diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..0026458
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+mailserver_postfixadmin_domain: ""
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..4e0a6ca
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: reload nginx
+  systemd:
+    name: nginx
+    state: reloaded
diff --git a/meta/main.yml b/meta/main.yml
index ba5c05a..2d25cf1 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,2 +1,4 @@
 dependencies:
 - role: webserver
+  vars:
+    webserver_php_enabled: true
diff --git a/tasks/db.yml b/tasks/db.yml
index aae820c..5a3347a 100644
--- a/tasks/db.yml
+++ b/tasks/db.yml
@@ -3,4 +3,25 @@
     name:
     - postgresql
     - postfixadmin
-    - php-fpm
+
+- name: nginx local
+  notify: reload nginx
+  when: mailserver_postfixadmin_domain == ""
+  template:
+    src: postfixadmin-local.nginx
+    dest: /etc/nginx/local.d/postfixadmin.act
+
+- name: nginx domain
+  notify: reload nginx
+  when: mailserver_postfixadmin_domain != ""
+  template:
+    src: postfixadmin-domain.nginx
+    dest: /etc/nginx/sites.d/postfixadmin.act
+
+- name: allow access php to postfixadmin.conf
+  file:
+    path: "/etc/webapps/postfixadmin/{{ item }}"
+    group: http
+  with_items:
+  - config.inc.php
+  - config.local.php
diff --git a/templates/postfixadmin-local.nginx b/templates/postfixadmin-local.nginx
new file mode 100644
index 0000000..3b55c31
--- /dev/null
+++ b/templates/postfixadmin-local.nginx
@@ -0,0 +1,21 @@
+location /postfixadmin {
+	rewrite ^/postfixadmin/?(.*)$ /postfixadmin/public/$1 last;
+}
+
+location /postfixadmin/public {
+	root /usr/share/webapps;
+	index index.html index.htm index.php;
+
+	location ~ \.php(?:$|/) {
+		fastcgi_split_path_info ^(.+.php)(/.+)$;
+		fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
+		fastcgi_index index.php;
+	
+		include fastcgi.conf;
+
+		fastcgi_param PHP_ADMIN_VALUE open_basedir=/etc/webapps/postfixadmin/:/usr/share/webapps/postfixadmin:/tmp:/usr/share/pear:/dev/urandom;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		fastcgi_param PATH_INFO $fastcgi_path_info;
+		fastcgi_param HTTPS on;
+	}
+}