diff --git a/ansible/host_vars/casey.yml b/ansible/host_vars/casey.yml
index eace308..71f2ddc 100644
--- a/ansible/host_vars/casey.yml
+++ b/ansible/host_vars/casey.yml
@@ -1,3 +1,5 @@
 nebula_is_lighthouse: true
 nebula_listen_port: "{{ nebula_lighthouse_port }}"
 ssh_extra_allowed_users: f2b@{{ nebula.cidr }} f2b@{{ pve_hosts.internal_cidr }}
+
+nginx_https_redirect: true
diff --git a/ansible/host_vars/ingress.yml b/ansible/host_vars/ingress.yml
index 62fa34d..0a60f81 100644
--- a/ansible/host_vars/ingress.yml
+++ b/ansible/host_vars/ingress.yml
@@ -1,2 +1,4 @@
 # Listen on a static port so it can be opened in the firewall
 nebula_listen_port: "{{ nebula_lighthouse_port }}"
+
+nginx_https_redirect: true
diff --git a/ansible/roles/nginx/defaults/main.yml b/ansible/roles/nginx/defaults/main.yml
new file mode 100644
index 0000000..39e84ef
--- /dev/null
+++ b/ansible/roles/nginx/defaults/main.yml
@@ -0,0 +1 @@
+nginx_https_redirect: false
diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml
index f271529..788b317 100644
--- a/ansible/roles/nginx/tasks/main.yml
+++ b/ansible/roles/nginx/tasks/main.yml
@@ -36,3 +36,4 @@
     mode: "0644"
   become: true
   notify: reload nginx
+  when: nginx_https_redirect