diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 2054c2b3..a2d71a46 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -78,6 +78,9 @@ jobs:
       - name: Setup hammer
         run: |
           ./foremanctl setup-hammer
+      - name: Set up Foreman Proxy
+        run: |
+          ./foremanctl setup-foreman-proxy
       - name: Run tests
         run: |
           ./forge test --pytest-args="--certificate-source=${{ matrix.certificate_source }}"
@@ -193,6 +196,9 @@ jobs:
       - name: Setup hammer
         run: |
           ./foremanctl setup-hammer
+      - name: Set up Foreman Proxy
+        run: |
+          ./foremanctl setup-foreman-proxy
       - name: Run tests
         run: |
           ./forge test
diff --git a/src/playbooks/setup-foreman-proxy/metadata.obsah.yaml b/src/playbooks/setup-foreman-proxy/metadata.obsah.yaml
new file mode 100644
index 00000000..04f85f24
--- /dev/null
+++ b/src/playbooks/setup-foreman-proxy/metadata.obsah.yaml
@@ -0,0 +1,6 @@
+---
+help: |
+  Set up Foreman Proxy
+
+include:
+  - _certificate_source
diff --git a/src/playbooks/setup-foreman-proxy/setup-foreman-proxy.yaml b/src/playbooks/setup-foreman-proxy/setup-foreman-proxy.yaml
new file mode 100644
index 00000000..a73f6bd4
--- /dev/null
+++ b/src/playbooks/setup-foreman-proxy/setup-foreman-proxy.yaml
@@ -0,0 +1,17 @@
+---
+- name: Set up Foreman Proxy
+  hosts:
+    - quadlet
+  become: true
+  vars_files:
+    - "../../vars/defaults.yml"
+    - "../../vars/{{ certificate_source }}_certificates.yml"
+    - "../../vars/foreman.yml"
+    - "../../vars/images.yml"
+  vars:
+    foreman_url: "https://{{ ansible_facts['fqdn'] }}"
+
+  roles:
+    - pre_install
+    - checks
+    - foreman_proxy
diff --git a/src/roles/foreman_proxy/defaults/main.yaml b/src/roles/foreman_proxy/defaults/main.yaml
new file mode 100644
index 00000000..4e4a4fe2
--- /dev/null
+++ b/src/roles/foreman_proxy/defaults/main.yaml
@@ -0,0 +1,8 @@
+---
+foreman_proxy_name: "{{ ansible_facts['fqdn'] }}"
+foreman_proxy_https_port: 8443
+foreman_proxy_url: "https://{{ foreman_proxy_name }}:{{ foreman_proxy_https_port }}"
+
+# Settings
+foreman_proxy_trusted_hosts:
+  - "{{ foreman_proxy_name }}"
diff --git a/src/roles/foreman_proxy/handlers/main.yml b/src/roles/foreman_proxy/handlers/main.yml
new file mode 100644
index 00000000..6cea8a88
--- /dev/null
+++ b/src/roles/foreman_proxy/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart Foreman Proxy
+  ansible.builtin.systemd:
+    name: foreman-proxy
+    state: restarted
diff --git a/src/roles/foreman_proxy/tasks/certs.yaml b/src/roles/foreman_proxy/tasks/certs.yaml
new file mode 100644
index 00000000..fbb504ec
--- /dev/null
+++ b/src/roles/foreman_proxy/tasks/certs.yaml
@@ -0,0 +1,48 @@
+---
+- name: Create the podman secret for Foreman Proxy CA certificate
+  containers.podman.podman_secret:
+    name: foreman-proxy-ssl-ca
+    path: "{{ server_ca_certificate }}"
+    state: present
+  notify:
+    - Restart Foreman Proxy
+
+- name: Create the podman secret for foreman-proxy Proxy server certificate (for HTTPS)
+  containers.podman.podman_secret:
+    state: present
+    name: foreman-proxy-ssl-cert
+    path: "{{ server_certificate }}"
+  notify:
+    - Restart Foreman Proxy
+
+- name: Create the podman secret for Foreman Proxy server key (for HTTPS)
