diff options
author | Christian Pointner <equinox@spreadspace.org> | 2022-07-31 19:03:31 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2022-07-31 19:03:31 +0200 |
commit | ab772e828868d6a7a2df23f87c0819d7652465f1 (patch) | |
tree | feff8a60795104bbf3702e9640e93bb89331643c /contrib/k8s-emc/matomo-cm.yml | |
parent | move stream-site deployment to new cdn repo (diff) |
k8s-emc: matomo is no part of new cdn repo
Diffstat (limited to 'contrib/k8s-emc/matomo-cm.yml')
-rw-r--r-- | contrib/k8s-emc/matomo-cm.yml | 132 |
1 files changed, 0 insertions, 132 deletions
diff --git a/contrib/k8s-emc/matomo-cm.yml b/contrib/k8s-emc/matomo-cm.yml deleted file mode 100644 index 60af25b..0000000 --- a/contrib/k8s-emc/matomo-cm.yml +++ /dev/null @@ -1,132 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: emc - name: stats-matomo - labels: - app: matomo - tier: stats -data: - nginx.conf: | - worker_processes 4; - pid /srv/nginx.pid; - error_log /dev/stderr notice; - - events { - worker_connections 768; - # multi_accept on; - } - - http { - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - - server_names_hash_bucket_size 64; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - access_log /dev/null; - - server { - listen 8080 default_server; - listen [::]:8080 default_server; - - server_name _; - - add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instance - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; - - root /var/www/html; - - index index.php; - - ## only allow accessing the following php files - location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php { - try_files $fastcgi_script_name =404; # protects against CVE-2019-11043. If this line is already included in your snippets/fastcgi-php.conf you can comment it here. - - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param QUERY_STRING $query_string; - fastcgi_param REQUEST_METHOD $request_method; - fastcgi_param CONTENT_TYPE $content_type; - fastcgi_param CONTENT_LENGTH $content_length; - - fastcgi_param SCRIPT_NAME $fastcgi_script_name; - fastcgi_param REQUEST_URI $request_uri; - fastcgi_param DOCUMENT_URI $document_uri; - fastcgi_param DOCUMENT_ROOT $document_root; - fastcgi_param SERVER_PROTOCOL $server_protocol; - fastcgi_param REQUEST_SCHEME $scheme; - fastcgi_param HTTPS $https if_not_empty; - - fastcgi_param GATEWAY_INTERFACE CGI/1.1; - fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - - fastcgi_param REMOTE_ADDR $remote_addr; - fastcgi_param REMOTE_PORT $remote_port; - fastcgi_param SERVER_ADDR $server_addr; - fastcgi_param SERVER_PORT $server_port; - fastcgi_param SERVER_NAME $server_name; - - # PHP only, required if PHP was built with --enable-force-cgi-redirect - fastcgi_param REDIRECT_STATUS 200; - - fastcgi_param HTTP_PROXY ""; - #fastcgi_param HTTP_X_FORWARDED_URI /matomo; - fastcgi_intercept_errors on; - fastcgi_pass 127.0.0.1:9000; - } - - ## deny access to all other .php files - location ~* ^.+\.php$ { - deny all; - return 403; - } - - location / { - try_files $uri $uri/ =404; - } - - ## disable all access to the following directories - location ~ /(config|tmp|core|lang) { - deny all; - return 403; # replace with 404 to not show these directories exist - } - - location ~ /\.ht { - deny all; - return 403; - } - - location ~ js/container_.*_preview\.js$ { - expires off; - add_header Cache-Control 'private, no-cache, no-store'; - } - - location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ { - allow all; - ## Cache images,CSS,JS and webfonts for an hour - ## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade - expires 1h; - add_header Pragma public; - add_header Cache-Control "public"; - } - - location ~ /(libs|vendor|plugins|misc/user) { - deny all; - return 403; - } - - ## properly display textfiles in root directory - location ~/(.*\.md|LEGALNOTICE|LICENSE) { - default_type text/plain; - } - - location ~ \.php$ { - } - } - } |