diff --git a/zabbix-frontend/files/10-uwsgi.conf b/zabbix-frontend/files/10-uwsgi.conf
new file mode 100644
index 0000000000000000000000000000000000000000..50b2862b7b5bfbdf7fafd0f4e6a54f0280e8c743
--- /dev/null
+++ b/zabbix-frontend/files/10-uwsgi.conf
@@ -0,0 +1,2 @@
+d /run/uwsgi 0755 root root - -
+d /run/uwsgi/app 0755 root root - -
diff --git a/zabbix-frontend/files/10-zabbix.conf b/zabbix-frontend/files/10-zabbix.conf
new file mode 100644
index 0000000000000000000000000000000000000000..4affeaeb98a241bc76c28bb4c6e5a79646c556eb
--- /dev/null
+++ b/zabbix-frontend/files/10-zabbix.conf
@@ -0,0 +1 @@
+d /run/uwsgi/app/zabbix 0775 zabbix zabbix - -
diff --git a/zabbix-frontend/files/zabbix-frontend.service b/zabbix-frontend/files/zabbix-frontend.service
new file mode 100644
index 0000000000000000000000000000000000000000..962eca63fb27e098e11b59ee1f4db3a168cf842d
--- /dev/null
+++ b/zabbix-frontend/files/zabbix-frontend.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Zabbix Web Frontend
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-available/zabbix.ini
+Restart=always
+KillSignal=SIGQUIT
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target
diff --git a/zabbix-frontend/files/zabbix.conf b/zabbix-frontend/files/zabbix.conf
new file mode 100644
index 0000000000000000000000000000000000000000..ab5dc68c3b0d087a53cd591f895e8d155f675c3f
--- /dev/null
+++ b/zabbix-frontend/files/zabbix.conf
@@ -0,0 +1,25 @@
+location /zabbix {
+#        if ($scheme ~ ^http:){
+#            rewrite ^(.*)$  https://$host$1 permanent;
+#        }
+	root			/usr/share;
+	index			index.php;
+	error_page		403 404 502 503 504  /zabbix/index.php;
+
+	location ~ \.php$ {
+#		if (!-f $request_filename) { return 404; }
+#		expires			epoch;
+#		include			/etc/nginx/fastcgi_params;
+#		fastcgi_index	index.php;
+#		fastcgi_pass	unix:/var/run/php5-fpm.sock;
+		include uwsgi_params;
+		uwsgi_modifier1 14;
+		uwsgi_pass unix:///run/uwsgi/app/zabbix/zabbix.sock;
+    }
+
+	location ~ \.(jpg|jpeg|gif|png|ico)$ {
+		access_log	off;
+		expires		33d;
+	}
+
+}
diff --git a/zabbix-frontend/files/zabbix.ini b/zabbix-frontend/files/zabbix.ini
new file mode 100644
index 0000000000000000000000000000000000000000..0691ace6f5805a025acc1063d33afa7439f52958
--- /dev/null
+++ b/zabbix-frontend/files/zabbix.ini
@@ -0,0 +1,27 @@
+[uwsgi]
+uwsgi-socket = /run/uwsgi/app/zabbix/zabbix.sock
+chmod-socket = 660
+chown-socket = zabbix:www-data
+autoload = 
+master = 
+processes = 4
+workers = 4
+prio = -5
+harakiri = 5
+chdir = /usr/share/zabbix
+uid = zabbix
+gid = zabbix
+logto = /var/log/uwsgi-zabbix.log
+logfile-chown = zabbix:zabbix
+logfile-chmod = 664
+log-date = 
+log-4xx = 
+log-5xx = 
+log-x-forwarded-for = 
+plugin = php
+php-index = index.php
+php-set = date.timezone=Europe/Berlin
+php-set = post_max_size=16M
+php-set = max_execution_time=300
+php-set = max_input_time=300
+php-set = always_populate_raw_post_data=-1
diff --git a/zabbix-frontend/handlers/main.yml b/zabbix-frontend/handlers/main.yml
index ea7d872f2495d9b8d80c283aa4a5c3536578652f..6384a25d5e74ece7f020d488f7163c8fbcb47e44 100644
--- a/zabbix-frontend/handlers/main.yml
+++ b/zabbix-frontend/handlers/main.yml
@@ -3,3 +3,16 @@
 - name: restart zabbix frontend
   service: name=zabbix-frontend state=restarted
 
+- name: create tmpfiles
+  command: systemd-tmpfiles --create
+
+- name: reload systemd service files
+  command: systemctl daemon-reload
+
+- name: restart postgres
+  service: name=postgresql state=restarted
+  delegate_to: "{{ zabbix_db_host }}"
+
+- name: restart nginx
+  service: name=nginx state=restarted
+
diff --git a/zabbix-frontend/tasks/main.yml b/zabbix-frontend/tasks/main.yml
index 5247d2fb8271951fb5314d9dd5aa26f4be86dc66..e495428f210cb02117ecef17106beed6292eed44 100644
--- a/zabbix-frontend/tasks/main.yml
+++ b/zabbix-frontend/tasks/main.yml
@@ -1,5 +1,30 @@
 ---
 
