diff --git a/group_vars/all b/group_vars/all
index d5f7641..333dc4a 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -21,6 +21,11 @@ ntp_servers:
 - 172.23.1.61
 - 172.23.2.2
 
+owncloud_domain: oc.binary-kitchen.de
+owncloud_dbname: owncloud
+owncloud_dbuser: owncloud
+owncloud_dbpass: tnEykTqtsC9pECz7wAUJ
+
 prosody_admin: moepman@jabber.binary-kitchen.de
 prosody_domain: jabber.binary-kitchen.de
 
diff --git a/roles/owncloud/handlers/main.yml b/roles/owncloud/handlers/main.yml
new file mode 100644
index 0000000..b8367c9
--- /dev/null
+++ b/roles/owncloud/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: Restart nginx
+  service: name=nginx state=restarted
+
+- name: Restart php5-fpm
+  service: name=php5-fpm state=restarted
diff --git a/roles/owncloud/meta/main.yml b/roles/owncloud/meta/main.yml
new file mode 100644
index 0000000..923f9d1
--- /dev/null
+++ b/roles/owncloud/meta/main.yml
@@ -0,0 +1,5 @@
+---
+
+dependencies:
+- { role: certmgr }
+- { role: nginx }
diff --git a/roles/owncloud/tasks/main.yml b/roles/owncloud/tasks/main.yml
new file mode 100644
index 0000000..87ca823
--- /dev/null
+++ b/roles/owncloud/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+
+- name: Install packages
+  apt: name={{ item }} state=present
+  with_items:
+  - php5-curl
+  - php5-fpm
+  - php5-gd
+  - php5-pgsql
+  - postgresql
+  - python-psycopg2
+
+- name: Configure PostgreSQL database
+  postgresql_db: name={{ owncloud_dbname }} owner={{ owncloud_dbuser }}
+  become: true
+  become_user: postgres
+
+- name: Configure PostgreSQL user
+  postgresql_user: db={{ owncloud_dbname }} name={{ owncloud_dbuser }} password={{ owncloud_dbpass }} priv=ALL state=present
+  become: true
+  become_user: postgres
+
+- name: Ensure certificates are available
+  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ owncloud_domain }}.key -out /etc/nginx/ssl/{{ owncloud_domain }}.crt -days 730 -subj "/CN={{ owncloud_domain }}" creates=/etc/nginx/ssl/{{ owncloud_domain }}.crt
+  notify: Restart nginx
+
+- name: Configure certificate manager for owncloud
+  template: src=certs.j2 dest=/etc/acme/domains.d/{{ owncloud_domain }}.conf
+
+- name: Create vhost directory
+  file: path=/var/www/owncloud state=directory owner=www-data group=www-data
+
+- name: Configure vhost
+  template: src=vhost.j2 dest=/etc/nginx/sites-available/owncloud
+  notify: Restart nginx
+
+- name: Enable vhosts
+  file: src=/etc/nginx/sites-available/owncloud dest=/etc/nginx/sites-enabled/owncloud state=link
+  notify: Restart nginx
+
+- name: Start php5-fpm
+  service: name=php5-fpm state=started enabled=yes
+
+- name: Start PostgreSQL
+  service: name=postgresql state=started enabled=yes
diff --git a/roles/owncloud/templates/certs.j2 b/roles/owncloud/templates/certs.j2
new file mode 100644
index 0000000..adfdc29
--- /dev/null
+++ b/roles/owncloud/templates/certs.j2
@@ -0,0 +1,15 @@
+---
+
+{{ owncloud_domain }}:
+- path: /etc/nginx/ssl/{{ owncloud_domain }}.crt
+  user: root
+  group: root
+  perm: '400'
+  format: crt
+  notify: 'service nginx restart'
+- path: /etc/nginx/ssl/{{ owncloud_domain }}.key
+  user: root
+  group: root
+  perm: '400'
+  format: key
+  notify: 'service nginx restart'
diff --git a/roles/owncloud/templates/vhost.j2 b/roles/owncloud/templates/vhost.j2
new file mode 100644
index 0000000..2250c3b
--- /dev/null
+++ b/roles/owncloud/templates/vhost.j2
@@ -0,0 +1,38 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name {{ owncloud_domain }};
+
+	location /.well-known/acme-challenge/ {
+		default_type "text/plain";
+		root /var/www/acme-challenge/;
+	}
+
+	location / {
+		return 301 https://{{ owncloud_domain }}$request_uri;
+    }
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	server_name {{ owncloud_domain }};
+
+	ssl_certificate_key /etc/nginx/ssl/{{ owncloud_domain }}.key;
+	ssl_certificate /etc/nginx/ssl/{{ owncloud_domain }}.crt;
+
+	root /var/www/owncloud/;
+
+	location ~ \.php$ {
+		try_files $uri =404;
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+		# With php5-fpm:
+		fastcgi_pass unix:/var/run/php5-fpm.sock;
+		fastcgi_index index.php;
+		include fastcgi_params;
+	}
+}
diff --git a/site.yml b/site.yml
index 89f4a4d..09ddd29 100644
--- a/site.yml
+++ b/site.yml
@@ -21,6 +21,11 @@
   roles:
   - prosody
 
+- name: Setup owncloud server
+  hosts: nitrogen.binary-kitchen.net
+  roles:
+  - owncloud
+
 - name: Setup member server
   hosts: oxygen.binary-kitchen.net
   roles: