diff --git a/CHANGELOG.md b/CHANGELOG.md
index e2b758ef..5410101d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 
 ### Added
 
+* boost-proxy: new role, extracted from internal use, to make a Boost server
 * evolinux-base: replace regular kernel by cloud kernel on virtual servers
 * nagios-nrpe: check_haproxy_stats supports DRAIN status
 * lxc-php: set php-fpm umask to 007
diff --git a/boost-proxy/defaults/main.yml b/boost-proxy/defaults/main.yml
new file mode 100644
index 00000000..290a8a8f
--- /dev/null
+++ b/boost-proxy/defaults/main.yml
@@ -0,0 +1,17 @@
+---
+boost_sysctl_config: []
+boost_sysctl_file_path: /etc/sysctl.d/boost.conf
+boost_allow_root_ssh_between_servers: False
+
+boost_sites_enabled: []
+boost_sites_enabled_for_all: []
+boost_sites_enabled_for_group: []
+boost_sites_enabled_for_host: []
+
+other_servers_from_group_ips: []
+
+boost_validate_haproxy: True
+boost_validate_varnish: True
+
+boost_haproxy_check_url: "/haproxycheck"
+boost_varnish_check_url: "/varnishcheck"
\ No newline at end of file
diff --git a/boost-proxy/handlers/main.yml b/boost-proxy/handlers/main.yml
new file mode 100644
index 00000000..65f621cb
--- /dev/null
+++ b/boost-proxy/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: reload sshd
+  service:
+    name: ssh
+    state: reloaded
diff --git a/boost-proxy/tasks/haproxy.yml b/boost-proxy/tasks/haproxy.yml
new file mode 100644
index 00000000..f1d709ed
--- /dev/null
+++ b/boost-proxy/tasks/haproxy.yml
@@ -0,0 +1,57 @@
+---
+
+- name: URL for HAProxy admin page is on default page
+  lineinfile:
+    path: "/var/www/index.html"
+    line: '            <li><a href="{{ haproxy_stats_external_url }}">HAProxy</a></li>'
+    regexp: '>HAProxy<'
+    insertafter: ">Stats système<"
+  tags:
+    - haproxy
+    - config
+
+- name: HAproxy run directory in chroot
+  file:
+    dest: "/var/lib/haproxy/run"
+    owner: root
+    group: root
+    mode: "0755"
+    state: directory
+  tags:
+    - haproxy
+    - config
+
+- name: HAproxy errors directory is present
+  file:
+    dest: "/etc/haproxy/errors"
+    owner: root
+    group: root
+    mode: "0755"
+    state: directory
+  tags:
+    - haproxy
+    - config
+    - update-config
+
+- name: Maintenance file is present
+  copy:
+    src: "templates/haproxy/maintenance.http"
+    dest: /etc/haproxy/errors/maintenance.http
+    mode: "0644"
+  notify: reload haproxy
+  tags:
+    - haproxy
+    - config
+    - update-config
+
+- name: 2048 bits DHparam file is present
+  get_url:
+    url: https://ssl-config.mozilla.org/ffdhe2048.txt
+    dest: /etc/ssl/dhparam-haproxy
+    mode: '0600'
+    owner: root
+    group: root
+    force: no
+  tags:
+    - haproxy
+    - config
diff --git a/boost-proxy/tasks/main.yml b/boost-proxy/tasks/main.yml
new file mode 100644
index 00000000..9587705e
--- /dev/null
+++ b/boost-proxy/tasks/main.yml
@@ -0,0 +1,48 @@
+---
+
+#######################
+# System configuration
+#######################
+
+# Merge variables from group_vars and host_vars
+- set_fact:
+    boost_sites_enabled: "{{ boost_sites_enabled_for_all | union(boost_sites_enabled_for_group) | union(boost_sites_enabled_for_host) | unique }}"
+  tags: always
+
+- debug:
+    var: boost_sites_enabled
+  tags: always
+
+- include: haproxy.yml
+
+- include: sshd.yml
+
+- include: sysctl.yml
+
