Hi!
I’m trying to install Matomo on my Ubuntu server.
Everything so far was smooth, but I have 2 warning which I don’t know how to fix:
1) PHP SAPI fpm-fcgi
PHP FPM will ignore .htaccess rules for .php files. To ensure that sensitive files cannot be accessed directly it is recommended to exclude certain directories from being handled by PHP FPM. For more information please see the official nginx server configuration
2) Server Info nginx/1.18.0
To ensure that sensitive files cannot be accessed directly it is recommended to configure your web server to restrict access to certain directories. For more information please see the official nginx server configuration
I did everythng as instructions said. What did I do wrong?
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name matomo.thevegcat.ubt;
server_tokens off;
root /var/www/matomo;
ssl_certificate /root/certificates/localhost.crt;
ssl_certificate_key /root/certificates/localhost.decrypted.key;
add_header Referrer-Policy origin always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
index index.php;
client_max_body_size 20M;
gzip on;
gzip_min_length 512;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/xml text/css application/javascript application/json;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
access_log /var/log/nginx/php-access.log;
error_log /var/log/nginx/php-error.log;
location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
location ~* ^.+\.php$ {
deny all;
return 403;
}
location / {
try_files $uri $uri/ =404;
}
location ~ ^/(config|tmp|core|lang) {
deny all;
return 403;
}
location ~ /\.ht {
deny all;
return 403;
}
location ~ js/container_.*_preview\.js$ {
expires off;
add_header Cache-Control 'private, no-cache, no-store';
}
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2)$ {
allow all;
expires 1h;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~ ^/(libs|vendor|plugins|misc|node_modules) {
deny all;
return 403;
}
location ~/(.*\.md|LEGALNOTICE|LICENSE) {
default_type text/plain;
}
}