+  containers.podman.podman_secret:
+    state: present
+    name: foreman-proxy-ssl-key
+    path: "{{ server_key }}"
+  notify:
+    - Restart Foreman Proxy
+
+- name: Create the podman secret for Foreman Proxy Foreman CA
+  containers.podman.podman_secret:
+    state: present
+    name: foreman-proxy-foreman-ssl-ca
+    path: "{{ server_ca_certificate }}"
+  notify:
+    - Restart Foreman Proxy
+
+- name: Create the podman secret for Foreman Proxy Foreman client certificate
+  containers.podman.podman_secret:
+    state: present
+    name: foreman-proxy-foreman-ssl-cert
+    path: "{{ client_certificate }}"
+  notify:
+    - Restart Foreman Proxy
+
+- name: Create the podman secret for Foreman Proxy Foreman client key
+  containers.podman.podman_secret:
+    state: present
+    name: foreman-proxy-foreman-ssl-key
+    path: "{{ client_key }}"
+  notify:
+    - Restart Foreman Proxy
diff --git a/src/roles/foreman_proxy/tasks/configs.yaml b/src/roles/foreman_proxy/tasks/configs.yaml
new file mode 100644
index 00000000..629dba55
--- /dev/null
+++ b/src/roles/foreman_proxy/tasks/configs.yaml
@@ -0,0 +1,16 @@
+---
+- name: Create settings config secret
+  containers.podman.podman_secret:
+    state: present
+    name: foreman-proxy-settings-yaml
+    data: "{{ lookup('ansible.builtin.template', 'settings.yaml.j2') }}"
+  notify:
+    - Restart Foreman Proxy
+
+- name: Create logs config secret
+  containers.podman.podman_secret:
+    state: present
+    name: foreman-proxy-logs-yaml
+    data: "{{ lookup('ansible.builtin.template', 'settings.d/logs.yaml.j2') }}"
+  notify:
+    - Restart Foreman Proxy
diff --git a/src/roles/foreman_proxy/tasks/main.yaml b/src/roles/foreman_proxy/tasks/main.yaml
new file mode 100644
index 00000000..439c1d7b
--- /dev/null
+++ b/src/roles/foreman_proxy/tasks/main.yaml
@@ -0,0 +1,57 @@
+---
+- name: Pull the Foreman Proxy container image
+  containers.podman.podman_image:
+    name: "{{ foreman_proxy_container_image }}:{{ foreman_proxy_container_tag }}"
+    state: present
+
+- name: Create config secrets
+  ansible.builtin.include_tasks: configs.yaml
+
+- name: Create certs secrets
+  ansible.builtin.include_tasks: certs.yaml
+
+- name: Deploy Foreman Container
+  containers.podman.podman_container:
+    name: "foreman-proxy"
+    image: "{{ foreman_proxy_container_image }}:{{ foreman_proxy_container_tag }}"
+    state: quadlet
+    sdnotify: true
+    network: host
+    hostname: "{{ ansible_facts['fqdn'] }}"
+    secrets:
+      - 'foreman-proxy-settings-yaml,type=mount,target=/etc/foreman-proxy/settings.yml'
+      - 'foreman-proxy-logs-yaml,type=mount,target=/etc/foreman-proxy/settings.d/logs.yml'
+      - 'foreman-proxy-ssl-ca,type=mount,target=/etc/foreman-proxy/ssl_ca.pem'
+      - 'foreman-proxy-ssl-cert,type=mount,target=/etc/foreman-proxy/ssl_cert.pem'
+      - 'foreman-proxy-ssl-key,type=mount,target=/etc/foreman-proxy/ssl_key.pem'
+      - 'foreman-proxy-foreman-ssl-ca,type=mount,target=/etc/foreman-proxy/foreman_ssl_ca.pem'
+      - 'foreman-proxy-foreman-ssl-cert,type=mount,target=/etc/foreman-proxy/foreman_ssl_cert.pem'
+      - 'foreman-proxy-foreman-ssl-key,type=mount,target=/etc/foreman-proxy/foreman_ssl_key.pem'
+    quadlet_options:
+      - |
+        [Install]
+        WantedBy=default.target foreman.target
