diff --git a/defaults/main.yml b/defaults/main.yml
index 9a7f99b..c909a11 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -27,6 +27,7 @@ mailserver_rspamd_domain: ""
 mailserver_rspamd_dkim_selector: "2020"
 
 mailserver_mailman_enabled: true
+mailserver_mailman_web: true
 mailserver_mailman_domains:
 - mail: "lists.{{ mailserver_mail_domain }}"
   web: "lists.{{ mailserver_mail_domain }}"
diff --git a/tasks/mailman.yml b/tasks/mailman.yml
index c808485..6893438 100644
--- a/tasks/mailman.yml
+++ b/tasks/mailman.yml
@@ -1,8 +1,7 @@
 - name: mailman - install
   package:
     state: latest
-    name:
-      - mailman
+    name: mailman
 
 - name: mailman - mm_config
   notify:
@@ -12,6 +11,38 @@
     src: mailman_cfg.py
     dest: /etc/mailman/mm_cfg.py
 
+#
+# Web - part
+#
+- name: mailman - install fcgiwrap
+  when: mailserver_mailman_web
+  package:
+    state: latest
+    name: fcgiwrap
+
+- name: mailman - start and enable fcgiwrap
+  when: mailserver_mailman_web
+  systemd:
+    name: fcgiwrap.socket
+    state: started
+    enabled: yes
+
+- name: mailman - get cert for web
+  notify: dehydrated
+  when: mailserver_mailman_web
+  lineinfile:
+    path: /etc/dehydrated/domains.txt
+    line: "{{ mailserver_mailman_domains | map(attribute='web') | join(' ') }}"
+
+- name: mailman - nginx domain
+  notify: reload nginx
+  when: mailserver_mailman_web
+  template:
+    src: mailman-domain.nginx
+    dest: /etc/nginx/sites.d/mailman.act
+
+### END Web - part
+
 - name: mailman - enable timer
   systemd:
     name: "{{ item }}"
diff --git a/templates/mailman-domain.nginx b/templates/mailman-domain.nginx
new file mode 100644
index 0000000..3c6733a
--- /dev/null
+++ b/templates/mailman-domain.nginx
@@ -0,0 +1,33 @@
+server {
+	listen [::]:443 ssl http2;
+	listen 443 ssl http2;
+
+{% for d in mailserver_mailman_domains %}
+	server_name {{ d.web }};
+{% endfor %}
+
+	ssl_certificate /etc/dehydrated/certs/{{ mailserver_mailman_domains[0].web }}/fullchain.pem;
+	ssl_certificate_key /etc/dehydrated/certs/{{ mailserver_mailman_domains[0].web }}/privkey.pem;
+
+	root /usr/lib/mailman/cgi-bin;
+	
+	location = / {
+		rewrite ^ /listinfo permanent;
+	}
+	location / {
+		fastcgi_split_path_info ^(/[^/]*)(.*)$;
+		fastcgi_pass unix:/run/fcgiwrap.sock;
+		include fastcgi.conf;
+		fastcgi_param PATH_INFO         $fastcgi_path_info;
+		fastcgi_param PATH_TRANSLATED   $document_root$fastcgi_path_info;
+	}
+	location /icons {
+		alias /usr/lib/mailman/icons;
+	}
+	location /archives {
+		alias /var/lib/mailman/archives/public;
+		autoindex on;
+	}
+
+	include snippets/letsencrypt.conf;
+}