diff --git a/roles/dokuwiki/meta/main.yaml b/roles/dokuwiki/meta/main.yaml
index 1d5a598..d0729d8 100644
--- a/roles/dokuwiki/meta/main.yaml
+++ b/roles/dokuwiki/meta/main.yaml
@@ -1,6 +1,4 @@
 ---
 dependencies:
   - role: nginx
-    php: true
-    config_name: "dokuwiki"
-    parent_role_path: "dokuwiki"
+    server_fqdn: "wiki.lilik.it"
diff --git a/roles/dokuwiki/tasks/main.yaml b/roles/dokuwiki/tasks/main.yaml
index 76f9054..e7b9003 100644
--- a/roles/dokuwiki/tasks/main.yaml
+++ b/roles/dokuwiki/tasks/main.yaml
@@ -1,15 +1,23 @@
 ---
 - name: install dokuwiki and associated packages
   apt:
-      name: "{{ item }}"
-      state: present
-      update_cache: yes
-      cache_valid_time: 3600
+    name: "{{ item }}"
+    state: present
+    update_cache: yes
+    cache_valid_time: 3600
   with_items:
-      - dokuwiki
+    - dokuwiki
+
+- name: add nginx configurations
+  template:
+    src: dokuwiki.conf
+    dest: "/etc/nginx/locations/{{ server_fqdn }}/dokuwiki.conf"
+  notify:
+    - restart nginx
+
 - name: Write dokuwiki configuration to local.php
   copy:
     src: dokuwiki.php
     dest: /etc/dokuwiki/local.php
   notify:
-      - restart nginx
+    - restart nginx
diff --git a/roles/dokuwiki/templates/dokuwiki.conf b/roles/dokuwiki/templates/dokuwiki.conf
new file mode 100644
index 0000000..584b8ac
--- /dev/null
+++ b/roles/dokuwiki/templates/dokuwiki.conf
@@ -0,0 +1,24 @@
+{% extends "proxy.conf.nginx.j2" %}
+
+    {% block proxy_conf %}
+        root /usr/share/dokuwiki;
+        index doku.php;
+    
+        location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; }
+        location / { try_files $uri $uri/ @dokuwiki; }
+    
+        location @dokuwiki {
+            rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
+            rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
+            rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
+            rewrite ^/(.*) /doku.php?id=$1&$args last;
+        }
+    
+        location ~ \.php$ {
+            try_files $uri $uri/ /doku.php;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param REDIRECT_STATUS 200;
+            fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+        }
+    {% endblock %}
diff --git a/roles/dokuwiki/templates/dokuwiki.conf.nginx.j2 b/roles/dokuwiki/templates/dokuwiki.conf.nginx.j2
deleted file mode 100644
index 7ea1a33..0000000
--- a/roles/dokuwiki/templates/dokuwiki.conf.nginx.j2
+++ /dev/null
@@ -1,20 +0,0 @@
-    root /usr/share/dokuwiki;
-    index doku.php;
-
-    location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; }
-    location / { try_files $uri $uri/ @dokuwiki; }
-
-    location @dokuwiki {
-        rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
-        rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
-        rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
-        rewrite ^/(.*) /doku.php?id=$1&$args last;
-    }
-
-    location ~ \.php$ {
-        try_files $uri $uri/ /doku.php;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_param REDIRECT_STATUS 200;
-        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
-    }
diff --git a/roles/icinga2/meta/main.yaml b/roles/icinga2/meta/main.yaml
index 6a5a6da..c8cc5df 100644
--- a/roles/icinga2/meta/main.yaml
+++ b/roles/icinga2/meta/main.yaml
@@ -1,7 +1,5 @@
+---
 dependencies:
   - role: nginx
-    php: true
-    parent_role_path: "icinga2"
-    config_name: "icinga2"
     server_fqdn: "status.lilik.it"
   - role: postgresql
diff --git a/roles/icinga2/tasks/main.yaml b/roles/icinga2/tasks/main.yaml
index 2d525f2..fc26e45 100644
--- a/roles/icinga2/tasks/main.yaml
+++ b/roles/icinga2/tasks/main.yaml
@@ -1,3 +1,4 @@
+---
 - name: configure icinga2-ido-pgsql (host)
   debconf:
       name: 'icinga2-ido-pgsql'
@@ -100,3 +101,10 @@
     mode: 0770
   with_items:
     - /etc/icinga2/conf.d/hosts/
+
+- name: add nginx configurations
+  template:
+    src: icinga.conf
+    dest: "/etc/nginx/locations/{{ server_fqdn }}/service.conf"
+  notify:
+    - restart nginx
diff --git a/roles/icinga2/templates/icinga2.conf.nginx.j2 b/roles/icinga2/templates/icinga.conf
similarity index 86%
rename from roles/icinga2/templates/icinga2.conf.nginx.j2
rename to roles/icinga2/templates/icinga.conf
index aaf4fbb..0cb74ff 100644
--- a/roles/icinga2/templates/icinga2.conf.nginx.j2
+++ b/roles/icinga2/templates/icinga.conf
@@ -1,3 +1,6 @@
+{% extends "roles/nginx/templates/service.conf" %}
+
+{% block proxy_conf %}
     location / {
       rewrite ^/$ /icingaweb2 permanent;
     }
@@ -14,3 +17,4 @@
       alias /usr/share/icingaweb2/public;
       try_files $1 $uri $uri/ /icingaweb2/index.php$is_args$args;
     }
+{% endblock %}
diff --git a/roles/login/defaults/main.yaml b/roles/login/defaults/main.yaml
index a6b98fc..fe4c06e 100644
--- a/roles/login/defaults/main.yaml
+++ b/roles/login/defaults/main.yaml
@@ -1 +1,5 @@
+---
 ldap_server: ldap.dmz.lilik
+proxy_location_path: api
+remote_host: "http://localhost:5000"
+server_fqdn: "login.lilik.it"
diff --git a/roles/login/meta/main.yaml b/roles/login/meta/main.yaml
index 3346798..58f7728 100644
--- a/roles/login/meta/main.yaml
+++ b/roles/login/meta/main.yaml
@@ -1,8 +1,4 @@
 ---
 dependencies:
   - role: nginx
-    is_proxy: true
-    config_name: "login"
-    remote_host: "http://localhost:5000"
     server_fqdn: "login.lilik.it"
-    parent_role_path: "login"
diff --git a/roles/login/tasks/main.yaml b/roles/login/tasks/main.yaml
index 76a10fb..2feb07d 100644
--- a/roles/login/tasks/main.yaml
+++ b/roles/login/tasks/main.yaml
@@ -61,6 +61,13 @@
     mode: 0664
     state: file
 
+- name: add nginx configurations
+  template:
+    src: login.conf
+    dest: "/etc/nginx/locations/{{ server_fqdn }}/login.conf"
+  notify:
+    - restart nginx
+
 - name: reload systemd
   systemd:
     daemon_reload: yes
diff --git a/roles/login/templates/login.conf b/roles/login/templates/login.conf
new file mode 100644
index 0000000..2f226c2
--- /dev/null
+++ b/roles/login/templates/login.conf
@@ -0,0 +1,5 @@
+{% extends "roles/nginx/templates/service.conf" %}
+
+{% block extra %}
+    root /srv/login/static;
+{% block extra %}
diff --git a/roles/login/templates/login.conf.nginx.j2 b/roles/login/templates/login.conf.nginx.j2
deleted file mode 100644
index d1c9867..0000000
--- a/roles/login/templates/login.conf.nginx.j2
+++ /dev/null
@@ -1 +0,0 @@
-    rewrite ^/$ /static/index.html permanent;
diff --git a/roles/matrix-synapse/meta/main.yaml b/roles/matrix-synapse/meta/main.yaml
index 7eb9ef5..5204a91 100644
--- a/roles/matrix-synapse/meta/main.yaml
+++ b/roles/matrix-synapse/meta/main.yaml
@@ -1,8 +1,4 @@
 ---
 dependencies:
   - role: nginx
-    is_proxy: true
-    parent_role_path: "matrix-synapse"
-    remote_host: "http://127.0.0.1:8008/_matrix"
-    proxy_location_path: "_matrix"
-    server_fqdn: "{{ ansible_hostname }}.lilik.it"
+    server_fqdn: "matrix.lilik.it"
diff --git a/roles/matrix-synapse/tasks/main.yaml b/roles/matrix-synapse/tasks/main.yaml
index 26d53c4..b1930fc 100644
--- a/roles/matrix-synapse/tasks/main.yaml
+++ b/roles/matrix-synapse/tasks/main.yaml
@@ -1,9 +1,10 @@
+---
 - name: set synapse server name
   debconf:
-      name: 'matrix-synapse'
-      question: 'matrix-synapse/server-name'
-      vtype: 'string'
-      value: '{{ ansible_hostname }}'
+    name: 'matrix-synapse'
+    question: 'matrix-synapse/server-name'
+    vtype: 'string'
+    value: '{{ ansible_hostname }}'
 
 - name: install synapse
   include_role:
@@ -25,7 +26,15 @@
     - /etc/matrix-synapse
     - /etc/matrix-synapse/conf.d
 
-- template:
+- name: upload synapse reverse proxy conf
+  template:
+    src: synapse.conf
+    dest: "/etc/nginx/locations/{{ server_fqdn }}/synapse.conf"
+  notify:
+    - restart nginx
+
+- name: upload synapse conf
+  template:
     src: homeserver.yaml.j2
     dest: /etc/matrix-synapse/homeserver.yaml
   notify: "restart matrix-synapse"
diff --git a/roles/matrix-synapse/templates/synapse.conf b/roles/matrix-synapse/templates/synapse.conf
new file mode 100644
index 0000000..753de47
--- /dev/null
+++ b/roles/matrix-synapse/templates/synapse.conf
@@ -0,0 +1 @@
+{% extends "roles/nginx/templates/service.conf" %}
diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
index d221263..4d5150a 100644
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@@ -1,38 +1,2 @@
 ---
-is_proxy: false
-php: false
-config_name: null
-# max body size in Mb
-max_body_size: 8
 server_fqdn: "{{ ansible_hostname }}.lilik.it"
-proxy_location_path: ''
-
-# Same example usages:
-#
-#   Redirect trakt folder to a proxy on fqdn_domain,
-#   create a location file in /etc/nginx/locations/media.lilik.it/trakt.conf
-#     dependencies:
-#       - role: nginx
-#         is_proxy: true
-#         proxy_location_path: "trakt"
-#         remote_host: "http://localhost:5000"
-#         server_fqdn: "media.lilik.it"
-#         parent_role_path: "trakt"
-#
-#   Serve a location based on role template 'kodi-repository.conf.nginx.j2' on fqdn_domain,
-#   create a location file in /etc/nginx/locations/media.lilik.it/kodi-repository.conf
-#     dependencies:
-#       - role: nginx
-#         config_name: "kodi-repository"
-#         server_fqdn: "{{ fqdn_domain }}"
-#         parent_role_path: "kodi-repository"
-#
-#   Serve a location based on role template 'roundcube.conf.nginx.j2' on fqdn_domain,
-#   create a location file in /etc/nginx/locations/media.lilik.it/roundcube.conf,
-#   serve php file using php pfm
-#     dependencies:
-#       - role: nginx
-#         php: true
-#         config_name: "roundcube"
-#         server_fqdn: "webmail.lilik.it"
-#         parent_role_path: "roundcube"
diff --git a/roles/nginx/tasks/main.yaml b/roles/nginx/tasks/main.yaml
index a2e8764..e41e484 100644
--- a/roles/nginx/tasks/main.yaml
+++ b/roles/nginx/tasks/main.yaml
@@ -1,11 +1,10 @@
 ---
 - include_role:
     name: service
-  # static: yes # see static include issue: https://github.com/ansible/ansible/issues/13485
   vars:
     service_name: nginx
     service_packages:
-        - nginx
+      - nginx
 
 - name: disable nginx default configuration
   file:
@@ -13,27 +12,6 @@
     state: absent
   notify: restart nginx
 
-- name: install php-fpm
-  apt:
-    name: "{{ item }}"
-    state: present
-    update_cache: yes
-    cache_valid_time: 3600
-  with_items:
-      - php-fpm
-  when: php | bool
-  notify:
-      - restart nginx
-
-- name: add timezone to php.ini
-  lineinfile:
-    dest: /etc/php/7.0/fpm/php.ini
-    regexp: '^;?date.timezone ='
-    line: 'date.timezone = Europe/Berlin'
-  when: php | bool
-  notify:
-      - restart nginx
-
 - name: create nginx location configuration directory
   file:
     path: '{{ item }}'
@@ -47,23 +25,10 @@
 
 - name: upload nginx configuration
   template:
-      src: base.j2
-      dest: "/etc/nginx/sites-available/{{ server_fqdn }}.conf"
+    src: base.j2
+    dest: "/etc/nginx/sites-available/{{ server_fqdn }}.conf"
   notify:
-      - restart nginx
-
-# - name: add nginx configurations
-#   template:
-#       src: "roles/{{ parent_role_path }}/templates/{{ item }}.conf.nginx.j2"
-#       dest: /etc/nginx/sites-available/{{ item }}.conf
-#   with_items: "{{ config_names }}"
-#   notify:
-#       - restart nginx
-
-# - name: add proxy to config_names
-#   set_fact:
-#     config_names: "{{ config_names | union( [config_name])}}"
-#   when: is_proxy | bool
+    - restart nginx
 
 - name: create Diffie Hellman exchange parameters
   command: openssl dhparam -out /etc/nginx/dhparam.pem 2048
@@ -73,24 +38,7 @@
 
 - name: enable nginx configurations
   file:
-      src: "/etc/nginx/sites-available/{{ server_fqdn }}.conf"
-      dest: "/etc/nginx/sites-enabled/{{ server_fqdn }}.conf"
-      state: link
-  # with_items: "{{ config_names }}"
+    src: "/etc/nginx/sites-available/{{ server_fqdn }}.conf"
+    dest: "/etc/nginx/sites-enabled/{{ server_fqdn }}.conf"
+    state: link
   notify: restart nginx
-
-- name: upload nginx location configuration from parent role
-  template:
-      src: "roles/{{ parent_role_path }}/templates/{{ config_name }}.conf.nginx.j2"
-      dest: "/etc/nginx/locations/{{ server_fqdn }}/{{ config_name }}.conf"
-  notify:
-      - restart nginx
-  when: 'config_name is not none'
-
-- name: upload nginx location configuration for proxy
-  template:
-      src: proxy.conf.nginx.j2
-      dest: "/etc/nginx/locations/{{ server_fqdn }}/{{ parent_role_path or 'proxy' }}.conf"
-  notify:
-      - restart nginx
-  when: 'is_proxy'
diff --git a/roles/nginx/templates/proxy.conf.nginx.j2 b/roles/nginx/templates/proxy.conf.nginx.j2
deleted file mode 100644
index 797e757..0000000
--- a/roles/nginx/templates/proxy.conf.nginx.j2
+++ /dev/null
@@ -1,11 +0,0 @@
-    location /{{ proxy_location_path }} {
-        client_max_body_size {{ max_body_size }}M;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $http_host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Frame-Options SAMEORIGIN;
-        proxy_pass {{ remote_host }};
-    }
diff --git a/roles/nginx/templates/service.conf b/roles/nginx/templates/service.conf
new file mode 100644
index 0000000..c73a377
--- /dev/null
+++ b/roles/nginx/templates/service.conf
@@ -0,0 +1,20 @@
+{% block proxy_conf %}
+    {#
+        This is the default block that gets included if the
+        child template does not declare a {% block proxy_conf %}
+    #}
+    location /{{ proxy_location_path | default("")}} {
+        client_max_body_size {{ max_body_size | default(8) }}M;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Frame-Options SAMEORIGIN;
+        proxy_pass {{ remote_host | default("http://127.0.0.1:8080") }};
+    }
+{% endblock %}
+
+{% block extra %}
+{% endblock %}
diff --git a/roles/riot-web/defaults/main.yaml b/roles/riot-web/defaults/main.yaml
index 4be912f..14382c7 100644
--- a/roles/riot-web/defaults/main.yaml
+++ b/roles/riot-web/defaults/main.yaml
@@ -1,2 +1,4 @@
 # Based on https://github.com/vector-im/riot-web/releases
-riot_web_version: "v0.12.2"
+---
+riot_web_version: "v0.15.4"
+server_fqdn: "{{ ansible_hostname }}.lilik.it"
diff --git a/roles/riot-web/tasks/main.yaml b/roles/riot-web/tasks/main.yaml
index 97c8b1d..c2dec64 100644
--- a/roles/riot-web/tasks/main.yaml
+++ b/roles/riot-web/tasks/main.yaml
@@ -18,6 +18,13 @@
     owner: www-data
     group: www-data
 
+- template:
+    src: riot.conf
+    dest: "/etc/nginx/locations/{{ server_fqdn }}/riot.conf"
+
+  notify:
+    - restart nginx
+
 - template:
     src: config.json.j2
     dest: "/srv/riot-web/riot-{{ riot_web_version }}/config.json"
diff --git a/roles/riot-web/templates/riot.conf b/roles/riot-web/templates/riot.conf
new file mode 100644
index 0000000..cd7c190
--- /dev/null
+++ b/roles/riot-web/templates/riot.conf
@@ -0,0 +1,7 @@
+{% extends "roles/nginx/templates/service.conf" %}
+
+{% block proxy_conf %}
+location / {
+    root /srv/riot-web/riot-{{ riot_web_version }};
+}
+{% endblock %}
diff --git a/roles/riot-web/templates/riot.conf.nginx.j2 b/roles/riot-web/templates/riot.conf.nginx.j2
deleted file mode 100644
index 054c694..0000000
--- a/roles/riot-web/templates/riot.conf.nginx.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-location / {
-    root /srv/riot-web/riot-{{ riot_web_version }};
-}