ErrorLog /var/log/apache2/graphite-error.log CustomLog /var/log/apache2/graphite-access.log common LogLevel warn ServerSignature Off Redirect / https://<%= scope.lookupvar("graphite::vhost_name") %>/ Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" SSLEngine on SSLCertificateFile <%= scope.lookupvar("graphite::ssl_cert_file") %> SSLCertificateKeyFile <%= scope.lookupvar("graphite::ssl_key_file") %> <% if scope.lookupvar("graphite::ssl_chain_file") != "" %> SSLCertificateChainFile <%= scope.lookupvar("graphite::ssl_chain_file") %> <% end %> SSLProtocol All -SSLv2 -SSLv3 # Note: this list should ensure ciphers that provide forward secrecy SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP SSLHonorCipherOrder on DocumentRoot "/var/lib/graphite/webapp" ErrorLog /var/log/apache2/graphite-error.log CustomLog /var/log/apache2/graphite-access.log common # Add CORS authorization to the header so third-party services can pull # metrics data via API calls for things like vizualiation dashboards. Header set Access-Control-Allow-Origin "*" # I've found that an equal number of processes & threads tends # to show the best performance for Graphite (ymmv). WSGIDaemonProcess graphite processes=5 threads=5 display-name='%{GROUP}' inactivity-timeout=120 WSGIProcessGroup graphite WSGIApplicationGroup %{GLOBAL} SetEnv GRAPHITE_STORAGE_DIR /var/lib/graphite/storage WSGIImportScript /etc/graphite/graphite.wsgi process-group=graphite application-group=%{GLOBAL} # XXX You will need to create this file! There is a graphite.wsgi.example # file in this directory that you can safely use, just copy it to graphite.wgsi WSGIScriptAlias / /etc/graphite/graphite.wsgi Alias /content/ /var/lib/graphite/webapp/content/ SetHandler None # XXX In order for the django admin site media to work you # must change @DJANGO_ROOT@ to be the path to your django # installation, which is probably something like: # /usr/lib/python2.6/site-packages/django Alias /media/ "/usr/lib/python2.7/dist-packages/django/contrib/admin/media/" SetHandler None # The graphite.wsgi file has to be accessible by apache. It won't # be visible to clients because of the DocumentRoot though. = 2.4> Require all granted Order deny,allow Allow from all = 2.4> Require all granted