diff --git a/.gitignore b/.gitignore
index 48943b8dc02dcc232631280117b5fe505304f38e..3f2c88db2a7d0aa3bce662ce0f26e203c3e54d1b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ releases/*
 contract/*
 paquerette_utils.conf.yml
 hz_token
+public/
 
 # IDE
 .idea
diff --git a/roles/site_static/README.md b/roles/site_static/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..fb44487fd8009c16b1a24eb8498b25fd01beb617
--- /dev/null
+++ b/roles/site_static/README.md
@@ -0,0 +1,37 @@
+# site_statitque
+
+Installation d'un environement pour servir un site statique
+
+## Files created
+
+- `/etc/letsencrypt/live/{{ app_domain }}/` : certificats lets encrypt
+- `{{ app_instance_www_root}} : dossier servi par nginx
+- `/mnt/vdb/log/nginx/{{ app_instance_id }}` : fichier de log nginx
+- `/etc/nginx/sites-available/{{ app_instance_id }}.conf : fichier de conf nginx
+- `/etc/nginx/sites-enabled/{{ app_instance_id }}.conf : lien symbolique fichier de conf nginx
+
+## Files modified
+
+## Role dependency
+
+- _letsencrypt_certificate
+
+## Variables
+
+### Default
+ - app_instance_root: "{{ www_root }}/{{ app_instance_id }}"
+ - app_instance_www_root: "{{ app_instance_root }}"
+ 
+
+### host_vars
+ 
+ - app_domain
+ - app_instance_id 
+ - site_src
+
+## Custom instructions
+
+
+## Limitations and improvements
+
+ - [ ] add brotli compression
diff --git a/roles/site_static/defaults/main.yml b/roles/site_static/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b67875c02c838f7cebfb96e4ee2ebb192a9d034a
--- /dev/null
+++ b/roles/site_static/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+# defaults file for site_static
+app_instance_root: "{{ www_root }}/{{ app_instance_id }}"
+app_instance_www_root: "{{ app_instance_root }}"
+site_src: public
diff --git a/roles/site_static/handlers/main.yml b/roles/site_static/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5d62aff8ed98dc91dd3beaa95b975b9ea51e9761
--- /dev/null
+++ b/roles/site_static/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+# handlers file for site_static
+# handlers file for rustform
+
+- name: reload nginx
+  service: name=nginx state=reloaded
+
diff --git a/roles/site_static/meta/main.yml b/roles/site_static/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c572acc9f8b466bea50f2799b0ca1956418b862c
--- /dev/null
+++ b/roles/site_static/meta/main.yml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/roles/site_static/tasks/install.yml b/roles/site_static/tasks/install.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ecec913029da53537f81f996132494475b56c7cf
--- /dev/null
+++ b/roles/site_static/tasks/install.yml
@@ -0,0 +1,35 @@
+---
+
+- name: create directory
+  file:
+    path: "{{ app_instance_www_root }}"
+    state: directory
+
+- name: Create LetsEncrypt certificate
+  import_role:
+    name: _letsencrypt_certificate
+
+- name: Copy site from the Tower
+  copy: 
+    src: "{{ site_src }}"
+    dest: "{{ app_instance_www_root }}"
+    remote_src: false
+   
+- name: create log dir
+  file:
+   state: directory
+   path: "/mnt/vdb/log/nginx/{{ app_instance_id }}"
+                              
+- name: nginx configuration
+  template:
+    src: nginx.j2
+    dest: "/etc/nginx/sites-available/{{ app_instance_id }}.conf"
+
+- name: "enable site for {{ app_domain }}"
+  file:
+    state: link
+    path: "/etc/nginx/sites-enabled/{{ app_instance_id }}.conf"
+    src: "/etc/nginx/sites-available/{{ app_instance_id }}.conf"
+  notify: reload nginx
+
+
diff --git a/roles/site_static/tasks/main.yml b/roles/site_static/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..183982951e6b95eefa7ff62b20ef41d5c29c9250
--- /dev/null
+++ b/roles/site_static/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+# tasks file for site_static
+- import_tasks: install.yml
+  when: app_run in ['install', 'reinstall']
+
+- import_tasks: upgrade.yml
+  when: app_run == 'upgrade'
+
+- import_tasks: uninstall.yml
+  when: app_run == 'uninstall'
\ No newline at end of file
diff --git a/roles/site_static/tasks/uninstall.yml b/roles/site_static/tasks/uninstall.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/roles/site_static/tasks/update.yml b/roles/site_static/tasks/update.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/roles/site_static/tasks/upgrade.yml b/roles/site_static/tasks/upgrade.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/roles/site_static/templates/nginx.j2 b/roles/site_static/templates/nginx.j2
new file mode 100644
index 0000000000000000000000000000000000000000..d697708d1788a04ae5f4642aac3dbf2b43b84be0
--- /dev/null
+++ b/roles/site_static/templates/nginx.j2
@@ -0,0 +1,70 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{ app_domain | mandatory }};
+    # enforce https
+    return 301 https://$server_name$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name {{ app_domain | mandatory }};
+
+    ssl_certificate /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ app_domain }}/privkey.pem;
+
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Robots-Tag none;
+    add_header X-Download-Options noopen;
+    add_header X-Permitted-Cross-Domain-Policies none;
+    add_header Strict-Transport-Security "max-age=15768000";
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+    add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
+     
+
+    root {{ app_instance_www_root }}/public;
+
+    access_log {{ www_log | mandatory }}/{{ app_instance_id }}/access.log;
+    error_log {{ www_log | mandatory }}/{{ app_instance_id }}/error.log;
+
+    index index.html;
+
+    location = /favicon.ico { # Optional
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt { # Optional
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~* \.(png|jpg|jpeg|gif|ico)$ {  # Optional
+        expires max;
+        log_not_found off;
+    }
+    
+    location / {
+        # improve performance for static content inspired by
+        # https://docs.nginx.com/nginx/admin-guide/web-server/serving-static-content/
+        sendfile           on;
+        sendfile_max_chunk 2m;
+        tcp_nopush on;
+        # compression
+        # Enable gzip but do not remove ETag headers
+        gzip on;
+        gzip_vary on;
+        gzip_comp_level 4;
+        gzip_min_length 256;
+        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;                                                                    
+
+        expires 7d;
+    }
+}
diff --git a/roles/site_static/vars/main.yml b/roles/site_static/vars/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e2fb1aadfe902a24f99d99d3d32ff51922c5f2c7
--- /dev/null
+++ b/roles/site_static/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for site_static