git - drone - ghost - guacamole - rocket chat https://sigyl.com/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.
 
 
 
 
 

69 lines
1.8 KiB

  1. upstream php-handler {
  2. server matomo:9000;
  3. }
  4. server {
  5. listen 80;
  6. add_header Referrer-Policy origin; # make sure outgoing links don't show the URL to the Matomo instance
  7. root /var/www/html; # replace with path to your matomo instance
  8. index index.php;
  9. try_files $uri $uri/ =404;
  10. ## only allow accessing the following php files
  11. location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs).php {
  12. # regex to split $uri to $fastcgi_script_name and $fastcgi_path
  13. fastcgi_split_path_info ^(.+\.php)(/.+)$;
  14. # Check that the PHP script exists before passing it
  15. try_files $fastcgi_script_name =404;
  16. include fastcgi_params;
  17. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  18. fastcgi_param PATH_INFO $fastcgi_path_info;
  19. fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
  20. fastcgi_pass php-handler;
  21. }
  22. ## deny access to all other .php files
  23. location ~* ^.+\.php$ {
  24. deny all;
  25. return 403;
  26. }
  27. ## disable all access to the following directories
  28. location ~ /(config|tmp|core|lang) {
  29. deny all;
  30. return 403; # replace with 404 to not show these directories exist
  31. }
  32. location ~ /\.ht {
  33. deny all;
  34. return 403;
  35. }
  36. location ~ js/container_.*_preview\.js$ {
  37. expires off;
  38. add_header Cache-Control 'private, no-cache, no-store';
  39. }
  40. location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
  41. allow all;
  42. ## Cache images,CSS,JS and webfonts for an hour
  43. ## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
  44. expires 1h;
  45. add_header Pragma public;
  46. add_header Cache-Control "public";
  47. }
  48. location ~ /(libs|vendor|plugins|misc/user) {
  49. deny all;
  50. return 403;
  51. }
  52. ## properly display textfiles in root directory
  53. location ~/(.*\.md|LEGALNOTICE|LICENSE) {
  54. default_type text/plain;
  55. }
  56. }
  57. # vim: filetype=nginx