Matomo

From ArchWiki
Jump to navigation Jump to search

Matomo, formerly Piwik, is an open source web analysis tool licensed under the GNU General Public License 3. The software is written in php and is accessed over the web browser. The core idea of the software is privacy as when using third party website analysis providers website owners are giving all of their users' data away for them to sell them to advertisers. With one running instance multiple websites can be analysed by loading some JavaScript on the target websites.

Installation

Install the package matomoAUR or matomo-gitAUR. The git package already configures the php-fpm daemon for you.

Configuration

php configuration

Tango-inaccurate.pngThe factual accuracy of this article or section is disputed.Tango-inaccurate.png

Reason: Why is the gd extension optional? (Discuss in Talk:Matomo)

php needs to be configured properly for Matomo to work.

First, enable MySQL support as described in PHP#MySQL/MariaDB. Do so by editing /etc/php/php.ini. Uncomment ;extension=pdo_mysql and ;extension=mysqli by removing the preceding semicolon.

In general, comments are indicated by preceding semicolons.

;extension=iconv needs to be enabled and ;extension=gd is optional. Uncomment at least iconv.

Allow Matomo access to needed files

Note: The changes here are only needed for the matomo package and not matomo-git.

Because of new restrictions on php-fpm.service since version 7.4, where ProtectSystem is set to prevent Matomo to function correctly (unable to installing plugins, changing configuration, etc), the ability to access certain files needs to be set manually.

The file /etc/systemd/system/php-fpm.service.d/override_matomo.conf below fixes the issue while not exposing more then necessary and still allows the user to change ACL as described in the installation manifest, if this is not desired.

[Service]
ReadWritePaths = /usr/share/webapps/matomo/config
ReadWritePaths = /usr/share/webapps/matomo/matomo.js
ReadWritePaths = /usr/share/webapps/matomo/misc/user/
ReadWritePaths = /usr/share/webapps/matomo/plugins/

Server setup (nginx)

In order to enable php websites, install the php-fpm package and start/enable php-fpm.service as described here. Create the server by modifying "/etc/nginx/nginx.conf". Add the following template to the "http" context.

server
{
    listen          443 ssl;
    listen          [::]:443 ssl;
    server_name     subdomain.domain.me;
    root            /usr/share/webapps/matomo/;
    index           index.php;

    location ~ \.php$
    {
        try_files       $uri =404;
        
        # FastCGI
        include         fastcgi.conf;
        fastcgi_pass    unix:/run/php-fpm/php-fpm.sock;
        fastcgi_index   index.php;
    }
}

To use encryption, you can get free certificates from letsencrypt. Use them by adding the following code to the "http" or "server" context:

include             /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam         /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.me/privkey.pem;
ssl_certificate     /etc/letsencrypt/live/subdomain.domain.me/fullchain.pem;

Run the nginx server by starting/enabling nginx.service.

Final steps

All major settings are done. Call your matomo website in your browser and complete the small installation guide which is not more than checking that everything needed is available and set up and writing your config file.