diff --git a/group_vars/munin.yml b/group_vars/munin.yml
index 83388801..6fbfc29d 100644
--- a/group_vars/munin.yml
+++ b/group_vars/munin.yml
@@ -42,7 +42,7 @@ munin_node_bind_port: "4949"
 munin_node_allowed_cidrs: [127.0.0.1]
 
 ###  mgrote_munin_master
-munin_mode: cron # or cgi
+munin_mode: cgi # or cron
 munin_mail_user: munin@mgrote.net
 munin_mail_server: "{{ postfix_smtp_server }}"
 munin_mail_port: "{{ 1025 }}"
diff --git a/roles/mgrote_munin_server/defaults/main.yml b/roles/mgrote_munin_server/defaults/main.yml
index 494f7465..aea18e28 100644
--- a/roles/mgrote_munin_server/defaults/main.yml
+++ b/roles/mgrote_munin_server/defaults/main.yml
@@ -14,12 +14,6 @@ munin_packages:
   - s-nail
   - libfile-readbackwards-perl
 munin_servername: "{{ ansible_fqdn }}.mgrote.net"
-munin_dirs:
-  - /var/run/munin
-  - /etc/munin/plugins
-  - /var/cache/munin/www
-  - /var/lib/munin
-  - /var/cache/munin
 munin_server_plugins:
   - munin_stats
   - munin_update
diff --git a/roles/mgrote_munin_server/tasks/main.yml b/roles/mgrote_munin_server/tasks/main.yml
index 0ae1e90a..ecce6fdc 100644
--- a/roles/mgrote_munin_server/tasks/main.yml
+++ b/roles/mgrote_munin_server/tasks/main.yml
@@ -7,21 +7,48 @@
 
 - name: Ensure needed dirs exists
   ansible.builtin.file:
-    path: "{{ item }}"
+    path: "{{ item.name }}"
     state: directory
-    mode: '0755'
-    owner: munin
-    group: munin
-  loop: "{{ munin_dirs }}"
-
-- name: Ensure permissions are set
-  ansible.builtin.file:
-    path: /var/lib/munin/cgi-tmp
-    mode: 'ugo+rw'
-    state: directory
-    owner: munin
-    group: munin
-    recurse: true
+    mode: "{{ item.mode }}"
+    owner: "{{ item.owner }}"
+    group: "{{ item.group }}"
+    recurse: "{{ item.recurse }}"
+  loop:
+    - name: /var/run/munin
+      mode: '0755'
+      owner: munin
+      group: munin
+      recurse: false
+    - name: /var/lib/munin-node/plugin-state
+      mode: '0775'
+      owner: munin
+      group: munin
+      recurse: false
+    - name: /etc/munin/plugins
+      mode: '0755'
+      owner: munin
+      group: munin
+      recurse: false
+    - name: /var/cache/munin/www
+      mode: '0755'
+      owner: munin
+      group: root
+      recurse: false
+    - name: /var/lib/munin
+      mode: '0755'
+      owner: munin
+      group: munin
+      recurse: false
+    - name: /var/cache/munin
+      mode: '0755'
+      owner: root
+      group: root
+      recurse: false
+    - name: /var/lib/munin/cgi-tmp # TODO, ist immer changed
+      mode: "0775"
+      owner: munin
+      group: www-data
+      recurse: true
 
 - name: Template apache config
   ansible.builtin.template:
@@ -32,10 +59,17 @@
     group: root
   notify: "restart apache2"
 
-- name: Enable fgcid
+- name: "apache2: enable rewrite"
+  community.general.apache2_module:
+    state: present
+    name: rewrite
+  notify: "restart apache2"
+
+- name: "apache2: enable rewrite"
   community.general.apache2_module:
     state: present
     name: fcgid
+  notify: "restart apache2"
 
 - name: Template munin-server plugins
   ansible.builtin.template:
@@ -61,6 +95,7 @@
     line: "*/5 * * * *     munin if [ -x /usr/bin/munin-cron ]; then /usr/bin/munin-cron; fi"
     create: true
     mode: '0644'
+  notify: "restart munin"
 
 - name: check if munin has been run
   ansible.builtin.stat:
diff --git a/roles/mgrote_munin_server/templates/apache.conf b/roles/mgrote_munin_server/templates/apache.conf
index 4d21bc08..c883f2c0 100644
--- a/roles/mgrote_munin_server/templates/apache.conf
+++ b/roles/mgrote_munin_server/templates/apache.conf
@@ -1,24 +1,37 @@
 <VirtualHost *:80>
     ServerName {{ munin_servername }}
 
-    # Redirect requests without /munin to /munin
-    RedirectMatch ^/$ /munin/
+    DocumentRoot /var/www
 
-    # Existing configuration for serving /munin
-    Alias /munin /var/cache/munin/www
-    <Directory /var/cache/munin/www>
-            Require all granted
-            Options None
+    # Rewrite rules to serve traffic from the root instead of /munin-cgi
+    RewriteEngine On
+    # Static files
+    RewriteRule ^/favicon.ico /var/cache/munin/www/static/favicon.ico [L]
+    RewriteRule ^/static/(.*) /var/cache/munin/www/static/$1          [L]
+    # HTML
+    RewriteRule ^(/.*\.html)?$ /munin-cgi/munin-cgi-html/$1 [PT]
+    # Images
+    RewriteRule ^/munin-cgi/munin-cgi-graph/(.*) /$1
+    RewriteCond %{REQUEST_URI} !^/static
+    RewriteRule ^/(.*.png)$ /munin-cgi/munin-cgi-graph/$1 [L,PT]
+    ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
+    ScriptAlias /munin-cgi/munin-cgi-html /usr/lib/munin/cgi/munin-cgi-html
+
+    <Directory /etc/munin/static>
+        Require all granted
     </Directory>
 
-    ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
-    <Location /munin-cgi/munin-cgi-graph>
-            Require all granted
-            <IfModule mod_fcgid.c>
-                SetHandler fcgid-script
-            </IfModule>
-            <IfModule !mod_fcgid.c>
-                SetHandler cgi-script
-            </IfModule>
-    </Location>
+    <Directory /var/cache/munin/www/>
+        Require all granted
+    </Directory>
+
+    <Directory /usr/lib/munin/cgi>
+        Require all granted
+        <IfModule mod_fcgid.c>
+            SetHandler fcgid-script
+        </IfModule>
+        <IfModule !mod_fcgid.c>
+            SetHandler cgi-script
+        </IfModule>
+    </Directory>
 </VirtualHost>