diff --git a/roles/nginx/defaults/main.yaml b/roles/nginx/defaults/main.yaml
index 919fccb..4838a71 100644
--- a/roles/nginx/defaults/main.yaml
+++ b/roles/nginx/defaults/main.yaml
@@ -5,3 +5,12 @@ nginx_package_state: present
 nginx_service_name: nginx
 nginx_service_state: started
 nginx_service_enabled: yes
+
+nginx_root: /var/www/html
+nginx_index:
+  - index.html
+  - index.htm
+  #- index.nginx-debian.html;
+
+nginx_acme_challenge_enabled: yes
+nginx_acme_challenge_path: /var/www/.acme-challenge
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 2116ccb..c3e3fdf 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -12,6 +12,15 @@
     name: "{{ nginx_package_name }}"
     state: "{{ nginx_package_state }}"
 
+- name: configure default virtual host
+  template:
+    src: default.j2
+    dest: /etc/nginx/sites-available/default
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload nginx
+
 - name: manage service
   service:
     name: "{{ nginx_service_name }}"
diff --git a/roles/nginx/templates/default.j2 b/roles/nginx/templates/default.j2
new file mode 100644
index 0000000..d029c1c
--- /dev/null
+++ b/roles/nginx/templates/default.j2
@@ -0,0 +1,21 @@
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    root {{ nginx_root }};
+
+    index {{ nginx_index | join(' ') }};
+
+    server_name _;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+{% if nginx_acme_challenge_enabled %}
+    location /.well-known/acme-challenge/ {
+        alias {{ nginx_acme_challenge_path }};
+        try_files $uri $uri/ =404;
+    }
+{% endif %}
+}