diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml
index 2321c9d..2ed10ee 100644
--- a/roles/nomad/defaults/main.yml
+++ b/roles/nomad/defaults/main.yml
@@ -260,6 +260,10 @@ nomad_base_services:
     port: 20000:32000
     proto: [tcp,udp]
     src_ip: []
+  jwks_proxy:
+    port: 4545
+    proto: [tcp]
+    src_ip: []
 nomad_extra_services: {}
 nomad_host_services: {}
 nomad_services: "{{ nomad_base_services | combine(nomad_extra_services, recursive=True) | combine(nomad_host_services, recursive=True) }}"
diff --git a/roles/nomad/handlers/main.yml b/roles/nomad/handlers/main.yml
index 76d73eb..058b0fa 100644
--- a/roles/nomad/handlers/main.yml
+++ b/roles/nomad/handlers/main.yml
@@ -11,3 +11,6 @@
 
 - name: restart nomad-vault-agent
   service: name=nomad-vault-agent state=restarted
+
+- name: reload nomad-jwks-proxy
+  service: name=nomad-jwks-proxy state=reloaded
diff --git a/roles/nomad/tasks/conf.yml b/roles/nomad/tasks/conf.yml
index 94631d8..08304e7 100644
--- a/roles/nomad/tasks/conf.yml
+++ b/roles/nomad/tasks/conf.yml
@@ -26,13 +26,31 @@
         cert_path: "{{ nomad_conf.consul.cert_file }}"
         cert_key_path: "{{ nomad_conf.consul.key_file }}"
         cert_key_mode: omit
-      tags: nomad
 
     - name: Check if CA exists
       stat: path={{ nomad_conf.tls.ca_file }}
       register: nomad_consul_ca_file
   tags: nomad
 
+- when: nomad_conf.tls.http and nomad_conf.server.enabled
+  block:
+    - name: Deploy jwks-proxy conf
+      template: src=jwks-proxy.conf.j2 dest={{ nomad_root_dir }}/jwks-proxy/nginx.conf
+      notify: reload nomad-jwks-proxy
+
+    - name: Deploy jwks-proxy unit
+      template: src=jwks-proxy.service.j2 dest=/etc/systemd/system/nomad-jwks-proxy.service
+      register: nomad_jwks_proxy_unit
+
+    - name: Deploy logrotate conf
+      template: src=logrotate.conf.j2 dest=/etc/logrotate.d/nomad-jwks-proxy
+  tags: nomad
+
+- name: Reload systemd
+  systemd: daemon_reload=true
+  when: nomad_jwks_proxy_unit is defined and nomad_jwks_proxy_unit.changed
+  tags: nomad
+
 - name: Copy consul cert as consul CA
   copy: src={{ nomad_conf.consul.cert_file }} dest={{ nomad_conf.consul.ca_file }} remote_src=True
   when: nomad_conf.consul.ca_file is defined and not nomad_consul_ca_file.stat.exists
@@ -138,20 +156,20 @@
   when: nomad_conf.client.enabled and 'docker' in nomad_enabled_task_drivers
   tags: nomad
 
-- name: Set sysctl
-  sysctl:
-    name: "{{ item.key }}"
-    value: "{{ item.val }}"
-    sysctl_file: /etc/sysctl.d/nomad.conf
-    state: "{{ (nomad_conf.client.enabled and 'docker' in nomad_enabled_task_drivers) | ternary('present', 'absent') }}"
-  loop:
-    - key: net.bridge.bridge-nf-call-arptables
-      val: 1
-    - key: net.bridge.bridge-nf-call-ip6tables
-      val: 1
-    - key: net.bridge.bridge-nf-call-iptables
-      val: 1
-  tags: nomad
+#- name: Set sysctl
+#  sysctl:
+#    name: "{{ item.key }}"
+#    value: "{{ item.val }}"
+#    sysctl_file: /etc/sysctl.d/nomad.conf
+#    state: "{{ (nomad_conf.client.enabled and 'docker' in nomad_enabled_task_drivers) | ternary('present', 'absent') }}"
+#  loop:
+#    - key: net.bridge.bridge-nf-call-arptables
+#      val: 1
+#    - key: net.bridge.bridge-nf-call-ip6tables
+#      val: 1
+#    - key: net.bridge.bridge-nf-call-iptables
+#      val: 1
+#  tags: nomad
 
 - name: Deploy Docker auth config
   template: src=docker_auth.json.j2 dest={{ nomad_root_dir }}/docker/auth.json owner={{ nomad_user }} group={{ nomad_user }} mode=600
diff --git a/roles/nomad/tasks/directories.yml b/roles/nomad/tasks/directories.yml
index cd25eb8..ec555e4 100644
--- a/roles/nomad/tasks/directories.yml
+++ b/roles/nomad/tasks/directories.yml
@@ -33,6 +33,11 @@
       owner: root
       mode: 755
     - dir: tls
+    - dir: jwks-proxy
+    - dir: log
+      owner: "{{ nomad_user }}"
+      group: "{{ nomad_user }}"
+      mode: 700
   tags: nomad
 
 - name: Create host_volume directories
diff --git a/roles/nomad/tasks/install.yml b/roles/nomad/tasks/install.yml
index ff3bab8..2960b41 100644
--- a/roles/nomad/tasks/install.yml
+++ b/roles/nomad/tasks/install.yml
@@ -11,6 +11,11 @@
   notify: restart nomad
   tags: nomad
 
