diff --git a/README.md b/README.md
index c211dc5..13b385e 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,7 @@ Internet
 | Gitea | 3000 | eckardt-git.duckdns.org | Git Repository |
 | Websites | 8082 | eckardt-vault.duckdns.org | Statische Websites |
 | API | 8000 | eckardt-vault.duckdns.org/api/ | FastAPI Backend |
+| **Netdata** | 19999 | eckardt-monitoring.duckdns.org | System Monitoring |
 | Audiobookshelf | 13378 | (intern) | Audiobook Server |
 
 ## Quick Start
@@ -195,3 +196,7 @@ Siehe [docs/TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md) fuer:
 - Isolierte Docker-Netzwerke pro Service
 - Resource Limits (CPU/Memory) pro Container
 - Logging mit Rotation (10MB, 3 Files)
+- Netdata Monitoring hinzugefuegt (eckardt-monitoring.duckdns.org)
+  - Host + Docker Container Monitoring
+  - WireGuard + Fail2Ban Integration
+  - Separates Git-Repository: proxmox-netdata
diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf
index 2ff2420..153c822 100644
--- a/configs/nginx/nginx.conf
+++ b/configs/nginx/nginx.conf
@@ -61,6 +61,17 @@ http {
         }
     }
 
+    server {
+        listen 80;
+        server_name eckardt-monitoring.duckdns.org;
+        location /.well-known/acme-challenge/ {
+            alias C:/nginx/html/.well-known/acme-challenge/;
+        }
+        location / {
+            return 301 https://eckardt-monitoring.duckdns.org$request_uri;
+        }
+    }
+
     # ============================================
     # eckardt-vault.duckdns.org - Main Services
     # ============================================
@@ -176,4 +187,38 @@ http {
             client_max_body_size 1G;
         }
     }
+
+    # ============================================
+    # eckardt-monitoring.duckdns.org - Netdata
+    # ============================================
+    server {
+        listen 443 ssl;
+        http2 on;
+        server_name eckardt-monitoring.duckdns.org;
+
+        ssl_certificate C:/nginx/ssl/eckardt-monitoring.duckdns.org-chain.pem;
+        ssl_certificate_key C:/nginx/ssl/eckardt-monitoring.duckdns.org-key.pem;
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
+        ssl_prefer_server_ciphers off;
+
+        # HTTP Basic Auth (empfohlen da Netdata keine Auth hat)
+        # auth_basic "Netdata Monitoring";
+        # auth_basic_user_file C:/nginx/conf/.htpasswd;
+
+        location / {
+            limit_req zone=general burst=50 nodelay;
+            proxy_pass http://10.0.0.2:19999/;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+
+            # Netdata Dashboard braucht WebSocket
+            proxy_read_timeout 86400;
+        }
+    }
 }