diff --git a/mediawiki/defaults/main.yml b/mediawiki/defaults/main.yml
index 1a9db94e9d8e9bc8b3003045811e16877514d8b9..9c04cacfb90edae6130d401b2a1ad1c5ff878fce 100644
--- a/mediawiki/defaults/main.yml
+++ b/mediawiki/defaults/main.yml
@@ -13,3 +13,5 @@ mediawiki_dbhost: localhost
 mediawiki_dbname: "{{ mediawiki_name }}"
 mediawiki_dbuser: "{{ mediawiki_name }}"
 mediawiki_dbpassword: 
+
+mediawiki_use_ldap: yes
diff --git a/mediawiki/meta/main.yml b/mediawiki/meta/main.yml
index f206fd05ad15f394321af07b9f7525cdbc038a86..8c99dfce25159796ead9633182a9326f9238bb19 100644
--- a/mediawiki/meta/main.yml
+++ b/mediawiki/meta/main.yml
@@ -1,5 +1,5 @@
 ---
 # file: roles/mediawiki/meta/main.yml
 dependencies:
-  - { role: uwsgi-php }
+  - { role: php-fpm, fpm_pool: "{{mediawiki_name}}", fpm_user: "{{mediawiki_user}}", fpm_group: "{{mediawiki_group}}", fpm_socket_user: "{{mediawiki_user}}", fpm_socket_group: www-data }
   - { role: postgres }
diff --git a/mediawiki/tasks/ldap.yml b/mediawiki/tasks/ldap.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f1998a474068c168e77ec34e84615441c6eac53b
--- /dev/null
+++ b/mediawiki/tasks/ldap.yml
@@ -0,0 +1,11 @@
+---
+# file: roles/mediawiki/tasks/ldap.yml
+
+- name: ensure we have the auth extension
+  git:
+    repo: https://git.fsmpi.rwth-aachen.de/robin/mediawiki-remoteuser.git
+    dest: "/var/lib/mediawiki/extensions/AuthRemoteuser"
+  tags:
+    - git
+    - packages
+    - mediawiki
diff --git a/mediawiki/tasks/main.yml b/mediawiki/tasks/main.yml
index 005b59e4153a52876d4a99ba0c6ae7d9fb587c39..6d4e48b072db359d8404b0fff82eb643ef1c6a02 100644
--- a/mediawiki/tasks/main.yml
+++ b/mediawiki/tasks/main.yml
@@ -1,11 +1,21 @@
 ---
 # file: roles/mediawiki/tasks/main.yml
 
-- name: ensure packages for mediawiki are installed
+- name: ensure packages for mediawiki are installed on jessie
   apt: name={{ item }} state=latest install_recommends=no
   with_items:
     - mediawiki
     - mediawiki-extensions
+  when: debian_version == "jessie"
+  tags:
+    - packages
+    - mediawiki
+
+- name: ensure packages for mediawiki are installed on stretch
+  apt: name={{ item }} state=present
+  with_items:
+    - mediawiki
+  when: debian_version == "stretch"
   tags:
     - packages
     - mediawiki
@@ -69,60 +79,36 @@
     src: "/usr/share/mediawiki/{{ item }}"
     dest: "{{ mediawiki_web_root }}/{{ mediawiki_name }}/{{ item }}"
     force: yes
-  with_items: mediawiki_other_files.stdout_lines
+  with_items: "{{mediawiki_other_files.stdout_lines}}"
   tags:
     - config
     - mediawiki
 
-- name: "ensure the library mediawiki uses for diffs is enabled"
-  file:
-    state: link
-    src: "../../mods-available/wikidiff2.ini"
-    dest: "/etc/php5/embed/conf.d/wikidiff2.ini"
-  tags:
-    - config
-    - mediawiki
-    - php
-
-- name: "ensure temporary directories for {{ mediawiki_name }} exist"
-  lineinfile:
-    dest: "/etc/tmpfiles.d/10-mediawiki-{{ mediawiki_name }}.conf"
-    line: "d /run/uwsgi/app/mediawiki-{{ mediawiki_name }} 0775 {{ mediawiki_user }} {{mediawiki_group }} - -"
-    create: yes
-  notify:
-    - create tmpfiles
-  tags:
-    - config
-    - mediawiki
+#- name: "ensure the library mediawiki uses for diffs is enabled"
+#  file:
+#    state: link
+#    src: "../../mods-available/wikidiff2.ini"
+#    dest: "/etc/php5/embed/conf.d/wikidiff2.ini"
+#  tags:
+#    - config
+#    - mediawiki
+#    - php
 
 - include: postgres.yml
   when: mediawiki_dbtype == "postgres"
 
-- name: "ensure the uwsgi.ini for {{ mediawiki_name }} exists"
-  template:
-    src: mediawiki.ini.j2
-    dest: "/etc/uwsgi/apps-available/mediawiki-{{ mediawiki_name }}.ini"
-  notify:
-    - "restart uwsgi for {{ mediawiki_name }}"
-  tags:
-    - config
-    - mediawiki
-  
-- name: "ensure the unit file for {{ mediawiki_name }} exists"
-  template:
-    src: mediawiki.service.j2
-    dest: "/etc/systemd/system/mediawiki-{{ mediawiki_name }}.service"
-  notify:
-    - reload systemd service files
-    - "restart uwsgi for {{ mediawiki_name }}"
-  tags:
-    - config
-    - mediawiki
+- include: ldap.yml
+  when: mediawiki_use_ldap
 