+- name: Install server only componenets
+  package: name={{ nomad_server_packages }}
+  when: nomad_conf.server.enabled
+  tags: nomad
+
 - name: Deploy systemd service unit
   template: src=nomad.service.j2 dest=/etc/systemd/system/nomad.service
   register: nomad_unit
diff --git a/roles/nomad/tasks/services.yml b/roles/nomad/tasks/services.yml
index f161d4a..0e3f67d 100644
--- a/roles/nomad/tasks/services.yml
+++ b/roles/nomad/tasks/services.yml
@@ -29,4 +29,9 @@
     - nomad_conf.client.task_drivers.podman.enabled
   tags: nomad
 
-
+- name: Handle jwks-proxy service
+  service:
+    name: nomad-jwks-proxy
+    state: "{{ (nomad_conf.tls.http and nomad_conf.server.enabled) | ternary('started', 'stopped') }}"
+    enabled: "{{ (nomad_conf.tls.http and nomad_conf.server.enabled) | ternary(true, false) }}"
+  tags: nomad
diff --git a/roles/nomad/templates/jwks-proxy.conf.j2 b/roles/nomad/templates/jwks-proxy.conf.j2
new file mode 100644
index 0000000..11c2a52
--- /dev/null
+++ b/roles/nomad/templates/jwks-proxy.conf.j2
@@ -0,0 +1,63 @@
+worker_processes  auto;
+
+error_log  {{ nomad_root_dir }}/log/jwks-proxy-error.log notice;
+pid        /run/nomad/nomad-jwks-proxy.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+  proxy_temp_path {{ nomad_root_dir }}/tmp/proxy_temp;
+  client_body_temp_path {{ nomad_root_dir }}/tmp/client_temp;
+  fastcgi_temp_path {{ nomad_root_dir }}/tmp/fastcgi_temp;
+  uwsgi_temp_path {{ nomad_root_dir }}/tmp/uwsgi_temp;
+  scgi_temp_path {{ nomad_root_dir }}/tmp/scgi_temp;
+
+  include       /etc/nginx/mime.types;
+  default_type  application/octet-stream;
+
+  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+  access_log  {{ nomad_root_dir }}/log/jwks-proxy-access.log  main;
+
+  sendfile        on;
+  #tcp_nopush     on;
+
+  keepalive_timeout  65;
+
+  server {
+    listen {{ nomad_services.jwks_proxy.port }} ssl;
+  
+    proxy_ssl_certificate {{ nomad_conf.tls.cert_file }};
+    proxy_ssl_certificate_key {{ nomad_conf.tls.key_file }};
+    proxy_ssl_verify on;
+    proxy_ssl_name localhost;
+    proxy_ssl_trusted_certificate {{ nomad_conf.tls.ca_file }};
+      
+    ssl_certificate {{ nomad_conf.tls.cert_file }};
+    ssl_certificate_key {{ nomad_conf.tls.key_file }};
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 1h;
+    ssl_session_tickets off;
+    gzip on;
+    gzip_types
+      text/plain;
+    gzip_vary on;
+  
+    server_tokens off;
+  
+    if ($request_method !~ ^(GET|HEAD|OPTIONS)$ ) {
+      return 405;
+    }
+    location /.well-known/jwks.json {
+      proxy_pass https://localhost:{{ nomad_services.http.port }};
+    }
+  }
+}
diff --git a/roles/nomad/templates/jwks-proxy.service.j2 b/roles/nomad/templates/jwks-proxy.service.j2
new file mode 100644
index 0000000..7f4f2bc
--- /dev/null
+++ b/roles/nomad/templates/jwks-proxy.service.j2
@@ -0,0 +1,22 @@
+[Unit]
+Description=Nomad JWKS proxy
+After=syslog.target network-online.target remote-fs.target nss-lookup.target nomad.service
+Wants=network-online.target
+
+[Service]
+Type=simple
+User={{ nomad_user }}
+Group={{ nomad_user }}
+PIDFile=/run/nomad/nomad-jwks-proxy.pid
+ExecStartPre=/sbin/nginx -t -c {{ nomad_root_dir }}/jwks-proxy/nginx.conf -e /dev/null
+ExecStartPre=/bin/rm -f /run/nomad/nomad-jwks-proxy.pid
+ExecStart=/sbin/nginx -c {{ nomad_root_dir }}/jwks-proxy/nginx.conf -g "daemon off;" -e /dev/null
+ExecReload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s QUIT $MAINPID
+PrivateTmp=true
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/nomad/templates/logrotate.conf.j2 b/roles/nomad/templates/logrotate.conf.j2
new file mode 100644
index 0000000..56c4958
--- /dev/null
+++ b/roles/nomad/templates/logrotate.conf.j2
@@ -0,0 +1,12 @@
+{{ nomad_root_dir }}/log/*log {
+    create 0644 {{ nomad_user }} {{ nomad_user }}
+    daily
+    rotate 60
+    missingok
+    notifempty
+    compress
+    sharedscripts
+    postrotate
+        /bin/kill -USR1 `cat {{ nomad_root_dir }}/tmp/nomad-jwks-proxy.pid 2>/dev/null` 2>/dev/null || true
+    endscript
+}
diff --git a/roles/nomad/vars/RedHat.yml b/roles/nomad/vars/RedHat.yml
index 8f7eae8..f829899 100644
--- a/roles/nomad/vars/RedHat.yml
+++ b/roles/nomad/vars/RedHat.yml
@@ -7,6 +7,9 @@ nomad_packages:
   - acl
   - git
 
+nomad_server_packages:
+  - nginx
+
 # Note : there's no package for the Docker driver as it'll pull the docker role already
 nomad_task_driver_packages:
   java: