#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { # Path to source alias __INSTALL_DIR__/; more_set_headers "Referrer-Policy: origin always"; more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "X-XSS-Protection: 1; mode=block"; more_set_headers "Access-Control-Allow-Origin: *"; index index.php; # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file client_max_body_size 50M; try_files $uri $uri/ =404; location ~ ^__PATH__/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php$ { fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass unix:/var/run/php/php__PHP_VERSION__-fpm-__APP__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; } ## deny access to all other .php files location ~* ^.+\.php$ { deny all; return 403; } ## disable all access to the following directories location ~ ^__PATH__/(config|tmp|core|lang) { deny all; return 403; # replace with 404 to not show these directories exist } location ~ ^__PATH__/\.ht { deny all; return 403; } location ~ js/container_.*_preview\.js$ { expires off; more_set_headers "Cache-Control: private, no-cache, no-store"; } location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ { allow all; ## Cache images,CSS,JS and webfonts for an hour ## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade expires 1h; more_set_headers "Pragma: public"; more_set_headers "Cache-Control: public"; } location ~ ^__PATH__/(libs|vendor|plugins|misc|node_modules) { deny all; return 403; } ## properly display textfiles in root directory location ~ ^__PATH__/(.*\.md|LEGALNOTICE|LICENSE) { default_type text/plain; } # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; }