diff --git a/ansible/webserver-automation/roles/nginx/templates/nginx-site.conf.j2 b/ansible/webserver-automation/roles/nginx/templates/nginx-site.conf.j2
new file mode 100644
index 0000000..437e49f
--- /dev/null
+++ b/ansible/webserver-automation/roles/nginx/templates/nginx-site.conf.j2
@@ -0,0 +1,48 @@
+# Nginx site configuration for {{ app_name }}
+# Managed by Ansible
+
+server {
+    listen {{ nginx_port }};
+    listen [::]:{{ nginx_port }};
+    
+    server_name {{ server_name }} {{ domain_name }};
+    
+    root {{ app_dir }};
+    index index.html index.htm;
+    
+    # Logging
+    access_log {{ access_log }};
+    error_log {{ error_log }};
+    
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    
+    # Gzip compression
+    {% if gzip_enabled %}
+    gzip on;
+    gzip_vary on;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css application/json application/javascript;
+    {% endif %}
+    
+    # Client settings
+    client_max_body_size {{ client_max_body_size }};
+    
+    location / {
+        try_files $uri $uri/ =404;
+    }
+    
+    # Health check
+    location /health {
+        access_log off;
+        return 200 "healthy\n";
+        add_header Content-Type text/plain;
+    }
+    
+    # Deny hidden files
+    location ~ /\. {
+        deny all;
+    }
+}