diff --git a/roles/service-nginx/files/gzip.conf b/roles/service-nginx/files/gzip.conf
new file mode 100644
index 0000000..849888d
--- /dev/null
+++ b/roles/service-nginx/files/gzip.conf
@@ -0,0 +1,3 @@
+gzip on;
+gzip_types text/css text/plain text/html text/javascript text/xml application/javascript application/xml application/json;
+gzip_min_length 1000;
diff --git a/roles/service-nginx/files/redirect-to-ssl.conf b/roles/service-nginx/files/redirect-to-ssl.conf
new file mode 100644
index 0000000..60245f0
--- /dev/null
+++ b/roles/service-nginx/files/redirect-to-ssl.conf
@@ -0,0 +1 @@
+return 301 https://$server_name$request_uri;
diff --git a/roles/service-nginx/tasks/main.yml b/roles/service-nginx/tasks/main.yml
index f498efd..f9aaec6 100644
--- a/roles/service-nginx/tasks/main.yml
+++ b/roles/service-nginx/tasks/main.yml
@@ -84,14 +84,29 @@
 - name: sync ssl certs
   shell: /etc/cron.daily/ssl_certs
 
-- name: write nginx configuration letsencrypt-acme-challenge.conf
+- name: copy gzip.conf to snippets
+  copy:
+    src: gzip.conf
+    dest: /etc/nginx/snippets/gzip.conf
+    mode: 0644
+    owner: root
+    group: root
+
+- name: copy redirect-to-ssl.conf to snippets
+  copy:
+    src: redirect-to-ssl.conf
+    dest: /etc/nginx/snippets/redirect-to-ssl.conf
+    mode: 0644
+    owner: root
+    group: root
+
+- name: write letsencrypt-acme-challenge.conf to snippets
   template:
     src: letsencrypt-acme-challenge.conf.j2
     dest: /etc/nginx/snippets/letsencrypt-acme-challenge.conf
     mode: 0644
     owner: root
     group: root
-  notify: restart nginx
 
 - name: write nginx configuration nginx.conf
   template: