diff --git a/files/README b/files/README
new file mode 100644
index 0000000000000000000000000000000000000000..2883bb9ce2e3b39cfa99fb63a5af7991b8b55e57
--- /dev/null
+++ b/files/README
@@ -0,0 +1 @@
+Download GeoLite2 DB's from https://dev.maxmind.com/geoip/geolite2-free-geolocation-data
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4f11918747d404196089b10d0a7cc0b70135c404
--- /dev/null
+++ b/inventory/group_vars/all.yml
@@ -0,0 +1,5 @@
+---
+
+hosts:
+  alternative-mdx.pt-76.utr.surfcloud.nl:
+    hostname: srv4
diff --git a/inventory/inventory b/inventory/inventory
new file mode 100644
index 0000000000000000000000000000000000000000..b91aa5a1caa56dd16be5bb6dc7a839dd2e36a181
--- /dev/null
+++ b/inventory/inventory
@@ -0,0 +1,13 @@
+[mdserver]
+alternative-mdx.pt-76.utr.surfcloud.nl
+
+[mdproxy]
+alternative-mdx.pt-76.utr.surfcloud.nl
+
+[geodns]
+alternative-mdx.pt-76.utr.surfcloud.nl
+
+[all:children]
+mdserver
+mdproxy
+geodns
diff --git a/playbook.yml b/playbook.yml
index f89ab33a16bfb2828b5f4e8d0cc0d176c603e126..e2bd310d8bc81e86b5fd0d6d9c9e875af27365ff 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -15,11 +15,11 @@
   gather_facts: false
   roles:
     - {role: apache,    tags: ['apache']}
-    - {role: mdserver,  tags: ['mdserver']}
+    #- {role: mdserver,  tags: ['mdserver']}
 
 - name: MDProxy
   hosts: mdproxy
   gather_facts: false
   roles:
     - {role: apache,    tags: ['apache']}
-    - {role: mdproxy,   tags: ['mdserver']}
+    #- {role: mdproxy,   tags: ['mdproxy']}
diff --git a/roles/apache/handlers/main.yml b/roles/apache/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..baed67691afcdf6fc3d0a24a05d646582f040218
--- /dev/null
+++ b/roles/apache/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+- name: enable apache2 job
+  systemd:
+    name: "apache2.service"
+    enabled: true
+    state: "restarted"
+    daemon_reload: true
diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..053c89378f0b408bf1fe9a3b27513c712f74a1cb
--- /dev/null
+++ b/roles/apache/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Install packages
+  apt:
+    state: present
+    name:
+      - apache2
+
+- name: Enable proxy_http mod
+  community.general.apache2_module:
+    name: proxy_http
+    state: present
+
+- name: Create Apache conf
+  ansible.builtin.template:
+    src: "md.conf.j2"
+    dest: "/etc/apache2/sites-enabled/md.conf"
+  notify:
+    - "enable apache2 job"
diff --git a/roles/apache/templates/md.conf.j2 b/roles/apache/templates/md.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..8e7b98a1f7d84bd81612fcb7dd9c55a8f839dab7
--- /dev/null
+++ b/roles/apache/templates/md.conf.j2
@@ -0,0 +1,16 @@
+<VirtualHost *:80>
+        ServerName {{ hosts[inventory_hostname]['hostname'] }}-signer.srv.mdx.incubator.geant.org
+        ServerAlias signer.srv.mdx.incubator.geant.org
+        DocumentRoot /var/www/html
+        AllowEncodedSlashes NoDecode
+        ProxyPass "/" "http://127.0.0.1:5001/" nocanon
+        ProxyPassReverse "/" "http://127.0.0.1:5001/"
+</VirtualHost>
+<VirtualHost *:80>
+        ServerName {{ hosts[inventory_hostname]['hostname'] }}-proxy.srv.mdx.incubator.geant.org
+        ServerAlias proxy.srv.mdx.incubator.geant.org
+        DocumentRoot /var/www/html
+        AllowEncodedSlashes NoDecode
+        ProxyPass "/" "http://127.0.0.1:5002/" nocanon
+        ProxyPassReverse "/" "http://127.0.0.1:5002/"
+</VirtualHost>