2018-10-30 10:25:13 +01:00
|
|
|
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
|
2021-05-17 23:39:12 +02:00
|
|
|
location ^~ __PATH__/ {
|
2018-10-30 10:25:13 +01:00
|
|
|
|
2021-05-17 23:39:12 +02:00
|
|
|
# Path to source
|
|
|
|
alias __FINALPATH__/;
|
2018-10-30 10:25:13 +01:00
|
|
|
|
2021-05-17 23:39:12 +02:00
|
|
|
more_set_headers "Referrer-Policy: origin always";
|
|
|
|
more_set_headers "X-Content-Type-Options: nosniff";
|
|
|
|
more_set_headers "X-XSS-Protection: 1; mode=block";
|
|
|
|
|
2018-10-30 10:25:13 +01:00
|
|
|
index index.php;
|
|
|
|
|
2021-05-17 23:39:12 +02:00
|
|
|
try_files $uri $uri/ =404;
|
2018-10-30 10:25:13 +01:00
|
|
|
|
|
|
|
location ~ [^/]\.php(/|$) {
|
|
|
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
2020-05-31 00:00:08 +02:00
|
|
|
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
|
2018-10-30 10:25:13 +01:00
|
|
|
|
|
|
|
fastcgi_index index.php;
|
|
|
|
include fastcgi_params;
|
2021-05-17 23:39:12 +02:00
|
|
|
fastcgi_param REMOTE_USER $remote_user;
|
|
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
2018-10-30 10:25:13 +01:00
|
|
|
fastcgi_param SCRIPT_FILENAME $request_filename;
|
2021-05-17 23:39:12 +02:00
|
|
|
}
|
2021-05-07 13:02:33 +02:00
|
|
|
|
|
|
|
## deny access to all other .php files
|
|
|
|
location ~* ^.+\.php$ {
|
|
|
|
deny all;
|
|
|
|
return 403;
|
|
|
|
}
|
|
|
|
|
|
|
|
## disable all access to the following directories
|
2021-05-18 00:09:23 +02:00
|
|
|
location ^~ __PATH__/config/ {
|
|
|
|
deny all;
|
|
|
|
return 403;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ^~ __PATH__/tmp/ {
|
|
|
|
deny all;
|
|
|
|
return 403;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ^~ __PATH__/core/ {
|
|
|
|
deny all;
|
|
|
|
return 403;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ^~ __PATH__/lang/ {
|
2021-05-07 13:02:33 +02:00
|
|
|
deny all;
|
2021-05-17 23:52:05 +02:00
|
|
|
return 403;
|
2021-05-07 13:02:33 +02:00
|
|
|
}
|
|
|
|
|
2021-05-17 23:39:12 +02:00
|
|
|
location ~ __PATH__/\.ht {
|
|
|
|
deny all;
|
|
|
|
return 403;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~ js/container_.*_preview\.js$ {
|
2021-05-07 13:02:33 +02:00
|
|
|
expires off;
|
|
|
|
more_set_headers "Cache-Control: private, no-cache, no-store";
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
|
|
|
|
allow all;
|
|
|
|
## Cache images,CSS,JS and webfonts for an hour
|
|
|
|
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
|
|
|
|
expires 1h;
|
|
|
|
more_set_headers "Pragma: public";
|
2021-05-17 23:39:12 +02:00
|
|
|
more_set_headers "Cache-Control: public";
|
2021-05-07 13:02:33 +02:00
|
|
|
}
|
|
|
|
|
2021-05-17 23:39:12 +02:00
|
|
|
location ~ ^__PATH__/(libs|vendor|plugins|misc|node_modules) {
|
2021-05-07 13:02:33 +02:00
|
|
|
deny all;
|
|
|
|
return 403;
|
|
|
|
}
|
|
|
|
|
|
|
|
## properly display textfiles in root directory
|
2021-05-17 23:39:12 +02:00
|
|
|
location ~__PATH__/(.*\.md|LEGALNOTICE|LICENSE) {
|
2021-05-07 13:02:33 +02:00
|
|
|
default_type text/plain;
|
|
|
|
}
|
|
|
|
|
2021-05-17 23:39:12 +02:00
|
|
|
# show YunoHost panel access
|
|
|
|
include conf.d/yunohost_panel.conf.inc;
|
2018-10-30 10:25:13 +01:00
|
|
|
}
|