diff --git a/ansible/deploy.yaml b/ansible/deploy.yaml
index a3b0ca551af96feb6f1fa6f57741afe3c5268ed9..fbb2e545024fc663e06705386979ea1373942775 100644
--- a/ansible/deploy.yaml
+++ b/ansible/deploy.yaml
@@ -91,6 +91,12 @@
         command: "migrate"
         app_path: "/home/{{ deploy_user_name }}/iPPIDB/ippisite"
         settings: "ippisite.{{ ansible_hostname }}_settings"
+    - htpasswd:
+        path: /etc/nginx/passwdfile
+        name: ippidb
+        password: ''
+        owner: root
+        mode: 0640
     # FIXME: this should obviously be removed before switching to prod. env.
     - name: restrict access to the web server to specific IPs
       lineinfile: dest=/etc/ippidb-80/httpd.conf