diff --git a/kibana-proxy-nginx/README.md b/kibana-proxy-nginx/README.md
index feda6871..637497f0 100644
--- a/kibana-proxy-nginx/README.md
+++ b/kibana-proxy-nginx/README.md
@@ -1,6 +1,6 @@
 # kibana
 
-Install Kibana.
+Install kibana proxy configurations (with or without SSL) for Nginx.
 
 ## Tasks
 
@@ -11,4 +11,5 @@ Everything is in the `tasks/main.yml` file.
 The only variables are derived from gathered facts.
 
 By default, Kibana will bind to localhost:5601.
-If Nginx is installed, a typical proxy configuration is copied into `/etc/nginx/sites-available`. It can be tweeked and enabled by hand.
+
+The configurations are installed but not enabled.
diff --git a/kibana-proxy-nginx/defaults/main.yml b/kibana-proxy-nginx/defaults/main.yml
index f55b2d26..2d2e6480 100644
--- a/kibana-proxy-nginx/defaults/main.yml
+++ b/kibana-proxy-nginx/defaults/main.yml
@@ -1,2 +1,3 @@
-kibana_proxy_bind: "{{ ansible_default_ipv4.address }}:80"
 kibana_proxy_domain: "kibana.{{ ansible_fqdn }}"
+kibana_proxy_ssl_cert: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
+kibana_proxy_ssl_key: "/etc/ssl/private/{{ ansible_fqdn }}.key"
diff --git a/kibana-proxy-nginx/tasks/main.yml b/kibana-proxy-nginx/tasks/main.yml
index 81834594..5849fdd6 100644
--- a/kibana-proxy-nginx/tasks/main.yml
+++ b/kibana-proxy-nginx/tasks/main.yml
@@ -1,14 +1,20 @@
 ---
 
-- name: Example proxy for Kibana with Nginx
+- name: Example proxy for Kibana with Nginx (with SSL)
   template:
-    src: nginx_proxy_kibana.j2
-    dest: /etc/nginx/sites-available/kibana.conf
+    src: nginx_proxy_kibana_ssl.j2
+    dest: /etc/nginx/sites-available/kibana_ssl.conf
     force: no
 
-- name: Kibana host in Nginx is enabled
-  file:
-    src: /etc/nginx/sites-available/kibana.conf
-    dest: /etc/nginx/sites-enabled/kibana.conf
-    state: link
-  notify: reload nginx
+- name: Example proxy for Kibana with Nginx (without SSL)
+  template:
+    src: nginx_proxy_kibana_nossl.j2
+    dest: /etc/nginx/sites-available/kibana_nossl.conf
+    force: no
+
+# - name: Kibana host in Nginx is enabled
+#   file:
+#     src: /etc/nginx/sites-available/kibana.conf
+#     dest: /etc/nginx/sites-enabled/kibana.conf
+#     state: link
+#   notify: reload nginx
diff --git a/kibana-proxy-nginx/templates/nginx_proxy_kibana.j2 b/kibana-proxy-nginx/templates/nginx_proxy_kibana_nossl.j2
similarity index 70%
rename from kibana-proxy-nginx/templates/nginx_proxy_kibana.j2
rename to kibana-proxy-nginx/templates/nginx_proxy_kibana_nossl.j2
index 1b942a0b..1540b841 100644
--- a/kibana-proxy-nginx/templates/nginx_proxy_kibana.j2
+++ b/kibana-proxy-nginx/templates/nginx_proxy_kibana_nossl.j2
@@ -4,11 +4,17 @@ upstream kibana {
 server {
   charset utf-8;
 
-  # ajouter les règles d'authentification
+  listen 80;
 
-  listen      {{ kibana_proxy_bind }};
   server_name {{ kibana_proxy_domain }};
 
+  # Auth.
+  include /etc/nginx/snippets/private_ipaddr_whitelist;
+  deny all;
+  auth_basic "Reserved {{ kibana_proxy_domain }}";
+  auth_basic_user_file /etc/nginx/snippets/private_htpasswd;
+  satisfy any;
+
   location / {
     proxy_redirect off;
     proxy_pass http://kibana/;
diff --git a/kibana-proxy-nginx/templates/nginx_proxy_kibana_ssl.j2 b/kibana-proxy-nginx/templates/nginx_proxy_kibana_ssl.j2
new file mode 100644
index 00000000..8903ca76
--- /dev/null
+++ b/kibana-proxy-nginx/templates/nginx_proxy_kibana_ssl.j2
@@ -0,0 +1,38 @@
+upstream kibana {
+  server 127.0.0.1:5601 fail_timeout=0;
+}
+
+server {
+    listen [::]:80;
+    listen 80;
+    server_name {{ kibana_proxy_domain }};
+    return 301 https://{{ kibana_proxy_domain }}$request_uri;
+}
+server {
+  charset utf-8;
+
+  listen 443 ssl spdy;
+
+  server_name {{ kibana_proxy_domain }};
+
+  ssl_certificate {{ kibana_proxy_ssl_cert }};
+  ssl_certificate_key {{ kibana_proxy_ssl_key }};
+
+  # Auth.
+  include /etc/nginx/snippets/private_ipaddr_whitelist;
+  deny all;
+  auth_basic "Reserved {{ kibana_proxy_domain }}";
+  auth_basic_user_file /etc/nginx/snippets/private_htpasswd;
+  satisfy any;
+
+  location / {
+    proxy_redirect off;
+    proxy_pass http://kibana/;
+    proxy_set_header    X-Real-IP   $remote_addr;
+    proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
+    proxy_set_header    X-Forwarded-Proto  $scheme;
+    proxy_set_header    X-Forwarded-Server  $host;
+    proxy_set_header    X-Forwarded-Host  $host;
+    proxy_set_header    Host  $host;
+  }
+}