diff --git a/ansible/playbooks/tasks/account_services.yml b/ansible/playbooks/tasks/account_services.yml
index f1ea699..506a293 100644
--- a/ansible/playbooks/tasks/account_services.yml
+++ b/ansible/playbooks/tasks/account_services.yml
@@ -1,2 +1,26 @@
 ---
 # Account Services
+- name: Install packages
+  package:
+    name:
+      - httpd
+      - mod_ssl
+      - python3
+      - python3-setuptools
+      - python3-kdcproxy
+    state: present
+
+- name: Deploy relevant httpd configuration
+  template:
+    src: "etc/httpd/conf.d/id.conf.j2"
+    dest: "/etc/httpd/conf.d/id.conf"
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart_httpd
+
+- name: Enable and start
+  systemd:
+    name: httpd
+    state: running
+    enabled: true
diff --git a/ansible/playbooks/templates/etc/httpd/conf.d/id.conf.j2 b/ansible/playbooks/templates/etc/httpd/conf.d/id.conf.j2
new file mode 100644
index 0000000..bd3f63a
--- /dev/null
+++ b/ansible/playbooks/templates/etc/httpd/conf.d/id.conf.j2
@@ -0,0 +1,48 @@
+WSGIDaemonProcess kdcproxy processes=2 threads=15 maximum-requests=1000 \
+  display-name=%{GROUP}
+WSGIImportScript /usr/lib/python3.6/site-packages/kdcproxy/__init__.py \
+  process-group=kdcproxy application-group=kdcproxy
+WSGIScriptAlias /KdcProxy /usr/lib/python3.6/site-packages/kdcproxy/__init__.py
+WSGIScriptReloading Off
+
+<VirtualHost *:80>
+  ServerName accounts.rockylinux.org
+  ServerAlias accounts.rockylinux.org {{ ansible_fqdn }}
+  RewriteEngine On
+  RewriteCond %{HTTPS}  !=on
+  RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName accounts.rockylinux.org
+  ServerAlias accounts.rockylinux.org {{ ansible_fqdn }}
+  RequestHeader set X-Forwarded-Proto https
+  SSLCertificateFile /etc/pki/tls/certs/noggin.crt
+  SSLCertificateKeyFile /etc/pki/tls/private/noggin.key
+</VirtualHost>
+
+<Location "/">
+  ProxyPreserveHost On
+  ProxyPass http://127.0.0.1:5000/
+  ProxyPassReverse http://127.0.0.1:5000/
+  <RequireAll>
+    Require all granted
+    Include /etc/httpd/conf/blacklist.conf
+  </RequireAll>
+</Location>
+
+<Location "/KdcProxy">
+  Satisfy Any
+  WSGIProcessGroup kdcproxy
+  WSGIApplicationGroup kdcproxy
+  ProxyPass "!"
+  ProxyPassReverse "!"
+  <RequireAll>
+    Require all granted
+    Include /etc/httpd/conf/blacklist.conf
+  </RequireAll>
+</Location>
+
+ServerSignature Off
+ServerTokens Prod
+ErrorDocument 403 "<h3>Your IP is on the blacklist.</h3><p>Please contact <a href="mailto:infrastructure@rockylinux.org">Rocky Linux Staff</a> to see if this can be corrected.</p>"
