diff --git a/group_vars/galene.yml b/group_vars/galene.yml
new file mode 100644
index 0000000000000000000000000000000000000000..fa988fbccdbb5f18047acfedb647fdab4fa8a5e4
--- /dev/null
+++ b/group_vars/galene.yml
@@ -0,0 +1,28 @@
+---
+service_nginx:
+  service_name: galene
+  servers:
+    - ssl: crans.org
+      default: true
+      server_name:
+        - "galene.crans.org"
+      locations:
+        - filter: "/"
+          params:
+            - "include /etc/nginx/snippets/options-proxypass.conf"
+            - "proxy_pass http://localhost:8443"
+
+    - ssl: crans.org
+      server_name:
+        - "neree.crans.org"
+      root: "/var/www/galene-stream-frontend/static"
+      locations:
+        - filter: "~ ^/(ws|public-groups.json)"
+          params:
+            - "include /etc/nginx/snippets/options-proxypass.conf"
+            - "proxy_pass http://localhost:8443"
+
+        - filter: "~ ^\\/(?!.*\\.\\.)[^/]+$"
+          params:
+            - " add_header Content-Security-Policy \"connect-src ws: wss: 'self'; img-src data: 'self'; media-src blob: 'self'; default-src 'self';\""
+            - "try_files $uri /galene.html =404"