-- name: "ensure the service for {{ mediawiki_name }} is enabled"
-  service:
-    name: "mediawiki-{{ mediawiki_name }}"
-    enabled: yes
+- name: ensure we are running maintenance regularly
+  cron: 
+    name: "mediawiki maintenance"
+    hour: "0"
+    minute: "0"
+    job: "/usr/bin/php {{mediawiki_web_root}}/maintenance/runJobs.php --conf {{mediawiki_web_root}}/LocalSettings.php"
+  become: yes
+  become_user: "{{mediawiki_user}}"
   tags:
+    - cron
     - config
     - mediawiki
diff --git a/mediawiki/tasks/postgres.yml b/mediawiki/tasks/postgres.yml
index 0478adbed9dff8781272a70bef20f432fbcb9c32..af5775e813ac510f16a62da791354026c432e129 100644
--- a/mediawiki/tasks/postgres.yml
+++ b/mediawiki/tasks/postgres.yml
@@ -1,8 +1,17 @@
 ---
 # file: roles/mediawiki/tasks/postgres.yml
 
-- name: "ensure php can talk with postgres"
+- name: "ensure php can talk with postgres on jessie"
   apt: name=php5-pgsql state=latest
+  when: debian_version == "jessie"
+  tags:
+    - packages
+    - postgresql
+    - mediawiki
+
+- name: "ensure php can talk with postgres on stretch"
+  apt: name=php-pgsql state=present
+  when: debian_version == "stretch"
   tags:
     - packages
     - postgresql
diff --git a/php-fpm/defaults/main.yml b/php-fpm/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ad1acfff87a8e19e6f17457dc59230a169ff86a0
--- /dev/null
+++ b/php-fpm/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+# file: roles/php-fpm/defaults/mail.yml
+
+fpm_pool: www
+fpm_user: www-data
+fpm_group: www-data
+fpm_socket_user: www-data
+fpm_socket_group: www-data
diff --git a/php-fpm/tasks/main.yml b/php-fpm/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..43064fb43001dc25032b2b555242827a458bf7bc
--- /dev/null
+++ b/php-fpm/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+# file: roles/php-fpm/tasks/main.yml
+
+- name: ensure php-fpm is installed on stretch
+  apt: name="{{item}}" state=present
+  with_items:
+    - php
+    - php-fpm
+  when: debian_version == "stretch"
+  tags:
+    - packages
+    - php
+    - php-fpm
+
+- name: ensure php-fpm is installed on jessie
+  apt: name="{{item}}" state=present
+  with_items:
+    - php5
+    - php5-fpm
+  when: debian_version == "jessie"
+  tags:
+    - packages
+    - php
+    - php-fpm
+  
+- name: ensure we have the pool we want
+  template:
+    src: pool.conf
+    dest: "/etc/php/7.0/fpm/pool.d/{{fpm_pool}}.conf"
+    owner: root
+    group: root
+    mode: 0644
+  when: debian_version == "stretch"
+  tags:
+   - config
+   - php
+   - php-fpm
+
diff --git a/php-fpm/templates/pool.conf b/php-fpm/templates/pool.conf
new file mode 100644
index 0000000000000000000000000000000000000000..f7f846fdf4ee68aa43bf7d6a24b97fb951bba3bd
--- /dev/null
+++ b/php-fpm/templates/pool.conf
@@ -0,0 +1,14 @@
+[{{fpm_pool}}]
+user = {{fpm_user}}
+group = {{fpm_group}}
+
+listen = /run/php/{{fpm_pool}}-fpm.sock
+
+listen.owner = {{fpm_socket_user}}
+listen.group = {{fpm_socket_group}}
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
diff --git a/webserver/files/nginx.conf b/webserver/files/nginx.conf
index af1ef1d4a533c1fc4b531d0ab3667b9e49c5d781..225bf7276f884ddef9a79b4ab9603fbc3d11bd5d 100644
--- a/webserver/files/nginx.conf
+++ b/webserver/files/nginx.conf
@@ -21,7 +21,7 @@ http {
 	types_hash_max_size 2048;
 	# server_tokens off;
 
-	# server_names_hash_bucket_size 64;
+	server_names_hash_bucket_size 64;
 	# server_name_in_redirect off;
 
 	include /etc/nginx/mime.types;
diff --git a/webserver/handlers/main.yml b/webserver/handlers/main.yml
index 4b82c22fca6db4ccac3e8f608762ef2fbc8c1d07..e58a6acd99ca434391309b227b48723a5483f1f9 100644
--- a/webserver/handlers/main.yml
+++ b/webserver/handlers/main.yml
@@ -9,3 +9,6 @@
 
 - name: restart nginx-proxy
   service: name=nginx-proxy state=restarted
+
+- name: create tmpfiles
+  command: systemd-tmpfiles --create
diff --git a/webserver/tasks/main.yml b/webserver/tasks/main.yml
index 2ad44d7c30e737c96895c2a67848ac506d100b0d..67cf47969714c1547ee9d7bf340a96d2ee28188e 100644
--- a/webserver/tasks/main.yml
+++ b/webserver/tasks/main.yml
@@ -65,6 +65,17 @@
     - config
     - nginx
 
+- name: ensure we have a directory for sockets
+  lineinfile:
+    dest: /etc/tmpfiles.d/10-nginx.conf
+    line: "d /run/nginx 0750 www-data nginx-proxy - -"
+    create: yes
+  notify:
+    - create tmpfiles
+  tags:
+    - config
+    - nginx
+
 - name: ensure the default config is not activated
   file: path=/etc/nginx/sites-enabled/default state=absent
   notify: