diff --git a/roles/nginxplus/files/conf/http/dev/kennyloggin_staging.conf b/roles/nginxplus/files/conf/http/dev/kennyloggin_staging.conf
new file mode 100644
index 0000000000..e5006c48d5
--- /dev/null
+++ b/roles/nginxplus/files/conf/http/dev/kennyloggin_staging.conf
@@ -0,0 +1,51 @@
+# {{ ansible_managed | comment }}
+proxy_cache_path /var/cache/nginx/kennyloggin-staging/ keys_zone=kennyloggin-stagingcache:10m;
+
+# This is required to proxy Grafana Live WebSocket connections.
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  '' close;
+}
+
+upstream grafana {
+  server kennyloggin-staging1.lib.princeton.edu:3000;
+  server kennyloggin-staging2.lib.princeton.edu:3000;
+}
+
+server {
+    listen 80;
+    server_name kennylogging-staging.lib.princeton.edu;
+
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+server {
+  listen 443 ssl;
+  http2 on;
+  server_name kennyloggin-staging.lib.princeton.edu;
+    ssl_certificate            /etc/letsencrypt/live/kennyloggin-staging.lib/fullchain.pem;
+    ssl_certificate_key        /etc/letsencrypt/live/kennyloggin-staging.lib/privkey.pem;
+    ssl_session_cache          shared:SSL:1m;
+    ssl_prefer_server_ciphers  on;
+
+
+  location / {
+    app_protect_enable off;
+    app_protect_security_log_enable on;
+    proxy_set_header Host $host;
+    proxy_pass http://grafana;
+  }
+
+  # Proxy Grafana Live WebSocket connections.
+  location /api/live/ {
+    app_protect_enable off;
+    app_protect_security_log_enable on;
+    proxy_pass http://grafana;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_set_header Host $host;
+  }
+}