Nginx doesn't use .htaccess files by default, therefore will not apply access restriction rules for the /config directory
Apache will ignore .htaccess files for any php files passed to php-fpm via fpm-fcgi, therefore will also not apply access restriction rules.
This PR adds additional checks to the system diagnostics page to detect these scenarios and provide informative warnings.
Accessibility of the /config/global.ini.php files is used a general test of whether the access rules are being applied. If the global config file is not accessible then no warnings will be shown even if running php-fpm or nginx, as we can assume that non-htaccess rules have been added to the server config and we don't want to show a warning once the issue has been corrected.
For the PHP-SAPI check:
If the config is accessible and fpm-fcgi is being used...
...if Apache then show a warning suggesting adding a ProxyPass rule
...if nginx then show a warning and link to the official nginx server configuration
...otherwise show a generic warning that an access rule should be added to prevent access to /config
For the server info check:
If the config is accessible and nginx is being used then show a warning and link to the official nginx server configuration
This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers