]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/munin/templates/default/apache.erb
Switch operations.osmfoundation.org to letsencrypt
[chef.git] / cookbooks / munin / templates / default / apache.erb
index ecb4b4df4ee41b94e7496c701c6a962a73fc94b7..77a215704ca22b3a590bec549d322a907ec9d09e 100644 (file)
@@ -1,6 +1,6 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-<VirtualHost *:80>
+<VirtualHost *:443>
        ServerName munin.openstreetmap.org
        ServerAlias munin.osm.org
        ServerAdmin webmaster@openstreetmap.org
@@ -8,20 +8,46 @@
        CustomLog /var/log/apache2/munin.openstreetmap.org-access.log combined
        ErrorLog /var/log/apache2/munin.openstreetmap.org-error.log
 
+       SSLEngine on
+       SSLCertificateFile /etc/ssl/certs/munin.openstreetmap.org.pem
+       SSLCertificateKeyFile /etc/ssl/private/munin.openstreetmap.org.key
+
+        SetEnv RRDCACHED_ADDRESS /var/run/rrdcached.sock
+
        DocumentRoot /srv/munin.openstreetmap.org
-        Alias /static/favicon.ico /srv/munin.openstreetmap.org/favicon.ico
+       Alias /static/favicon.ico /srv/munin.openstreetmap.org/favicon.ico
        Alias /static/ /etc/munin/static/
        ScriptAlias /munin-cgi/ /usr/lib/munin/cgi/
 
+       # Remove Proxy request header to mitigate https://httpoxy.org/
+       RequestHeader unset Proxy early
+
        RewriteEngine on
        RewriteCond %{REQUEST_URI} !^/static/
+       RewriteCond %{REQUEST_URI} !^/dumps/
        RewriteRule ^(/.*\.html)?$ /munin-cgi/munin-cgi-html/$1 [PT]
 </VirtualHost>
 
+<VirtualHost *:80>
+       ServerName munin.openstreetmap.org
+       ServerAlias munin.osm.org
+       ServerAdmin webmaster@openstreetmap.org
+
+       CustomLog /var/log/apache2/munin.openstreetmap.org-access.log combined
+       ErrorLog /var/log/apache2/munin.openstreetmap.org-error.log
+
+       RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+       RedirectPermanent / https://munin.openstreetmap.org/
+</VirtualHost>
+
 <Directory /srv/munin.openstreetmap.org>
        Require all granted
 </Directory>
 
+<Directory /srv/munin.openstreetmap.org/dumps>
+       Options +Indexes
+</Directory>
+
 <Directory /etc/munin/static>
        Require all granted
 </Directory>