]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/munin/templates/default/apache.erb
munin: Mitigate env HTTP_PROXY via cgi proxy header
[chef.git] / cookbooks / munin / templates / default / apache.erb
index d5a2267d61c47f0e966247b1249279048d4a0431..15c5009e66c1739776769b294363c4989531f7a9 100644 (file)
@@ -8,17 +8,26 @@
        CustomLog /var/log/apache2/munin.openstreetmap.org-access.log combined
        ErrorLog /var/log/apache2/munin.openstreetmap.org-error.log
 
-       DocumentRoot /var/cache/munin/www
+       SetEnv RRDCACHED_ADDRESS /var/run/rrdcached.sock
+
+       DocumentRoot /srv/munin.openstreetmap.org
+       Alias /static/favicon.ico /srv/munin.openstreetmap.org/favicon.ico
+       Alias /static/ /etc/munin/static/
        ScriptAlias /munin-cgi/ /usr/lib/munin/cgi/
 
+       # Remove Proxy request header to mitigate https://httpoxy.org/
+       RequestHeader unset Proxy early
+
        RewriteEngine on
        RewriteCond %{REQUEST_URI} !^/static/
-       RewriteCond %{REQUEST_URI} .html$ [or]
-       RewriteCond %{REQUEST_URI} =/
-       RewriteRule ^/(.*) /munin-cgi/munin-cgi-html/$1 [PT]
+       RewriteRule ^(/.*\.html)?$ /munin-cgi/munin-cgi-html/$1 [PT]
 </VirtualHost>
 
-<Directory /var/cache/munin/www>
+<Directory /srv/munin.openstreetmap.org>
+       Require all granted
+</Directory>
+
+<Directory /etc/munin/static>
        Require all granted
 </Directory>