diff --git a/group_vars/unifi-test.yml b/group_vars/unifi-test.yml
new file mode 100644
index 0000000..e1972ea
--- /dev/null
+++ b/group_vars/unifi-test.yml
@@ -0,0 +1 @@
+unifi_server_name: '{{ ansible_fqdn }}'
diff --git a/group_vars/unifi/main.yml b/group_vars/unifi/main.yml
index e4535b2..9f13b9a 100644
--- a/group_vars/unifi/main.yml
+++ b/group_vars/unifi/main.yml
@@ -1,4 +1,8 @@
-nginx_redirect_http_https: true
+unifi_server_name: unifi.pyrocufflink.blue
+unifi_caddy_acme:
+  email: unifi@pyrocufflink.net
+  url: https://ca.pyrocufflink.blue/acme/acme/directory
+
 unifi_exporter_site: Pyrocufflink
 unifi_exporter_username: prometheus
 unifi_exporter_password: !vault |
diff --git a/roles/unifi/tasks/deploy.yml b/roles/unifi/tasks/deploy.yml
index e93c8f1..149abc2 100644
--- a/roles/unifi/tasks/deploy.yml
+++ b/roles/unifi/tasks/deploy.yml
@@ -30,23 +30,12 @@
   tags:
   - firewalld
 
-- name: ensure nginx is configured to proxy for unifi
+- name: ensure caddy is configured to proxy for unifi
   template:
-    src: unifi.nginx.conf.j2
-    dest: /etc/nginx/default.d/unifi.conf
-    mode: u=rw,go=r
+    src: unifi.caddyfile.j2
+    dest: /etc/caddy/Caddyfile.d/unifi.caddyfile
     owner: root
     group: root
+    mode: u=rw,go=r
   notify:
-  - reload nginx
-  tags:
-  - nginx
-
-- name: ensure selinux allows nginx to proxy for unifi
-  seboolean:
-    name: httpd_can_network_connect
-    persistent: true
-    state: true
-  tags:
-  - nginx
-  - selinux
+  - reload caddy
diff --git a/roles/unifi/templates/unifi.caddyfile.j2 b/roles/unifi/templates/unifi.caddyfile.j2
new file mode 100644
index 0000000..821f0ec
--- /dev/null
+++ b/roles/unifi/templates/unifi.caddyfile.j2
@@ -0,0 +1,13 @@
+{{ unifi_server_name }} {
+    reverse_proxy localhost:8443 {
+        transport http {
+            tls_insecure_skip_verify
+        }
+    }
+{% if unifi_caddy_acme|d %}
+
+    tls {{ unifi_caddy_acme.email }} {
+        ca {{ unifi_caddy_acme.url }}
+    }
+{% endif %}
+}
diff --git a/roles/unifi/templates/unifi.nginx.conf.j2 b/roles/unifi/templates/unifi.nginx.conf.j2
deleted file mode 100644
index ddc1c54..0000000
--- a/roles/unifi/templates/unifi.nginx.conf.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-location / {
-    proxy_pass https://127.0.0.1:8443/;
-    proxy_ssl_verify off;
-    client_max_body_size 50m;
-    proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-}
diff --git a/unifi.yml b/unifi.yml
index 2055592..4d23a37 100644
--- a/unifi.yml
+++ b/unifi.yml
@@ -1,5 +1,6 @@
 - hosts: unifi
   roles:
-  - role: nginx
-    tags: nginx
+  - role: caddy
+    tags: caddy
   - role: unifi
+    tags: unifi