Add system check warnings for php-fpm and nginx if config files are accessible #13589
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
c: Usability
For issues that let users achieve a defined goal more effectively or efficiently.
Help wanted
Beginner friendly issues or issues where we'd highly appreciate community's help and involvement.
Milestone
Matomo can be used with Nginx instead of Apache.
As Nginx doesn't recognize .htaccess (by default) it is important to use a proper nginx config that blocks access to e.g.
tmp/
.Therefore I'd suggest detecting nginx during the installer and show a notice to the admin urging them to take a look at the Matomo nginx config.
One way to detect it would be using
$_SERVER["SERVER_SOFTWARE"]
which returnsnginx/1.14.0
for me. While it isn't 100% accurate, it should be okay for a notice.The text was updated successfully, but these errors were encountered: