diff --git a/group_vars/ns.yml b/group_vars/ns.yml
index fbe167c..6700dff 100644
--- a/group_vars/ns.yml
+++ b/group_vars/ns.yml
@@ -3,6 +3,8 @@ firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22, 81.175.130.44/32]}
   - {proto: tcp, port: 53}
   - {proto: udp, port: 53}
+  - {proto: tcp, port: 80}
+  - {proto: tcp, port: 443}
 #  - {proto: tcp, port: 853}
 
 ifstated_config: ifstated-ns.conf
diff --git a/host_vars/atl01.vultr.foo.sh.yml b/host_vars/atl01.vultr.foo.sh.yml
index 9047861..af4e516 100644
--- a/host_vars/atl01.vultr.foo.sh.yml
+++ b/host_vars/atl01.vultr.foo.sh.yml
@@ -1,2 +1,3 @@
 ---
 network_carp_interfaces: []
+nsd_server: ns2.foo.sh
diff --git a/playbooks/ns.yml b/playbooks/ns.yml
index e5b7ecc..6041536 100644
--- a/playbooks/ns.yml
+++ b/playbooks/ns.yml
@@ -12,5 +12,9 @@
   roles:
     - base
     - nsd
+    - role: nginx/server
+    - role: nginx/site
+      site: "{{ nsd_server }}"
+      redirect: https://www.foo.sh/
     - role: ifstated
       when: "'vultr' not in group_names"