+        [Unit]
+        PartOf=foreman.target
+  notify: Restart Foreman Proxy
+
+- name: Run daemon reload to make Quadlet create the service files
+  ansible.builtin.systemd:
+    daemon_reload: true
+
+- name: Flush handlers to restart services
+  ansible.builtin.meta: flush_handlers
+
+- name: Start the Foreman Proxy Service
+  ansible.builtin.systemd:
+    name: foreman-proxy
+    state: started
+
+- name: Register Foreman Proxy to Foreman
+  theforeman.foreman.smart_proxy:
+    name: "{{ foreman_proxy_name }}"
+    url: "{{ foreman_proxy_url }}"
+    server_url: "{{ foreman_url }}"
+    username: "{{ foreman_initial_admin_username }}"
+    password: "{{ foreman_initial_admin_password }}"
+    validate_certs: false
diff --git a/src/roles/foreman_proxy/templates/settings.d/logs.yaml.j2 b/src/roles/foreman_proxy/templates/settings.d/logs.yaml.j2
new file mode 100644
index 00000000..cdbc714d
--- /dev/null
+++ b/src/roles/foreman_proxy/templates/settings.d/logs.yaml.j2
@@ -0,0 +1,2 @@
+---
+:enabled: https
diff --git a/src/roles/foreman_proxy/templates/settings.yaml.j2 b/src/roles/foreman_proxy/templates/settings.yaml.j2
new file mode 100644
index 00000000..b0ae6507
--- /dev/null
+++ b/src/roles/foreman_proxy/templates/settings.yaml.j2
@@ -0,0 +1,20 @@
+:settings_directory: /etc/foreman-proxy/settings.d
+
+:foreman_url: {{ foreman_url }}
+:trusted_hosts: {{ foreman_proxy_trusted_hosts }}
+
+:https_port: {{ foreman_proxy_https_port }}
+:ssl_ca_file: /etc/foreman-proxy/ssl_ca.pem
+:ssl_certificate: /etc/foreman-proxy/ssl_cert.pem
+:ssl_private_key: /etc/foreman-proxy/ssl_key.pem
+
+:foreman_ssl_ca: /etc/foreman-proxy/foreman_ssl_ca.pem
+:foreman_ssl_cert: /etc/foreman-proxy/foreman_ssl_cert.pem
+:foreman_ssl_key: /etc/foreman-proxy/foreman_ssl_key.pem
+
+:bind_host: '*'
+
+:log_level: INFO
+:log_file: JOURNAL
+:log_buffer: 2000
+:log_buffer_errors: 1000
diff --git a/src/vars/images.yml b/src/vars/images.yml
index e7e2407b..dc634981 100644
--- a/src/vars/images.yml
+++ b/src/vars/images.yml
@@ -3,6 +3,9 @@ candlepin_container_image: quay.io/foreman/candlepin
 candlepin_container_tag: "foreman-{{ container_tag_stream }}"
 foreman_container_image: quay.io/foreman/foreman
 foreman_container_tag: "{{ container_tag_stream }}"
+foreman_proxy_container_image: "quay.io/foreman/foreman-proxy"
+foreman_proxy_container_tag: "{{ container_tag_stream }}"
+
 postgresql_container_image: quay.io/sclorg/postgresql-13-c9s
 postgresql_container_tag: "latest"
 pulp_container_image: quay.io/foreman/pulp
diff --git a/tests/foreman_proxy_test.py b/tests/foreman_proxy_test.py
new file mode 100644
index 00000000..086e993e
--- /dev/null
+++ b/tests/foreman_proxy_test.py
@@ -0,0 +1,15 @@
+FOREMAN_PROXY_PORT = 8443
+
+def test_foreman_proxy_features(server, certificates, server_fqdn):
+    cmd = server.run(f"curl --cacert {certificates['ca_certificate']} --silent https://{server_fqdn}:{FOREMAN_PROXY_PORT}/features")
+    assert cmd.succeeded
+    assert "logs" in cmd.stdout
+
+def test_foreman_proxy_service(server):
+    foreman_proxy = server.service("foreman-proxy")
+    assert foreman_proxy.is_running
+    assert foreman_proxy.is_enabled
+
+def test_foreman_proxy_port(server):
+    foreman_proxy = server.addr('localhost')
+    assert foreman_proxy.port(FOREMAN_PROXY_PORT).is_reachable