-site-proxy/tasks/main.yml b/roles/setup-http-site-proxy/tasks/main.yml
new file mode 100644
index 0000000..70f5f5c
--- /dev/null
+++ b/roles/setup-http-site-proxy/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+- name: Add or update Apache2 site
+  template:
+    src: templates/apache-docker-proxy-site.j2
+    dest: /etc/apache2/sites-available/{{site_name}}.conf
+  notify: restart apache2
+
+- name: Activate Apache2 site
+  command: a2ensite {{ site_name}}
+  args:
+    creates: /etc/apache2/sites-enabled/{{ site_name }}.conf
+  notify: restart apache2
diff --git a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
new file mode 100644
index 0000000..8e5bf88
--- /dev/null
+++ b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
@@ -0,0 +1,30 @@
+<VirtualHost {{ ansible_default_ipv4.address }}:80>
+    ServerAdmin {{ server_admin }}
+    ServerName {{ site_name }}
+    ServerAlias {{ site_name }}
+    ErrorLog /var/log/apache2/{{ site_name }}-error.log
+    CustomLog /var/log/apache2/{{ site_name }}-access.log common
+
+    <ifmodule mod_rewrite.c>
+        RewriteEngine On
+        RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
+        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+    </ifmodule>
+</VirtualHost>
+
+<VirtualHost {{ ansible_default_ipv4.address }}:443>
+    ServerAdmin {{ server_admin }}
+    ServerName {{ site_name }}
+    ServerAlias {{ site_name }}
+
+    ErrorLog /var/log/apache2/{{ site_name }}-error.log
+    CustomLog /var/log/apache2/{{ site_name }}-access.log common
+
+    SSLEngine on
+    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+    SSLCertificateFile    /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem
+    SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem
+    SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem
+
+    ProxyPass / http://localhost:{{proxy_port}}/
+</VirtualHost>