Feat: mount /var/www/html to the nginx container and add config to protect against CVE-2019-11043

roles/podman_cleaninsights/templates/nginx.conf

@@ -41,8 +41,8 @@ server {
 
 	location ~ ^/(index|matomo|cleaninsights|piwik|js/index|plugins/HeatmapSessionRecording/configs).php {
 		# regex to split $uri to $fastcgi_script_name and $fastcgi_path
+		try_files $fastcgi_script_name =404;
 		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-
 		# Check that the PHP script exists before passing it
 		#try_files $fastcgi_script_name =404;
 
@@ -59,6 +59,10 @@ server {
 		return 403;
 	}
 
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
     # deny access to all cleaninsights.ini file
 	location ~ cleaninsights.ini {
 		return 403;