+######################
+# Sites configuration
+######################
+
+- include_tasks: sites.yml
+
+#################
+# external roles
+#################
+
+- import_role:
+    name: haproxy
+
+- import_role:
+    name: varnish
+
+- import_role:
+    name: nginx
+
+- import_role:
+    name: certbot
+
+##############
+# validations
+##############
+
+- include_tasks: validate.yml
diff --git a/boost-proxy/tasks/sites.yml b/boost-proxy/tasks/sites.yml
new file mode 100644
index 00000000..d0702cf0
--- /dev/null
+++ b/boost-proxy/tasks/sites.yml
@@ -0,0 +1,172 @@
+---
+
+# HAProxy
+
+- name: Create sites parent directory
+  file:
+    dest: "/etc/haproxy/sites"
+    owner: root
+    group: root
+    mode: "0755"
+    state: directory
+  tags:
+    - haproxy
+    - config
+    - update-config
+
+- name: Create sites directories
+  file:
+    dest: "/etc/haproxy/sites/{{ item }}"
+    owner: root
+    group: root
+    mode: "0755"
+    state: directory
+  loop: "{{ boost_sites_enabled }}"
+  tags:
+    - haproxy
+    - config
+    - update-config
+
+- name: Copy maintenance page
+  template:
+    src: "{{ lookup('first_found', file) }}"
+    dest: "/etc/haproxy/sites/{{ site }}/maintenance.http"
+    owner: root
+    group: root
+    mode: "0644"
+  vars:
+    file:
+      - "templates/boost-sites/{{ site }}/haproxy/maintenance.http"
+      - "templates/haproxy/maintenance.http"
+  loop: "{{ boost_sites_enabled }}"
+  loop_control:
+    loop_var: site
+  tags:
+    - haproxy
+    - config
+    - update-config
+
+- name: Copy 503 page
+  template:
+    src: "{{ lookup('first_found', file, errors='ignore') }}"
+    dest: "/etc/haproxy/sites/{{ site }}/503.http"
+    owner: root
+    group: root
+    mode: "0644"
+  vars:
+    file:
+      - "templates/boost-sites/{{ site }}/haproxy/503.http"
+      - "templates/haproxy/503.http"
+  loop: "{{ boost_sites_enabled }}"
+  loop_control:
+    loop_var: site
+  tags:
+    - haproxy
+    - config
+    - update-config
+
+- name: Copy 502 page
+  template:
+    src: "{{ lookup('first_found', file, errors='ignore') }}"
+    dest: "/etc/haproxy/sites/{{ site }}/502.http"
+    owner: root
+    group: root
+    mode: "0644"
+  vars:
+    file:
+      - "templates/boost-sites/{{ site }}/haproxy/502.http"
+      - "templates/haproxy/503.http"
+  loop: "{{ boost_sites_enabled }}"
+  loop_control:
+    loop_var: site
+  tags:
+    - haproxy
+    - config
+    - update-config
+
+- name: Copy 500 page
+  template:
+    src: "{{ lookup('first_found', file) }}"
+    dest: "/etc/haproxy/sites/{{ site }}/500.http"
+    owner: root
+    group: root
+    mode: "0644"
+  vars:
+    file:
+      - "templates/boost-sites/{{ site }}/haproxy/500.http"
+      - "templates/haproxy/500.http"
+  loop: "{{ boost_sites_enabled }}"
+  loop_control:
+    loop_var: site
+  tags:
+    - haproxy
+    - config
+    - update-config
+
+- name: Copy 403 page
+  template:
+    src: "{{ lookup('first_found', file) }}"
+    dest: "/etc/haproxy/sites/{{ site }}/403.http"
+    owner: root
+    group: root
+    mode: "0644"
+  vars:
+    file:
+      - "templates/boost-sites/{{ site }}/haproxy/403.http"
+      - "templates/haproxy/403.http"
+  loop: "{{ boost_sites_enabled }}"
+  loop_control:
+    loop_var: site
+  tags:
+    - haproxy
+    - config
+    - update-config
+
+- name: Copy 404 page
+  template:
+    src: "{{ lookup('first_found', file) }}"
+    dest: "/etc/haproxy/sites/{{ site }}/404.http"
+    owner: root
+    group: root
+    mode: "0644"
+  vars:
+    file:
+      - "templates/boost-sites/{{ site }}/haproxy/404.http"
+      - "templates/haproxy/404.http"
+  loop: "{{ boost_sites_enabled }}"
+  loop_control:
+    loop_var: site
+  tags:
+    - haproxy
+    - config
+    - update-config
+
+# Varnish
+
+- name: Create sites parent directory
+  file:
+    dest: "/etc/varnish/sites"
+    owner: root
+    group: root
+    mode: "0755"
+    state: directory
+  tags:
+    - varnish
+    - config
+    - update-config
+
+- name: Copy sites custom VCL
+  template:
+    src: "templates/boost-sites/{{ site }}/varnish/default.vcl.j2"
+    dest: "/etc/varnish/sites/{{ site }}.vcl"
+    owner: root
+    group: root
+    mode: "0644"
+  loop: "{{ boost_sites_enabled }}"
+  loop_control:
+    loop_var: site
+  notify: reload varnish
+  tags:
+    - varnish
+    - config
+    - update-config
diff --git a/boost-proxy/tasks/sshd.yml b/boost-proxy/tasks/sshd.yml
new file mode 100644
index 00000000..7b79875d
--- /dev/null
+++ b/boost-proxy/tasks/sshd.yml
@@ -0,0 +1,27 @@
+---
+
+- name: "root can connect over SSH from other servers"
+  blockinfile:
+    dest: /etc/ssh/sshd_config
+    marker: "# {mark} ROOT AUTHORIZATION"
+    block: |
+      Match User root Address {{ other_servers_from_group_ips | join(',') }}
+          AllowGroups root
+          PubkeyAuthentication yes
+          PasswordAuthentication no
+          PermitRootLogin without-password
+    state: present
+  notify: reload sshd
+  when: (boost_allow_root_ssh_between_servers | bool) and (other_servers_from_group_ips | length > 0)
+  tags:
+    - ssh
+
+- name: "root can connect over SSH from other servers"
+  blockinfile:
+    dest: /etc/ssh/sshd_config
+    marker: "# {mark} ROOT AUTHORIZATION"
+    state: absent
+  notify: reload sshd
+  when: not (boost_allow_root_ssh_between_servers | bool) or (other_servers_from_group_ips | length <= 0)
+  tags:
+    - ssh
diff --git a/boost-proxy/tasks/sysctl.yml b/boost-proxy/tasks/sysctl.yml
new file mode 100644
index 00000000..517341b1
--- /dev/null
+++ b/boost-proxy/tasks/sysctl.yml
@@ -0,0 +1,12 @@
+---
+
+- name: Boost optimization for sysctl
+  sysctl:
+    sysctl_file: "{{ boost_sysctl_file_path }}"
+    name: "{{ item.key }}"
+    value: "{{ item.value }}"
+    reload: yes
+    sysctl_set: yes
+  loop: "{{ boost_sysctl_config }}"
+  tags:
+    - sysctl
\ No newline at end of file
diff --git a/boost-proxy/tasks/validate.yml b/boost-proxy/tasks/validate.yml
new file mode 100644
index 00000000..f3cac559
--- /dev/null
+++ b/boost-proxy/tasks/validate.yml
@@ -0,0 +1,24 @@
+---
+
+
+- name: check if HAProxy configuration is valid
+  shell:
+    cmd: "haproxy -c -f /etc/haproxy/haproxy.cfg"
+  changed_when: false
+  check_mode: no
+  register: haproxy_validate
+  when: boost_validate_haproxy
+  tags:
+    - always
+
+- name: check if Varnish configuration is valid
+  shell:
+    cmd: "sudo -u vcache TMPDIR={{ varnish_tmp_dir }} varnishd -C -f /etc/varnish/default.vcl > /dev/null"
+  args:
+    warn: False
+  changed_when: false
+  check_mode: no
+  register: varnish_validate
+  when: boost_validate_varnish
+  tags:
+    - always
\ No newline at end of file