mirror of
https://github.com/YunoHost-Apps/matomo_ynh.git
synced 2024-09-03 19:45:56 +02:00
Update nginx.conf
This commit is contained in:
parent
1d8d55af82
commit
6e1c4906b4
1 changed files with 19 additions and 31 deletions
|
@ -1,8 +1,8 @@
|
||||||
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
|
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
|
||||||
location ^~ __PATH__/ {
|
server __PATH__/{
|
||||||
|
|
||||||
# Path to source
|
# Path to source
|
||||||
alias __FINALPATH__/ ;
|
alias __FINALPATH__/;
|
||||||
|
|
||||||
# Force usage of https
|
# Force usage of https
|
||||||
if ($scheme = http) {
|
if ($scheme = http) {
|
||||||
|
@ -13,24 +13,13 @@ location ^~ __PATH__/ {
|
||||||
more_set_headers "X-Content-Type-Options: nosniff";
|
more_set_headers "X-Content-Type-Options: nosniff";
|
||||||
more_set_headers "X-XSS-Protection: 1; mode=block";
|
more_set_headers "X-XSS-Protection: 1; mode=block";
|
||||||
|
|
||||||
index index.php;
|
index index.php;
|
||||||
|
|
||||||
# Common parameter to increase upload size limit in conjunction with dedicated PHP-FPM file
|
## only allow accessing the following php files
|
||||||
client_max_body_size 100M;
|
location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php$ {
|
||||||
|
fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
|
||||||
try_files $uri $uri/ =404;
|
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; #replace with the path to your PHP socket file
|
||||||
|
}
|
||||||
location ~ [^/]\.php(/|$) {
|
|
||||||
include snippets/fastcgi-php.conf;
|
|
||||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
|
||||||
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
|
|
||||||
|
|
||||||
#fastcgi_index index.php;
|
|
||||||
#include fastcgi_params;
|
|
||||||
#fastcgi_param REMOTE_USER $remote_user;
|
|
||||||
#fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
||||||
#fastcgi_param SCRIPT_FILENAME $request_filename;
|
|
||||||
}
|
|
||||||
|
|
||||||
## deny access to all other .php files
|
## deny access to all other .php files
|
||||||
location ~* ^.+\.php$ {
|
location ~* ^.+\.php$ {
|
||||||
|
@ -38,20 +27,22 @@ location ^~ __PATH__/ {
|
||||||
return 403;
|
return 403;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
|
||||||
## disable all access to the following directories
|
## disable all access to the following directories
|
||||||
location ~ ^__PATH__/(config|tmp|core|lang) {
|
location ~ ^__PATH__/(config|tmp|core|lang) {
|
||||||
deny all;
|
deny all;
|
||||||
return 404;
|
return 403; # replace with 404 to not show these directories exist
|
||||||
}
|
}
|
||||||
|
|
||||||
location __PATH__/\.ht {
|
location ~ __PATH__/\.ht {
|
||||||
deny all;
|
deny all;
|
||||||
return 403;
|
return 403;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ js/container_.*_preview\.js$ {
|
location ~ js/container_.*_preview\.js$ {
|
||||||
expires off;
|
expires off;
|
||||||
more_set_headers "Cache-Control: private, no-cache, no-store";
|
add_header Cache-Control 'private, no-cache, no-store';
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
|
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
|
||||||
|
@ -59,20 +50,17 @@ location ^~ __PATH__/ {
|
||||||
## Cache images,CSS,JS and webfonts for an hour
|
## Cache images,CSS,JS and webfonts for an hour
|
||||||
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
|
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
|
||||||
expires 1h;
|
expires 1h;
|
||||||
more_set_headers "Cache-Control: public";
|
add_header Pragma public;
|
||||||
more_set_headers "Pragma: public";
|
add_header Cache-Control "public";
|
||||||
}
|
}
|
||||||
|
|
||||||
location __PATH__/(libs|vendor|plugins|misc|node_modules) {
|
location ~ ^__PATH__/(libs|vendor|plugins|misc|node_modules) {
|
||||||
deny all;
|
deny all;
|
||||||
return 403;
|
return 403;
|
||||||
}
|
}
|
||||||
|
|
||||||
## properly display textfiles in root directory
|
## properly display textfiles in root directory
|
||||||
location __PATH__/(.*\.md|LEGALNOTICE|LICENSE) {
|
location ~/(.*\.md|LEGALNOTICE|LICENSE) {
|
||||||
default_type text/plain;
|
default_type text/plain;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Include SSOWAT user panel.
|
|
||||||
include conf.d/yunohost_panel.conf.inc;
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue