eksiscloud/matomo.conf

## matomo.conf
server {
    listen [::]:80; # remove this if you don't want Matomo to be reachable from IPv6
    listen 80;
    server_name analytics.example.com;

    access_log /var/log/nginx/matomo.access.log;
    error_log /var/log/nginx/matomo.error.log;

    root /var/www/matomo/;

    index index.php;

    ## only allow accessing the following php files
    location ~ ^/(index|matomo|piwik|js/index).php {
        include snippets/fastcgi-php.conf;
        fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    }

    ## needed for HeatmapSessionRecording plugin
    location = /plugins/HeatmapSessionRecording/configs.php {
        include snippets/fastcgi-php.conf;
        fastcgi_param HTTP_PROXY "";
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    }

    ## deny access to all other .php files
    location ~* ^.+\.php$ {
        deny all;
        return 403;
    }

    ## serve all other files normally
    location / {
        try_files $uri $uri/ =404;
    }

    ## disable all access to the following directories
    location ~ /(config|tmp|core|lang) {
        deny all;
        return 403; # replace with 404 to not show these directories exist
    }
    location ~ /\.ht {
        deny  all;
        return 403;
    }

    location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
        allow all;
        ## Cache images,CSS,JS and webfonts for an hour
        ## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
        expires 1h;
        add_header Pragma public;
        add_header Cache-Control "public";
    }

    location ~ /(libs|vendor|plugins|misc/user) {
        deny all;
        return 403;
    }

    ## properly display textfiles in root directory
    location ~/(.*\.md|LEGALNOTICE|LICENSE) {
        default_type text/plain;
    }
}
	server {
	listen [::]:80; # remove this if you don't want Matomo to be reachable from IPv6
	listen 80;
	server_name analytics.example.com;

	access_log /var/log/nginx/matomo.access.log;
	error_log /var/log/nginx/matomo.error.log;

	root /var/www/matomo/;

	index index.php;

	## only allow accessing the following php files
	location ~ ^/(index\|matomo\|piwik\|js/index).php {
	include snippets/fastcgi-php.conf;
	fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
	fastcgi_pass unix:/run/php/php7.2-fpm.sock;
	}

	## needed for HeatmapSessionRecording plugin
	location = /plugins/HeatmapSessionRecording/configs.php {
	include snippets/fastcgi-php.conf;
	fastcgi_param HTTP_PROXY "";
	fastcgi_pass unix:/run/php/php7.2-fpm.sock;
	}

	## deny access to all other .php files
	location ~* ^.+\.php$ {
	deny all;
	return 403;
	}

	## serve all other files normally
	location / {
	try_files $uri $uri/ =404;
	}

	## disable all access to the following directories
	location ~ /(config\|tmp\|core\|lang) {
	deny all;
	return 403; # replace with 404 to not show these directories exist
	}
	location ~ /\.ht {
	deny all;
	return 403;
	}

	location ~ \.(gif\|ico\|jpg\|png\|svg\|js\|css\|htm\|html\|mp3\|mp4\|wav\|ogg\|avi\|ttf\|eot\|woff\|woff2\|json)$ {
	allow all;
	## Cache images,CSS,JS and webfonts for an hour
	## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
	expires 1h;
	add_header Pragma public;
	add_header Cache-Control "public";
	}

	location ~ /(libs\|vendor\|plugins\|misc/user) {
	deny all;
	return 403;
	}

	## properly display textfiles in root directory
	location ~/(.*\.md\|LEGALNOTICE\|LICENSE) {
	default_type text/plain;
	}
	}