Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- services.phpfpm.poolConfigs."piwik" = ''
- listen = "/run/phpfpm-piwik.sock"
- listen.owner = nginx
- listen.group = root
- listen.mode = 0600
- user = piwik
- ; default phpfpm process manager settings
- pm = dynamic
- pm.max_children = 75
- pm.start_servers = 10
- pm.min_spare_servers = 5
- pm.max_spare_servers = 20
- pm.max_requests = 500
- ; log worker's stdout, but this has a performance hit
- catch_workers_output = yes
- '';
- };
- services.nginx.virtualHosts."piwik.${config.networking.hostName}" = {
- root = "/srv/www/piwik";
- forceSSL = true;
- enableACME = true;
- locations."/" = {
- index = "index.php";
- };
- # allow index.php for webinterface
- locations."= /index.php".extraConfig = ''
- fastcgi_pass unix:/run/phpfpm-piwik.sock;
- '';
- # allow piwik.php for tracking
- locations."= /piwik.php".extraConfig = ''
- fastcgi_pass unix:/run/phpfpm-piwik.sock;
- '';
- # Any other attempt to access any php files is forbidden
- locations."~* ^.+\.php$".extraConfig = ''
- return 403;
- '';
- # Disallow access to unneeded directories
- # config and tmp are already removed
- locations."~ ^/(?:core|lang|misc)/".extraConfig = ''
- return 403;
- '';
- # Disallow access to several helper files
- locations."~* \.(?:bat|git|ini|sh|txt|tpl|xml|md)$".extraConfig = ''
- return 403;
- '';
- # No crawling of this site for bots that obey robots.txt - no useful information here.
- locations."= /robots.txt".extraConfig = ''
- return 200 "User-agent: *\nDisallow: /\n";
- '';
- # let browsers cache piwik.js
- locations."= /piwik.js".extraConfig = ''
- expires 1M;
- '';
- };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement