Protect matomo with htpasswd (nginx)


I’m looking for a way to protect the matomo panel with a user/password in addition to the default login page. I already know how to protect a folder with a user/pass with nginx, but in the case of Matomo we need to allow external access to the following files:

  • matomo.php , matomo.js , piwik.php , piwik.js ,
  • and to the URL index.php?module=CoreAdminHome&action=optOut and for the files plugins/CoreAdminHome/javascripts/optOut.js and favicon.ico to make sure the opt-out iframe will work without password prompt.
  • and to js/container_*.js files for Tag Manager to deliver the container files
  • and to plugins/HeatmapSessionRecording/configs.php if you use Heatmaps or Session recordings

I have 2 questions, are the list exhaustive?

Maybe someone has already done this and can share the vhost file ?