diff --git a/roles/proxy/templates/haproxy.cfg.j2 b/roles/proxy/templates/haproxy.cfg.j2
new file mode 100644
index 0000000..1fe48b4
--- /dev/null
+++ b/roles/proxy/templates/haproxy.cfg.j2
@@ -0,0 +1,51 @@
+global
+        log 127.0.0.1 local0 notice
+        user haproxy
+        group haproxy
+        tune.ssl.default-dh-param 4096
+
+defaults
+        log     global
+        mode    http
+        retries 2
+        timeout connect 3000
+        timeout server 5000
+        timeout client 5000
+        stats enable
+        stats uri {{ proxy_stats_uri }}
+        stats realm Haproxy\ Statistics
+        stats auth {{ proxy_stats_user }}:{{ proxy_stats_pass }}
+
+listen mysql-cluster
+    bind 0.0.0.0:3306
+    mode tcp
+    option mysql-check user haproxy_check
+    balance roundrobin
+    {% for db_server in dbservers %}
+    server {{ db_server }} {{ db_server }}:3306 check
+    {% endfor %}
+
+frontend www-http
+   bind 0.0.0.0:80
+   reqadd X-Forwarded-Proto:\ http
+   default_backend www-backend
+
+frontend www-https
+   bind 0.0.0.0:443 ssl crt /root/server.pem
+   reqadd X-Forwarded-Proto:\ https
+
+   acl host_wrestlingdev hdr(host) -i wrestlingdev.com
+   use_backend wrestlingdev if host_wrestlingdev
+
+   default_backend www-backend
+
+backend www-backend
+   redirect scheme https if !{ ssl_fc }
+   errorfile 503 /root/home.html
+
+backend wrestlingdev
+   redirect scheme https if !{ ssl_fc }
+   balance roundrobin
+   {% for web_server in webservers %}
+   server {{ web_server }} {{ web_server }}:443 check ssl verify none
+   {% endfor %}
diff --git a/site.yml b/site.yml
index 9353146..294fe77 100644
--- a/site.yml
+++ b/site.yml
@@ -21,6 +21,7 @@
 
   roles:
     - firstdb
+    - db
 
 - name: deploy mysql and configure database
   hosts: dbservers
@@ -28,3 +29,10 @@
 
   roles:
    - db
+
+- name: deploy haproxy
+  hosts: proxy
+  remote_user: root
+
+  roles:
+   - proxy