Created
January 27, 2020 17:22
-
-
Save eksiscloud/c3ab182529f9d71f4bca1ee8b3921d09 to your computer and use it in GitHub Desktop.
Basic virtual host for Matomo in Nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen [::]:80; # remove this if you don't want Matomo to be reachable from IPv6 | |
listen 80; | |
server_name analytics.example.com; | |
access_log /var/log/nginx/matomo.access.log; | |
error_log /var/log/nginx/matomo.error.log; | |
root /var/www/matomo/; | |
index index.php; | |
## only allow accessing the following php files | |
location ~ ^/(index|matomo|piwik|js/index).php { | |
include snippets/fastcgi-php.conf; | |
fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/ | |
fastcgi_pass unix:/run/php/php7.2-fpm.sock; | |
} | |
## needed for HeatmapSessionRecording plugin | |
location = /plugins/HeatmapSessionRecording/configs.php { | |
include snippets/fastcgi-php.conf; | |
fastcgi_param HTTP_PROXY ""; | |
fastcgi_pass unix:/run/php/php7.2-fpm.sock; | |
} | |
## deny access to all other .php files | |
location ~* ^.+\.php$ { | |
deny all; | |
return 403; | |
} | |
## serve all other files normally | |
location / { | |
try_files $uri $uri/ =404; | |
} | |
## disable all access to the following directories | |
location ~ /(config|tmp|core|lang) { | |
deny all; | |
return 403; # replace with 404 to not show these directories exist | |
} | |
location ~ /\.ht { | |
deny all; | |
return 403; | |
} | |
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ { | |
allow all; | |
## Cache images,CSS,JS and webfonts for an hour | |
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade | |
expires 1h; | |
add_header Pragma public; | |
add_header Cache-Control "public"; | |
} | |
location ~ /(libs|vendor|plugins|misc/user) { | |
deny all; | |
return 403; | |
} | |
## properly display textfiles in root directory | |
location ~/(.*\.md|LEGALNOTICE|LICENSE) { | |
default_type text/plain; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment