diff --git a/defaults/main.yml b/defaults/main.yml
index 04cc3a9..a89ac23 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,7 +3,9 @@ resolver:
   - 8.8.4.4
 
 nginx:
-  php: False
-  force_ssl: True
+  monitoring: true
+  serverpki: true
+  php: false
+  force_ssl: true
   upstreams: {}
   vhosts: {}
diff --git a/meta/main.yml b/meta/main.yml
index 6b67d95..3197455 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,4 +1,4 @@
 ---
 dependencies:
-  - { role: monitoring }
-  - { role: pki-server }
+  - { role: monitoring, when: nginx.monitoring }
+  - { role: pki-server, when: nginx.serverpki }
diff --git a/tasks/main.yml b/tasks/main.yml
index 1fdf593..5e058bd 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -73,6 +73,7 @@
     owner: root
     group: root
     mode: 0644
+  when: nginx.monitoring
 
 - name: copy nginx status config
   copy:
diff --git a/tasks/php-fpm.yml b/tasks/php-fpm.yml
index be60a61..4d9b645 100644
--- a/tasks/php-fpm.yml
+++ b/tasks/php-fpm.yml
@@ -18,6 +18,8 @@
     - php-net-ftp
     - php-exif
     - php-gmp
+    - php-zip
+    - php-curl
     # database pdos
     - php-pdo-sqlite
     - php-pdo-pgsql
diff --git a/templates/ssl_files.j2 b/templates/ssl_files.j2
index ff3a80b..a2e65f5 100644
--- a/templates/ssl_files.j2
+++ b/templates/ssl_files.j2
@@ -1,7 +1,10 @@
+{% if nginx.serverpki %}
 # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
 ssl_certificate /etc/ssl/{{ inventory_hostname }}.crt;
 ssl_certificate_key /etc/ssl/private/{{ inventory_hostname }}.key;
-## verify chain of trust of OCSP response using Root CA and Intermediate certs
+{% endif %}
+
+# verify chain of trust of OCSP response using Root CA and Intermediate certs
 ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
 
 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
diff --git a/templates/vhost.j2 b/templates/vhost.j2
index 94699c0..e01c79c 100644
--- a/templates/vhost.j2
+++ b/templates/vhost.j2
@@ -18,7 +18,7 @@ server {
 	{% endif %}
 
 	{% for header in vhost.add_headers|default([]) %}
-	add_header {{ header }} {{ vhost.add_headers[header] }};
+	add_header {{ header }} "{{ vhost.add_headers[header] }}";
 	{% endfor %}
 
 	{% for c in vhost.custom|default([]) %}
@@ -38,6 +38,11 @@ server {
 		proxy_set_header  X-Forwarded-Ssl $https;
 		proxy_set_header  X-Url-Scheme $scheme;
 
+		# Websockets
+		proxy_http_version 1.1;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+
 		# hide downstream headers for security reasons
 		proxy_hide_header X-Powered-By;
 		proxy_hide_header Server;