piwik 2.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
  1. ## PIWIK Site Config
  2. #server {
  3. ### This is to avoid the spurious if for sub-domain name rewriting.
  4. #listen [::]:80;
  5. #server_name www.stats.demu.red;
  6. #rewrite ^ $scheme://stats.demu.red$request_uri? permanent;
  7. #}
  8. server {
  9. listen 80;
  10. listen [::]:80;
  11. listen 443 ssl;
  12. listen [::]:443 ssl;
  13. #limit_conn arbeit 10;
  14. server_name stats.demu.red;
  15. ## Parameterization using hostname of access and log filenames.
  16. access_log /var/log/nginx/piwik_access.log;
  17. error_log /var/log/nginx/piwik_error.log;
  18. ## Disable all methods besides HEAD, GET and POST.
  19. if ($request_method !~ ^(GET|HEAD|POST)$ ) {
  20. return 444;
  21. }
  22. root /var/www/piwik/;
  23. index index.php index.html;
  24. ## Include certbot fix
  25. include /etc/nginx/snippets/nginx.well-known.conf;
  26. ## Include ssl
  27. include /etc/nginx/snippets/nginx.ssl.conf;
  28. ### Deny Stuffs ### {{{
  29. ## Protect specific TXT and config files
  30. location ~ /(\.|readme.html|readme.md|changelog.txt|changelog.md|contributing.txt|contributing.md|license.txt|license.md|legalnotice|privacy.txt|privacy.md|security.txt|security.md|sample-.*txt)
  31. {
  32. deny all;
  33. }
  34. ## Protect .git files
  35. location ~ /\.git/ {
  36. access_log off;
  37. log_not_found off;
  38. deny all;
  39. }
  40. ## Support for favicon. Return a 204 (No Content) if the favicon
  41. # doesn't exist.
  42. location = /favicon.ico {
  43. try_files /favicon.ico =204;
  44. }
  45. ### End Deny Stuffs ### }}}
  46. ## Try all locations and relay to index.php as a fallback.
  47. location / {
  48. try_files $uri /index.php;
  49. }
  50. ## Stop logging /plugins
  51. location /plugins {
  52. access_log off;
  53. }
  54. ## Relay all index.php requests to fastcgi.
  55. location ~* ^/(?:index|piwik)\.php$ {
  56. fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
  57. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  58. include fastcgi_params;
  59. access_log off; ## It spams a bit.
  60. }
  61. ## Any other attempt to access PHP files returns a 404.
  62. location ~* ^.+\.php$ {
  63. return 404;
  64. }
  65. ## Disallow any usage of piwik assets if referer is non valid.
  66. #location ~* ^.+\.(?:jpg|png|css|gif|js|jpeg|swf)$ {
  67. ## Defining the valid referers.
  68. #valid_referers none blocked *.mysite.com othersite.com;
  69. #if ($invalid_referer) {
  70. #return 444;
  71. #}
  72. #expires max;
  73. #break;
  74. #}
  75. ## Error Redirects
  76. error_page 403 /error.html;
  77. error_page 404 /error.html;
  78. error_page 405 /error.html;
  79. error_page 500 501 502 503 504 /error.html;
  80. location = /error.html {
  81. root /var/www/error;
  82. internal;
  83. }
  84. } # server