diff --git a/defaults/main.yml b/defaults/main.yml
index 04cc3a9..a89ac23 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,7 +3,9 @@ resolver:
   - 8.8.4.4
 
 nginx:
-  php: False
-  force_ssl: True
+  monitoring: true
+  serverpki: true
+  php: false
+  force_ssl: true
   upstreams: {}
   vhosts: {}
diff --git a/meta/main.yml b/meta/main.yml
index 6b67d95..3197455 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,4 +1,4 @@
 ---
 dependencies:
-  - { role: monitoring }
-  - { role: pki-server }
+  - { role: monitoring, when: nginx.monitoring }
+  - { role: pki-server, when: nginx.serverpki }
diff --git a/tasks/main.yml b/tasks/main.yml
index 1fdf593..5e058bd 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -73,6 +73,7 @@
     owner: root
     group: root
     mode: 0644
+  when: nginx.monitoring
 
 - name: copy nginx status config
   copy:
diff --git a/templates/ssl_files.j2 b/templates/ssl_files.j2
index ff3a80b..a2e65f5 100644
--- a/templates/ssl_files.j2
+++ b/templates/ssl_files.j2
@@ -1,7 +1,10 @@
+{% if nginx.serverpki %}
 # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
 ssl_certificate /etc/ssl/{{ inventory_hostname }}.crt;
 ssl_certificate_key /etc/ssl/private/{{ inventory_hostname }}.key;
-## verify chain of trust of OCSP response using Root CA and Intermediate certs
+{% endif %}
+
+# verify chain of trust of OCSP response using Root CA and Intermediate certs
 ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
 
 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits