Linux

在 Nginx 上安裝 Matomo 返回 502 Bad Gateway 錯誤

  • February 7, 2021

我正在我的 Debian 10 伺服器上安裝Matomo Analytics平台,執行 Nginx 並使用 Cloudflare DNS 和 CDN。不幸的是,我在嘗試訪問它時收到502 Bad Gateway錯誤,表明該錯誤出在主機上。

按照 Matomo 的安裝指南,我安裝了下載最新版本的依賴/var/www項並將其解壓縮到:

# wget https://builds.matomo.org/matomo.zip && unzip matomo.zip

然後我將他們的Nginx 配置範例複製到/etc/nginx/sites-available,將其連結到/etc/nginx/sites-enabled並修改設置以適合我的情況,如下所述

server {
   listen [::]:80; # remove this if you don't want Matomo to be reachable from IPv6
   listen 80;
   server_name matomo.andy-sb.com;
   # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
   location / {
       return 301 https://$host$request_uri;
   }
}
server {
   listen [::]:443 ssl http2; # remove this if you don't want Matomo to be reachable from IPv6
   listen 443 ssl http2;
   server_name matomo.andy-sb.com; # list all domains Matomo should be reachable from
   access_log /var/log/nginx/matomo.access.log;
   error_log /var/log/nginx/matomo.error.log;

   ## uncomment if you want to enable HSTS with 6 months cache
   ## ATTENTION: Be sure you know the implications of this change (you won't be able to disable HTTPS anymore)
   #add_header Strict-Transport-Security max-age=15768000 always;

   ## replace with your SSL certificate
   ssl_certificate /etc/letsencrypt/live/matomo.andy-sb.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/matomo.andy-sb.com/privkey.pem;

   include ssl.conf; # if you want to support older browsers, please read through this file

   add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instance
   add_header X-Content-Type-Options "nosniff" always;
   add_header X-XSS-Protection "1; mode=block" always;

   root /var/www/matomo/; # replace with path to your matomo instance

   index index.php;

   ## only allow accessing the following php files
   location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php {
       include snippets/fastcgi-php.conf; # if your Nginx setup doesn't come with a default fastcgi-php config, you can fetch it from https://github.com/nginx/nginx/blob/master/conf/fastcgi.conf
       #try_files $fastcgi_script_name =404; # protects against CVE-2019-11043. If this line is already included in your snippets/fastcgi-php.conf you can comment it here.
       fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
       fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; #replace with the path to your PHP socket file
       #fastcgi_pass 127.0.0.1:9000; # uncomment if you are using PHP via TCP sockets (e.g. Docker container)
   }

   ## deny access to all other .php files
   location ~* ^.+\.php$ {
       deny all;
       return 403;
   }

   ## serve all other files normally
   location / {
       try_files $uri $uri/ =404;
   }

   ## disable all access to the following directories
   location ~ ^/(config|tmp|core|lang) {
       deny all;
       return 403; # replace with 404 to not show these directories exist
   }

   location ~ /\.ht {
       deny  all;
       return 403;
   }

   location ~ js/container_.*_preview\.js$ {
       expires off;
       add_header Cache-Control 'private, no-cache, no-store';
   }

   location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
       allow all;
       ## Cache images,CSS,JS and webfonts for an hour
       ## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
       expires 1h;
       add_header Pragma public;
       add_header Cache-Control "public";
   }

   location ~ ^/(libs|vendor|plugins|misc/user|node_modules) {
       deny all;
       return 403;
   }

   ## properly display textfiles in root directory
   location ~/(.*\.md|LEGALNOTICE|LICENSE) {
       default_type text/plain;
   }
}

SSL證書有效,執行nginx -t不返回任何錯誤,也不執行systemctl restart nginx重啟Nginx。我已經使用Cloudflare DNS創建了 A 和 AAAA 記錄。

你需要按照這裡所說的去做:

       fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; #replace with the path to your PHP socket file

引用自:https://serverfault.com/questions/1052721