From ArchWiki
Jump to navigation Jump to search

Matomo, formerly Piwik, is an open source web analysis tool licensed under the GNU General Public License 3. The software is written in php and is accessed over the web browser. The core idea of the software is privacy as when using third party website analysis providers website owners are giving all of their users' data away for them to sell them to advertisers. With one running instance multiple websites can be analysed by loading some JavaScript on the target websites.


Install the package matomoAUR or matomo-gitAUR. The git package already configures the php-fpm daemon for you.

php configuration

php needs to be configured properly for Matomo to work.

First, enable MySQL support as described here. Do so by editing "/etc/php/php.ini". Uncomment ";extension=pdo_mysql" and ";extension=mysqli" by removing the preceding semicolon.

In general, comments are indicated by preceding semicolons.

";extension=iconv" needs to be enabled and ";extension=gd" is optional. Uncomment at least iconv.

Allow Matomo access to needed files

Note: The changes here are only needed for the matomo package and not matomo-git.

Because new restrictions on "php-fpm" since version 7.4, where ProtectSystem is set to prevent Matomo to function correctly (unable to installing plugins, changing configuration, etc), the ability to access certain files needs to be set manually.

The file "/etc/systemd/system/php-fpm.service.d/override_matomo.conf" below fixes the issue while not exposing more then necessary and still allows the user to change ACL as described in the installation manifest, if he does not like that.

ReadWritePaths = /usr/share/webapps/matomo/config
ReadWritePaths = /usr/share/webapps/matomo/matomo.js
ReadWritePaths = /usr/share/webapps/matomo/misc/user/
ReadWritePaths = /usr/share/webapps/matomo/plugins/

Server setup (nginx)

In order to enable php websites, install the php-fpm package and start/enable php-fpm.service as described here. Create the server by modifying "/etc/nginx/nginx.conf". Add the following template to the "http" context.

    listen          443 ssl;
    listen          [::]:443 ssl;
    root            /usr/share/webapps/matomo/;
    index           index.php;

    location ~ \.php$
        try_files       $uri =404;
        # FastCGI
        include         fastcgi.conf;
        fastcgi_pass    unix:/run/php-fpm/php-fpm.sock;
        fastcgi_index   index.php;

To use encryption, you can get free certificates from letsencrypt. Use them by adding the following code to the "http" or "server" context:

include             /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam         /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate_key /etc/letsencrypt/live/;
ssl_certificate     /etc/letsencrypt/live/;

Run the nginx server by starting/enabling nginx.service.

Final steps

All major settings are done. Call your matomo website in your browser and complete the small installation guide which is not more than checking that everything needed is available and set up and writing your config file.