modernize nginx config

[Findus23]

I tried to create a minimal nginx config that uses nginx defaults for most settings and only changes Matomo-related routes.

If someone notices a regression or missing feature, please comment

Check https://github.com/findus23/matomo-nginx for the new version as the diff tool isn't that useful here.

For a more strict config we could maybe disallow access to everything apart from \.(gif|ico|jpg|png|svg|js|css|htm|html|swf|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$

Old issues:

closes #44 (not needed anymore as there is no caching anymore) closes #15 (same as above) resolves #42 (matomo.php is supported and all JS are allowed) closes #33 (there are now proper instructions on how to use the template) resolves #42 (by default uses the most modern SSL config, HSTS can be commented out) closes #30 (no helper regex anymore; maybe I'll add an optional security-by-obscurity rulelist that will block more text files) not sure about #29 (maybe it is only needed in reverse-proxy setups) resolves #28 (no more splitting up the CGI-path) definitely resolves #27 (only essential files in the repo and a simple way to integrate into existing nginx config closes #26 (no more explanations on how to install nginx as it depends on ones environment) resolves #25 (I'm also wondering what caching piwik.php improves) resolves #24 (same as #26) closes #23 (doesn't matter anymore) closes #20 (I'm against an automated script as manual configuration is simple and important for understanding what one does in my opinion and with the new config it is far easier) closes #16 (This config is for running nginx directly. We should create a separate config for running nginx as a reverse proxy in front of apache) closes #14 (referrer can easily be faked if one wants to create fake visits) resolves #13 (only one config remaining) closes #12 (no set_real_ip_from anymore (not needed when using directly as webserver))

[Findus23]

Could someone please test this config so we can move forward?