diff --git a/defaults/main.yml b/defaults/main.yml
index 4479272..5d94416 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -9,6 +9,7 @@ nginx:
   snakeoil_default: false
   upstreams: {}
   vhosts: {}
+  streams: {}
   maps: {}
   resolver:
     - 8.8.8.8
@@ -44,6 +45,13 @@ nginx_vhosts_defaults:
   hide_proxy_headers: {}
   backend: ~
 
+nginx_streams_defaults:
+  listen:
+    custom: []
+  includes: []
+  proxy_pass: ~
+  proxy_protocol: "off"
+
 nginx_forcessl_vhost:
   "https-redirect":
     listen:
diff --git a/files/config/nginx.conf b/files/config/nginx.conf
index 889052d..b8780cf 100644
--- a/files/config/nginx.conf
+++ b/files/config/nginx.conf
@@ -3,6 +3,7 @@ worker_processes auto;
 pid /run/nginx.pid;
 
 load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
+load_module /usr/lib/nginx/modules/ngx_stream_module.so;
 
 events {
 	use epoll;
@@ -36,3 +37,8 @@ http {
 	##
 	include /etc/nginx/sites-enabled/*;
 }
+
+stream {
+	include /etc/nginx/conf.d/upstreams.conf;
+	include /etc/nginx/streams/*;
+}
diff --git a/tasks/main.yml b/tasks/main.yml
index 2191a57..5a05673 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -22,6 +22,7 @@
     pkg:
       - nginx
       - libnginx-mod-http-headers-more-filter
+      - libnginx-mod-stream
       - goaccess
   notify:
   - delete nginx index.nginx-debian.html
@@ -83,6 +84,17 @@
   notify:
   - restart nginx
 
+- name: create and enable nginx streams
+  template:
+    src: stream.conf.j2
+    dest: "/etc/nginx/streams/{{ item.key }}"
+    owner: root
+    group: root
+    mode: 0644
+  with_dict: "{{ {}|combine(nginx.streams, recursive=True) }}"
+  notify:
+  - restart nginx
+
 - name: delete nginx default config
   file: path=/etc/nginx/sites-enabled/default state=absent
 
diff --git a/templates/stream.conf.j2 b/templates/stream.conf.j2
new file mode 100644
index 0000000..f5cb28c
--- /dev/null
+++ b/templates/stream.conf.j2
@@ -0,0 +1,22 @@
+#jinja2:lstrip_blocks: True
+{% set stream = {}|combine(nginx_streams_defaults, item.value, recursive=True) %}
+{% set stream_name = item.key %}
+
+server {
+
+	{% for i in stream.listen.custom %}
+	listen {{ i }};
+	{% endfor %}
+
+	proxy_pass {{ stream.proxy_pass }};
+	proxy_protocol {{ stream.proxy_protocol }};
+
+	{% for c in stream.custom|default([]) %}
+	{{ c }};
+	{% endfor %}
+
+	{% for include in stream.includes %}
+	include {{ include }};
+	{% endfor %}
+
+}