100 lines
2.9 KiB
Plaintext
100 lines
2.9 KiB
Plaintext
upstream matomo_backend {
|
|
server matomo:9000;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name anna.abhinavsarkar.net;
|
|
|
|
ssl_certificate /etc/nginx/certs/fullchain1.pem;
|
|
ssl_certificate_key /etc/nginx/certs/privkey1.pem;
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
|
|
|
|
add_header Referrer-Policy origin;
|
|
|
|
root /var/www/html/;
|
|
index index.php;
|
|
|
|
error_page 404 /404.html;
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
root /usr/share/nginx/html;
|
|
}
|
|
|
|
location = /favicon.ico {
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
location ~ ^/(index|matomo|piwik).php {
|
|
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
|
fastcgi_param SERVER_SOFTWARE nginx;
|
|
fastcgi_param QUERY_STRING $query_string;
|
|
fastcgi_param REQUEST_METHOD $request_method;
|
|
fastcgi_param CONTENT_TYPE $content_type;
|
|
fastcgi_param CONTENT_LENGTH $content_length;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
fastcgi_param REQUEST_URI $request_uri;
|
|
fastcgi_param DOCUMENT_URI $document_uri;
|
|
fastcgi_param DOCUMENT_ROOT $document_root;
|
|
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
|
fastcgi_param REMOTE_ADDR $remote_addr;
|
|
fastcgi_param REMOTE_PORT $remote_port;
|
|
fastcgi_param SERVER_ADDR $server_addr;
|
|
fastcgi_param SERVER_PORT $server_port;
|
|
fastcgi_param SERVER_NAME $server_name;
|
|
fastcgi_param HTTP_PROXY "";
|
|
fastcgi_intercept_errors on;
|
|
fastcgi_pass matomo_backend;
|
|
}
|
|
|
|
location ~* ^.+\.php$ {
|
|
deny all;
|
|
return 403;
|
|
}
|
|
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
|
|
## disable all access to the following directories
|
|
location ~ /(config|tmp|core|lang) {
|
|
deny all;
|
|
return 403; # replace with 404 to not show these directories exist
|
|
}
|
|
|
|
location ~ /\.ht {
|
|
deny all;
|
|
return 403;
|
|
}
|
|
|
|
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
|
|
allow all;
|
|
## Cache images,CSS,JS and webfonts for an hour
|
|
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade4
|
|
expires 1h;
|
|
add_header Pragma public;
|
|
add_header Cache-Control "public";
|
|
}
|
|
|
|
location ~ /(libs|vendor|plugins|misc/user) {
|
|
deny all;
|
|
return 403;
|
|
}
|
|
|
|
## properly display textfiles in root directory
|
|
location ~/(.*\.md|LEGALNOTICE|LICENSE) {
|
|
default_type text/plain;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name anna.abhinavsarkar.net;
|
|
return 301 https://$host$request_uri;
|
|
}
|