@Findus23 opened this Issue on October 11th 2018 Member

Matomo can be used with Nginx instead of Apache.
As Nginx doesn't recognize .htaccess (by default) it is important to use a proper nginx config that blocks access to e.g. tmp/.

Therefore I'd suggest detecting nginx during the installer and show a notice to the admin urging them to take a look at the Matomo nginx config.

One way to detect it would be using $_SERVER["SERVER_SOFTWARE"] which returns nginx/1.14.0 for me. While it isn't 100% accurate, it should be okay for a notice.

@fdellwing commented on October 11th 2018 Contributor

Via JS, you could look at the headers. Even with server_tokens off it will identify itself as nginx.

@Findus23 commented on October 11th 2018 Member

I think I'd prefer a server-side detection, because the warning shouldn't be shown when a nginx server is used as a reverse proxy, but rather when nginx is used as the main webserver instead of Apache as then it is most important to implement the .htaccess somewhere else.

BTW: Are you using nginx? It would be really great if you could take a look at https://github.com/matomo-org/matomo-nginx and give feedback so that the new nginx config helps as many Matomo users as possible.

@fdellwing commented on October 11th 2018 Contributor

I will post feedback as soon as I had time to look throught the options.

Powered by GitHub Issue Mirror