diff --git a/conf/nginx-primaryonly.conf b/conf/nginx-primaryonly.conf
index 2ad5d7d3..2b74b684 100644
--- a/conf/nginx-primaryonly.conf
+++ b/conf/nginx-primaryonly.conf
@@ -2,6 +2,7 @@
 	# Proxy /admin to our Python based control panel daemon. It is
 	# listening on IPv4 only so use an IP address and not 'localhost'.
 	rewrite ^/admin$ /admin/;
+	rewrite ^/admin/munin$ /admin/munin redirect;
 	location /admin/ {
 		proxy_pass http://127.0.0.1:10222/;
 		proxy_set_header X-Forwarded-For $remote_addr;
diff --git a/management/daemon.py b/management/daemon.py
index 71159672..2cf0ec76 100755
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -4,7 +4,7 @@ import os, os.path, re, json
 
 from functools import wraps
 
-from flask import Flask, request, render_template, abort, Response
+from flask import Flask, request, render_template, abort, Response, send_from_directory
 
 import auth, utils
 from mailconfig import get_mail_users, get_mail_users_ex, get_admins, add_mail_user, set_mail_password, remove_mail_user
@@ -384,6 +384,17 @@ def backup_status():
 	from backup import backup_status
 	return json_response(backup_status(env))
 
+# MUNIN
+
+@app.route('/munin/')
+@app.route('/munin/<path:filename>')
+@authorized_personnel_only
+def munin(filename=""):
+	# Checks administrative access (@authorized_personnel_only) and then just proxies
+	# the request to static files.
+	if filename == "": filename = "index.html"
+	return send_from_directory("/var/cache/munin/www", filename)
+
 # APP
 
 if __name__ == '__main__':
diff --git a/setup/munin.sh b/setup/munin.sh
old mode 100644
new mode 100755
index 83cbb710..8ee0ae5b
--- a/setup/munin.sh
+++ b/setup/munin.sh
@@ -6,63 +6,27 @@ source setup/functions.sh # load our functions
 source /etc/mailinabox.conf # load global vars
 
 # install Munin
-apt_install munin munin-plugins-extra
+apt_install munin munin-node
 
 # edit config
 cat > /etc/munin/munin.conf <<EOF;
-  dbdir /var/lib/munin
-  htmldir /var/cache/munin/www
-  logdir /var/log/munin
-  rundir /var/run/munin
-  tmpldir /etc/munin/templates
+dbdir /var/lib/munin
+htmldir /var/cache/munin/www
+logdir /var/log/munin
+rundir /var/run/munin
+tmpldir /etc/munin/templates
 
-  includedir /etc/munin/munin-conf.d
+includedir /etc/munin/munin-conf.d
 
-  # a simple host tree
-  [$PRIMARY_HOSTNAME]
-  address 127.0.0.1
-  use_node_name yes
+# a simple host tree
+[$PRIMARY_HOSTNAME]
+address 127.0.0.1
 
-  # send alerts to the following address
-  contacts admin
-  contact.admin.command mail -s "Munin notification ${var:host}" administrator@$PRIMARY_HOSTNAME
-  contact.admin.always_send warning critical
+# send alerts to the following address
+contacts admin
+contact.admin.command mail -s "Munin notification ${var:host}" administrator@$PRIMARY_HOSTNAME
+contact.admin.always_send warning critical
 EOF
 
-
-# set subdomain
-DOMAIN=${PRIMARY_HOSTNAME#[[:alpha:]]*.}
-hide_output curl -d "" --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/dns/set/munin.$DOMAIN
-
-# write nginx config
-cat > /etc/nginx/conf.d/munin.conf <<EOF;
-  # Redirect all HTTP to HTTPS.
-  server {
-    listen 80;
-    listen [::]:80;
-
-    server_name munin.$DOMAIN;
-    root /tmp/invalid-path-nothing-here;
-    rewrite ^/(.*)$ https://munin.$DOMAIN/$1 permanent;
-  }
-
-  server {
-    listen 443 ssl;
-
-    server_name munin.$DOMAIN;
-
-    ssl_certificate $STORAGE_ROOT/ssl/ssl_certificate.pem;
-    ssl_certificate_key $STORAGE_ROOT/ssl/ssl_private_key.pem;
-    include /etc/nginx/nginx-ssl.conf;
-
-    auth_basic "Authenticate";
-    auth_basic_user_file /etc/nginx/htpasswd;
-
-    root /var/cache/munin/www;
-
-    location = /robots.txt {
-      log_not_found off;
-      access_log off;
-    }
-  }
-EOF
+# generate initial statistics so the directory isn't empty
+sudo -u munin munin-cron
diff --git a/tools/munin_update.sh b/tools/munin_update.sh
deleted file mode 100644
index 62504b00..00000000
--- a/tools/munin_update.sh
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-# Grant admins access to munin
-
-source setup/functions.sh # load our functions
-source /etc/mailinabox.conf # load global vars
-
-db=$STORAGE_ROOT'/mail/users.sqlite'
-
-users=`sqlite3 $db "SELECT email FROM users WHERE privileges = 'admin'"`;
-passwords=`sqlite3 $db "SELECT password FROM users WHERE privileges = 'admin'"`;
-
-# Define the arrays
-users_array=(${users// / })
-passwords_array=(${passwords// / })
-
-# clear htpasswd
->/etc/nginx/htpasswd
-
-# write user:password
-for i in "${!users_array[@]}"; do
-  echo "${users_array[i]}:${passwords_array[i]:14}" >> /etc/nginx/htpasswd
-done