Matomo
Matomo, formerly Piwik, is an open source web analysis tool licensed under the GNU General Public License 3. The software is written in PHP and is accessed over the web browser. The core idea of the project is privacy as when using third party website analysis providers website owners are giving away all of their users' data.
With one running instance, multiple websites can be analysed by loading some JavaScript on the target websites.
Installation
PHP configuration
PHP needs to be configured properly for Matomo to install and work.
First, enable MySQL support as described in PHP#MySQL/MariaDB. Do so by editing /etc/php/php.ini
. Uncomment ;extension=pdo_mysql
and ;extension=mysqli
by removing the preceding semicolon each.
In general, comments are indicated by preceding semicolons.
Moreover, enable ;extension=iconv
and ;extension=gd
.
Matomo
Install the package matomoAUR or matomo-binAUR.
Application configuration
Disable development mode
Run sudo /usr/share/webapps/matomo/console development:disable
.
Geolocation
This feature can be deactivated or, with no installation needed, Matomo can guess the visitors' location by their set browser language which is not reliable information for geographical locations.
matomoAUR already comes with a geolocation database. To replicate, download the .mmdb
file from https://db-ip.com/db/download/ip-to-city-lite and install it to /usr/share/webapps/matomo/misc/
.
Alternatively, use geoipupdate and starting/enabling geoipupdate.timer
. Beware that a MaxMind account is needed.
The last option to choose is to use an HTTP module like nginx-mainline-mod-geoip.
FastCGI
Use any programme for FastCGI to run PHP websites. Instructions are given for the most common application php-fpm.
PHP-FPM
Install the php-fpm package and start/enable php-fpm.service
(see Nginx#PHP implementation).
Because of new restrictions on php-fpm.service
since version 7.4, where ProtectSystem
is set to prevent Matomo to function correctly (unable to installing plugins, changing configuration etc.), the ability to access certain files needs to be set manually.
The file /etc/systemd/system/php-fpm.service.d/override_matomo.conf
below fixes the issue while not exposing more than necessary and still allows the user to change ACL as described in the installation manifest if this is not desired.
[Service] ReadWritePaths = /usr/share/webapps/matomo/config ReadWritePaths = /usr/share/webapps/matomo/matomo.js ReadWritePaths = /usr/share/webapps/matomo/misc/user/ ReadWritePaths = /usr/share/webapps/matomo/plugins/
Server setup (Nginx)
Create the server by modifying /etc/nginx/nginx.conf
. Add the following template to the http
context. Alternatively, take a look at Matomo's instructions on GitHub.
include /etc/nginx/mime.types; server { index index.php; listen 443 ssl; listen [::]:443 ssl; root /usr/share/webapps/matomo/; server_name matomo.example.com; location ~ ^/(\.git/|config/|core/|lang/|tmp/) { return 403; } location ~ \.php$ { try_files $uri =404; # FastCGI include fastcgi.conf; fastcgi_pass unix:/run/php-fpm/php-fpm.sock; fastcgi_index index.php; } location ~ \.(avi|css|eot|gif|htm|html|ico|jpg|js|json|mp3|mp4|ogg|png|svg|ttf|wav|woff|woff2)$ { try_files $uri =404; } location ~ ^/(libs/|misc/|node_modules/|plugins/|vendor/) { return 403; } }
To use encryption, you can get free certificates from letsencrypt. After requesting and installing your certificates, use them by adding the following code to the http
or server
context.
include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.org/privkey.pem; ssl_certificate /etc/letsencrypt/live/subdomain.domain.org/fullchain.pem;
Run the Nginx server by starting/enabling nginx.service
.
Final steps
mariadb.service
and php-fpm.service
are also required.All major settings are done. Call your Matomo website in your browser and complete the small installation guide which is not more than checking that everything needed is available and set up and writing your configuration file.