]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/munin/templates/default/apache.erb
Include internal addresses in munin allow list
[chef.git] / cookbooks / munin / templates / default / apache.erb
index 141d2a50f50c58e09fb7ed464c80ad47ef190f8e..ed922b34acc39ad0cc74f23565ceb3e37be778f1 100644 (file)
@@ -1,35 +1,59 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-<VirtualHost *:80>
-       ServerName munin.openstreetmap.org
-       ServerAlias munin.osm.org
-       ServerAdmin webmaster@openstreetmap.org
+<VirtualHost *:443>
+  ServerName munin.openstreetmap.org
+  ServerAlias munin.osm.org
+  ServerAdmin webmaster@openstreetmap.org
+
+  CustomLog /var/log/apache2/munin.openstreetmap.org-access.log combined
+  ErrorLog /var/log/apache2/munin.openstreetmap.org-error.log
+
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/munin.openstreetmap.org.pem
+  SSLCertificateKeyFile /etc/ssl/private/munin.openstreetmap.org.key
+
+  SetEnv RRDCACHED_ADDRESS /var/run/rrdcached.sock
+
+  DocumentRoot /srv/munin.openstreetmap.org
+  Alias /static/favicon.ico /srv/munin.openstreetmap.org/favicon.ico
+  Alias /static/ /etc/munin/static/
+  ScriptAlias /munin-cgi/ /usr/lib/munin/cgi/
 
-       CustomLog /var/log/apache2/munin.openstreetmap.org-access.log combined
-       ErrorLog /var/log/apache2/munin.openstreetmap.org-error.log
+  # Remove Proxy request header to mitigate https://httpoxy.org/
+  RequestHeader unset Proxy early
 
-       SetEnv RRDCACHED_ADDRESS /var/run/rrdcached.sock
+  RewriteEngine on
+  RewriteCond %{REQUEST_URI} !^/static/
+  RewriteCond %{REQUEST_URI} !^/dumps/
+  RewriteRule ^(/.*\.html)?$ /munin-cgi/munin-cgi-html/$1 [PT]
+</VirtualHost>
+
+<VirtualHost *:80>
+  ServerName munin.openstreetmap.org
+  ServerAlias munin.osm.org
+  ServerAdmin webmaster@openstreetmap.org
 
-       DocumentRoot /srv/munin.openstreetmap.org
-       Alias /static/favicon.ico /srv/munin.openstreetmap.org/favicon.ico
-       Alias /static/ /etc/munin/static/
-       ScriptAlias /munin-cgi/ /usr/lib/munin/cgi/
+  CustomLog /var/log/apache2/munin.openstreetmap.org-access.log combined
+  ErrorLog /var/log/apache2/munin.openstreetmap.org-error.log
 
-       RewriteEngine on
-       RewriteCond %{REQUEST_URI} !^/static/
-       RewriteRule ^(/.*\.html)?$ /munin-cgi/munin-cgi-html/$1 [PT]
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+  RedirectPermanent / https://munin.openstreetmap.org/
 </VirtualHost>
 
 <Directory /srv/munin.openstreetmap.org>
-       Require all granted
+  Require all granted
+</Directory>
+
+<Directory /srv/munin.openstreetmap.org/dumps>
+  Options +Indexes
 </Directory>
 
 <Directory /etc/munin/static>
-       Require all granted
+  Require all granted
 </Directory>
 
 <Directory /usr/lib/munin/cgi>
-       Options +ExecCGI
-       SetHandler fcgid-script
-       Require all granted
+  Options +ExecCGI
+  SetHandler fcgid-script
+  Require all granted
 </Directory>