diff --git a/stack/monitor/buildout.cfg b/stack/monitor/buildout.cfg
index 5f527802e8f1e62bc8ba7f09ed1f4961a7378b3b..b75278617ca72e98a78a82c1b886ac82c2916743 100644
--- a/stack/monitor/buildout.cfg
+++ b/stack/monitor/buildout.cfg
@@ -1,6 +1,7 @@
 [buildout]
 
 extends =
+  ../../component/apache/buildout.cfg
   ../../component/dcron/buildout.cfg
   ../../component/openssl/buildout.cfg
   ../../component/nginx/buildout.cfg
@@ -52,6 +53,14 @@ download-only = true
 filename = monitor.py.in
 mode = 0644
 
+[cgi-bin]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+download-only = true
+#md5sum = 
+filename = index.cgi
+mode = 0644
+
 [rss-bin]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/${:filename}
diff --git a/stack/monitor/monitor.cfg.in b/stack/monitor/monitor.cfg.in
index c1eb1120706b4af337e07e7d4a3e39ec47bd4bf5..3245b53c96a9da4d6f62fb60177a1d6c741dbfba 100644
--- a/stack/monitor/monitor.cfg.in
+++ b/stack/monitor/monitor.cfg.in
@@ -22,6 +22,7 @@ srv = $${:home}/srv
 
 var = $${:home}/var
 ca-dir = $${:srv}/ssl
+cgi-bin = $${:www}/cgi-bin
 cron-entries = $${:etc}/cron.d
 crontabs = $${:etc}/crontabs
 cronstamps = $${:etc}/cronstamps
@@ -64,6 +65,15 @@ name = build-rss
 frequency = * * * * *
 command = $${make-rss:output}
 
+[deploy-cgi-script]
+recipe = slapos.recipe.template:jinja2
+template = ${cgi-bin:location}/${cgi-bin:filename}
+rendered = $${directory:cgi-bin}/index.cgi
+mode = 0744
+context =
+  key json_file monitor-parameters:json-path
+  key password cgi-password:passwd
+
 [deploy-monitor-script]
 recipe = slapos.recipe.template:jinja2
 template = ${monitor-bin:location}/${monitor-bin:filename}
@@ -130,7 +140,7 @@ name = example.com
 [nginx-parameters]
 nb_workers = 2
 port = 9685
-global-ip = $${slap-parameters:ipv6}
+global-ip = $${slap-parameters:ipv6-random}
 # SSL
 ssl-certificate = $${ca-nginx:cert-file}
 ssl-key = $${ca-nginx:key-file}
@@ -159,4 +169,58 @@ context =
 [nginx-service]
 recipe = slapos.cookbook:wrapper
 wrapper-path = $${nginx-parameters:bin_launcher}
-command-line = $${nginx-parameters:bin_nginx} -c $${nginx-parameters:nginx_conf}
\ No newline at end of file
+command-line = $${nginx-parameters:bin_nginx} -c $${nginx-parameters:nginx_conf}
+
+###########
+# Deploy a webserver running cgi scripts for monitoring
+###########
+[cgi-password]
+recipe = slapos.cookbook:generate.password
+storage-path = $${directory:var}/cgi-passwd
+bytes = 8
+
+# XXX could it be something lighter?
+# XXX Add SSL
+[cgi-httpd-configuration-file]
+recipe = collective.recipe.template
+input = inline:
+  PidFile "$${:pid-file}"
+  Listen [$${:listening-ip}]:$${:listening-port}
+  ServerAdmin someone@email
+  DocumentRoot "$${:document-root}"
+  ErrorLog "$${:error-log}"
+  LoadModule unixd_module modules/mod_unixd.so
+  LoadModule access_compat_module modules/mod_access_compat.so
+  LoadModule authz_core_module modules/mod_authz_core.so
+  LoadModule authz_host_module modules/mod_authz_host.so
+  LoadModule mime_module modules/mod_mime.so
+  LoadModule cgid_module modules/mod_cgid.so
+  LoadModule dir_module modules/mod_dir.so
+  ScriptSock $${:cgid-pid-file}
+  <Directory $${:document-root}>
+    # XXX: security????
+    Options +ExecCGI
+    AddHandler cgi-script .cgi
+    DirectoryIndex $${deploy-cgi-script:rendered}
+  </Directory>
+output = $${directory:etc}/cgi-httpd.conf
+# md5sum =
+listening-ip = $${slap-parameters:ipv6-random}
+# XXX: randomize-me
+listening-port = 9685
+htdocs = $${directory:cgi-bin}
+pid-file = $${directory:run}/cgi-httpd.pid
+cgid-pid-file = $${directory:run}/cgi-httpd-cgid.pid
+document-root = $${directory:cgi-bin}
+error-log = $${directory:log}/cgi-httpd-error-log
+
+[cgi-httpd-wrapper]
+recipe = slapos.cookbook:wrapper
+apache-executable = ${apache:location}/bin/httpd
+command-line = $${:apache-executable} -f $${cgi-httpd-configuration-file:output} -DFOREGROUND
+wrapper-path = $${directory:service}/cgi-httpd
+
+[publish-connection-parameter]
+recipe = slapos.cookbook:publish
+monitor_url = http://[$${cgi-httpd-configuration-file:listening-ip}]:$${cgi-httpd-configuration-file:listening-port}
+monitor_password = $${cgi-password:passwd}
\ No newline at end of file