diff --git a/ftp.yml b/ftp.yml
new file mode 100644
index 0000000..ddff52f
--- /dev/null
+++ b/ftp.yml
@@ -0,0 +1,4 @@
+- hosts: ftpservers
+  diff: yes
+  roles:
+      - ftp
diff --git a/production/hosts b/production/hosts
index 17adb45..06a72c4 100644
--- a/production/hosts
+++ b/production/hosts
@@ -93,3 +93,6 @@ muse-macbookair.lan
 
 [unifiservers]
 unifi.dmz.mateu.be
+
+[ftpservers]
+ftp.dmz.mateu.be
diff --git a/roles/firewall/templates/firewall.j2 b/roles/firewall/templates/firewall.j2
index e10f12c..19568c6 100644
--- a/roles/firewall/templates/firewall.j2
+++ b/roles/firewall/templates/firewall.j2
@@ -499,6 +499,16 @@ config rule
 	option dest_port '123'
 	option target 'ACCEPT'
 
+# FTP
+config rule
+	option name 'Allow-OUTPUT-FTP'
+	option src 'iot'
+	list proto 'tcp'
+	option dest 'dmz'
+	option dest_ip '{{ hostvars['ftp.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_port '21 10100-10110'
+	option target 'ACCEPT'
+
 ## Default configuration
 config defaults
 	option syn_flood '1'
diff --git a/roles/ftp/files/vsftpd.conf b/roles/ftp/files/vsftpd.conf
new file mode 100644
index 0000000..31b889c
--- /dev/null
+++ b/roles/ftp/files/vsftpd.conf
@@ -0,0 +1,20 @@
+listen=NO
+listen_ipv6=YES
+anonymous_enable=YES
+local_enable=NO
+write_enable=YES
+anon_upload_enable=YES
+anon_mkdir_write_enable=YES
+anon_other_write_enable=YES
+dirmessage_enable=YES
+use_localtime=YES
+xferlog_enable=YES
+connect_from_port_20=YES
+secure_chroot_dir=/var/run/vsftpd/empty
+pam_service_name=vsftpd
+utf8_filesystem=YES
+no_anon_password=YES
+anon_root=/srv/ftp
+pasv_enable=YES
+pasv_min_port=10100
+pasv_max_port=10110
diff --git a/roles/ftp/handlers/main.yml b/roles/ftp/handlers/main.yml
new file mode 100644
index 0000000..1e440b1
--- /dev/null
+++ b/roles/ftp/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart vsftpd
+  service:
+    name: vsftpd
+    state: restarted
diff --git a/roles/ftp/tasks/main.yml b/roles/ftp/tasks/main.yml
new file mode 100644
index 0000000..dc77114
--- /dev/null
+++ b/roles/ftp/tasks/main.yml
@@ -0,0 +1,25 @@
+- name: Install vsftpd
+  package:
+    name: vsftpd
+    state: present
+
+- name: Create ftp directory
+  file:
+      path: /srv/ftp
+      state: directory
+
+- name: Create upload directory
+  file:
+      path: /srv/ftp/upload
+      owner: ftp
+      group: root
+      state: directory
+
+- name: Config vsftpd
+  copy:
+    src: files/vsftpd.conf
+    dest: /etc/vsftpd.conf
+    owner: root
+    group: root
+  notify: restart vsftpd
+
diff --git a/roles/x509/tasks/main.yml b/roles/x509/tasks/main.yml
index 123aa20..93e5973 100644
--- a/roles/x509/tasks/main.yml
+++ b/roles/x509/tasks/main.yml
@@ -1,5 +1,5 @@
 - name: install acme.sh
-  shell: curl https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh | INSTALLONLINE=1 LE_WORKING_DIR=/etc/x509 sh
+  shell: curl https://get.acme.sh | INSTALLONLINE=1 LE_WORKING_DIR=/etc/x509 sh
   args:
     creates: /etc/x509
 
diff --git a/site.yml b/site.yml
index b552864..e9aef49 100644
--- a/site.yml
+++ b/site.yml
@@ -18,3 +18,4 @@
 - import_playbook: icecast2.yml
 - import_playbook: munin.yml
 - import_playbook: unifi.yml
+- import_playbook: ftp.yml