diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 3e3d39b..21a2d40 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -9,6 +9,21 @@ packages_common:
   - 'wget'
   - 'zip'
 
+# common apache config
+apache_listen_ip: '*'
+apache_listen_port: 80
+# merge apache config arrays
+apache_mods_enabled: >-
+  {{
+    (apache_mods_enabled_gitea | default([]))
+    + (apache_mods_enabled_munin | default([]))
+  }}
+apache_vhosts: >-
+  {{
+    (apache_vhosts_gitea | default([]))
+    + (apache_vhosts_munin | default([]))
+  }}
+
 munin_node_allowed_ips:
   - '^10\.7\.10\.95$'
   - '^127\.0\.0\.1$'
diff --git a/inventory/group_vars/gitea_servers.yml b/inventory/group_vars/gitea_servers.yml
index c2555b3..6231997 100644
--- a/inventory/group_vars/gitea_servers.yml
+++ b/inventory/group_vars/gitea_servers.yml
@@ -16,6 +16,20 @@ gitea_require_signin: False
 gitea_enable_push_create_org: True
 gitea_enable_push_create_user: True
 
+# Apache reverse proxy config
+apache_mods_enabled_gitea:
+  - proxy
+  - proxy_http
+  - rewrite
+  - headers
+apache_vhosts_gitea:
+  - servername: git.metaunix.net
+    documentroot: /var/www/html
+    extra_parameters: |
+      ProxyPreserveHost On
+      ProxyPass / http://127.0.0.1:3000/
+      ProxyPassReverse / http://127.0.0.1:3000/
+
 # Nginx reverse proxy config
 nginx_worker_processes: "{{ ansible_processor_vcpus|default(ansible_processor_count) }}"
 nginx_worker_connections: '1024'
diff --git a/inventory/group_vars/munin_masters.yml b/inventory/group_vars/munin_masters.yml
index d99ea0d..62bf089 100644
--- a/inventory/group_vars/munin_masters.yml
+++ b/inventory/group_vars/munin_masters.yml
@@ -1,5 +1,27 @@
 ---
 
+# Apache frontend configs
+apache_mods_enabled_munin:
+  - proxy
+  - proxy_http
+  - cgi
+  - rewrite
+  - headers
+apache_vhosts_munin:
+  - servername: munin.metaunix.net
+    documentroot: /var/cache/munin/www
+    extra_parameters: |
+      ScriptAlias /munin-cgi/ /usr/lib/munin/cgi/
+
+      <Directory "/usr/lib/munin/cgi">
+          Options ExecCGI
+          Require all granted
+      </Directory>
+
+      <Directory "/var/cache/munin/www">
+          Require all granted
+      </Directory>
+
 munin_local_conf_remove: True
 munin_html_strategy: 'cgi'
 munin_graph_strategy: 'cgi'
diff --git a/playbooks/apache.yml b/playbooks/apache.yml
new file mode 100644
index 0000000..3852a9f
--- /dev/null
+++ b/playbooks/apache.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Install Apache
+  hosts:
+    - gitea_servers
+    - munin_masters
+  become: True
+
+  roles:
+    - geerlingguy.apache
diff --git a/playbooks/nginx.yml b/playbooks/nginx.yml
index b275d75..2fee1fa 100644
--- a/playbooks/nginx.yml
+++ b/playbooks/nginx.yml
@@ -1,9 +1,7 @@
 ---
 
 - name: Install Nginx
-  hosts:
-    - gitea_servers
-    - munin_masters
+  hosts: web_servers
   become: True
 
   roles:
diff --git a/playbooks/site.yml b/playbooks/site.yml
index c7f586a..d320f33 100644
--- a/playbooks/site.yml
+++ b/playbooks/site.yml
@@ -6,5 +6,6 @@
 - import_playbook: packages.yml
 - import_playbook: munin.yml
 - import_playbook: gitea.yml
+- import_playbook: apache.yml
 - import_playbook: nginx.yml
 - import_playbook: dev.yml
diff --git a/requirements.yml b/requirements.yml
index 69d54ac..6a7696c 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -5,6 +5,8 @@ collections:
 roles:
   - src: arillso.sudoers
     version: 2.3.0
+  - src: geerlingguy.apache
+    version: 4.2.0
   - src: geerlingguy.git
     version: 3.0.1
   - src: geerlingguy.munin