diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index d6d04e48..90c9b9c9 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -88,6 +88,14 @@ class webserver {
    }
 }
 
+class service_monitor {
+   $nagios_ip_v4 = hiera('nagios_ip_v4')
+   ufw::allow { "allow-servicemonitor-from-nagios":
+      ip   => $nagios_ip_v4,
+      port => '444'
+   }
+}
+
 class https_server {
 
 }
@@ -277,7 +285,7 @@ class eidas_proxy($version='1.0.0',$country='se') {
    sunet::docker_run {'eidas-proxy':
       image    => 'docker.sunet.se/eidas-proxy',
       imagetag => $_version,
-      ports    => ['443:8443'],
+      ports    => ['443:8443','444:8444'],
       volumes  => ['/var/log/eidas-proxy:/var/log/eidas-proxy',
                    '/etc/eidas-proxy:/etc/eidas-proxy',
                    '/etc/ssl:/etc/ssl'],
@@ -288,6 +296,7 @@ class eidas_proxy($version='1.0.0',$country='se') {
                    "PROXY_SERVICE_COOKIEENCRYPTPW=$proxy_service_cookie_encrypt_pw"]
    } ->
    class {'webserver': } ->
+   class {'servicemonitor': } ->
    class {'https_server': }
 }
 
@@ -298,13 +307,14 @@ class prid($version="1.0.0") {
       image     => 'docker.sunet.se/prid-service',
       imagetag  => $_version,
       hostname  => "$hostname",
-      ports     => ['443:8443'],
+      ports     => ['443:8443','444:8444'],
       volumes   => ['/etc/prid-service:/etc/prid-service',
                     '/etc/ssl:/etc/ssl'],
       env       => ["PRID_SERVICE_POLICY_CONFIGURATION=file:///etc/prid-service/policy.properties",
                     "CERTNAME=${hostname}_infra"]
    } ->
    class {'webserver': } ->
+   class {'servicemonitor': } ->
    class {'https_server': }
 }