Move to recommended matomo nginx config
This commit is contained in:
parent
4fde8d58e5
commit
15969a4411
@ -13,12 +13,10 @@ server {
|
|||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
|
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
|
||||||
|
|
||||||
root /var/www/html/;
|
add_header Referrer-Policy origin;
|
||||||
index index.php index.html index.htm;
|
|
||||||
|
|
||||||
location / {
|
root /var/www/html/;
|
||||||
try_files $uri $uri/ =404;
|
index index.php;
|
||||||
}
|
|
||||||
|
|
||||||
error_page 404 /404.html;
|
error_page 404 /404.html;
|
||||||
error_page 500 502 503 504 /50x.html;
|
error_page 500 502 503 504 /50x.html;
|
||||||
@ -31,7 +29,7 @@ server {
|
|||||||
access_log off;
|
access_log off;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ \.php$ {
|
location ~ ^/(index|matomo|piwik).php {
|
||||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||||
fastcgi_param SERVER_SOFTWARE nginx;
|
fastcgi_param SERVER_SOFTWARE nginx;
|
||||||
fastcgi_param QUERY_STRING $query_string;
|
fastcgi_param QUERY_STRING $query_string;
|
||||||
@ -49,9 +47,49 @@ server {
|
|||||||
fastcgi_param SERVER_ADDR $server_addr;
|
fastcgi_param SERVER_ADDR $server_addr;
|
||||||
fastcgi_param SERVER_PORT $server_port;
|
fastcgi_param SERVER_PORT $server_port;
|
||||||
fastcgi_param SERVER_NAME $server_name;
|
fastcgi_param SERVER_NAME $server_name;
|
||||||
|
fastcgi_param HTTP_PROXY "";
|
||||||
fastcgi_intercept_errors on;
|
fastcgi_intercept_errors on;
|
||||||
fastcgi_pass matomo_backend;
|
fastcgi_pass matomo_backend;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
location ~* ^.+\.php$ {
|
||||||
|
deny all;
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
## disable all access to the following directories
|
||||||
|
location ~ /(config|tmp|core|lang) {
|
||||||
|
deny all;
|
||||||
|
return 403; # replace with 404 to not show these directories exist
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ /\.ht {
|
||||||
|
deny all;
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
|
||||||
|
allow all;
|
||||||
|
## Cache images,CSS,JS and webfonts for an hour
|
||||||
|
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade4
|
||||||
|
expires 1h;
|
||||||
|
add_header Pragma public;
|
||||||
|
add_header Cache-Control "public";
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ /(libs|vendor|plugins|misc/user) {
|
||||||
|
deny all;
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
|
||||||
|
## properly display textfiles in root directory
|
||||||
|
location ~/(.*\.md|LEGALNOTICE|LICENSE) {
|
||||||
|
default_type text/plain;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user