+- name: ensure there is an uwsgi temporary directory
+  copy: src=10-uwsgi.conf dest=/etc/tmpfiles.d/10-uwsgi.conf
+  notify:
+    - create tmpfiles
+  tags:
+    - config
+    - zabbix
+
+- name: ensure there is an frontend app temporary directory
+  copy: src=10-zabbix.conf dest=/etc/tmpfiles.d/10-zabbix.conf
+  notify:
+    - create tmpfiles
+  tags:
+    - config
+    - zabbix
+
+- name: ensure the systemd service file is available
+  copy: src=zabbix-frontend.service dest=/etc/systemd/system/zabbix-frontend.service
+  notify:
+    - reload systemd service files
+    - restart zabbix frontend
+  tags:
+    - service
+    - zabbix
+
 - name: ensure the frontend package is installed
   apt: name=zabbix-frontend-php state=latest
   notify:
@@ -8,9 +33,73 @@
     - packages
     - zabbix
 
-# TODO configure frontend
-# TODO create systemd/uwsgi unit and corresponding stuff
-# TODO configure webserver
+- name: ensure php5-pgsql is available
+  apt: name=php5-pgsql state=latest
+  notify:
+    - restart zabbix frontend
+  tags:
+    - packages
+    - zabbix
+
+- name: ensure the frontend app got some uwsgi config
+  copy: src=zabbix.ini dest=/etc/uwsgi/apps-available/zabbix.ini
+  notify:
+    - restart zabbix frontend
+  tags:
+    - config
+    - zabbix
+
+- name: ensure a user executing the app exists
+  user: name=zabbix system=yes home=/usr/share/zabbix shell=/usr/sbin/nologin createhome=no group=zabbix state=present
+  notify:
+    - restart zabbix frontend
+  tags:
+    - user
+    - zabbix
+
+- name: ensure an nginx config file is available
+  copy: src=zabbix.conf dest=/etc/nginx/sites-available/zabbix.conf
+  notify:
+    - restart nginx
+  tags:
+    - config
+    - zabbix
+
+- name: ensure the frontend is enabled in nginx
+  lineinfile: dest=/etc/nginx/sites-available/main line="include /etc/nginx/sites-available/zabbix.conf;" insertbefore="}"
+  notify:
+    - restart nginx
+  tags:
+    - config
+    - zabbix
+
+- name: ensure the frontend configuration file is installed
+  template: src=zabbix.conf.php.j2 dest=/etc/zabbix/web/zabbix.conf.php
+  notify:
+    - restart zabbix frontend
+  tags:
+    - config
+    - zabbix
+
+- name: ensure the database server listens on the external interface
+  replace: dest=/etc/postgresql/9.4/main/postgresql.conf regexp="#listen_addresses = 'localhost'" replace="listen_addresses = '*'"
+  notify:
+    - restart postgres
+  delegate_to: "{{ zabbix_db_host }}"
+  tags:
+    - database
+    - zabbix
+
+- name: ensure the database server allows connections from the server
+  lineinfile: dest=/etc/postgresql/9.4/main/pg_hba.conf insertafter="host    all             all             127.0.0.1/32            md5" line="host    {{ zabbix_db_name }}          {{ zabbix_db_user }}          {{ ansible_fqdn }} md5" state=present
+  notify:
+    - restart postgres
+  delegate_to: "{{ zabbix_db_host }}"
+  tags:
+    - database
+    - zabbix
+
+- meta: flush_handlers
 
 - name: ensure the frontend is enabled and running
   service: name=zabbix-frontend state=running enabled=yes
diff --git a/zabbix-frontend/templates/zabbix.conf.php.j2 b/zabbix-frontend/templates/zabbix.conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..445715cc34e0d34f95989cbcca1841d2c750fced
--- /dev/null
+++ b/zabbix-frontend/templates/zabbix.conf.php.j2
@@ -0,0 +1,19 @@
+<?php
+// Zabbix GUI configuration file.
+global $DB;
+
+$DB['TYPE']     = 'POSTGRESQL';
+$DB['SERVER']   = '{{ zabbix_db_host }}';
+$DB['PORT']     = '5432';
+$DB['DATABASE'] = '{{ zabbix_db_name }}';
+$DB['USER']     = '{{ zabbix_db_user }}';
+$DB['PASSWORD'] = '{{ zabbix_db_password }}';
+
+// Schema name. Used for IBM DB2 and PostgreSQL.
+$DB['SCHEMA'] = '';
+
+$ZBX_SERVER      = '{{ zabbix_host }}';
+$ZBX_SERVER_PORT = '10051';
+$ZBX_SERVER_NAME = '{{ zabbix_name }}';
+
+$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;