Skip to content

Instantly share code, notes, and snippets.

@nilscox

nilscox/matomo.md

Last active September 25, 2022 17:07
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save nilscox/3454dddbd3303c9758b254732ff4dd16 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save nilscox/3454dddbd3303c9758b254732ff4dd16 to your computer and use it in GitHub Desktop.
Download ZIP
Matomo setup
Raw
matomo.md

This is how I configure matomo on my server, using docker containers and nginx.

export MARIADB_USER=
export MARIADB_PASSWORD=
export PORT=

Create a docker network

docker network create matomo-network

Create some directories

mkdir mysql www logs

Start the DBMS (mariadb)

docker run -d \
 --name matomo-database \
 --network matomo-network \
 -v "$PWD/mysql:/var/lib/mysql" \
 -e MARIADB_RANDOM_ROOT_PASSWORD=yes \
 -e MARIADB_DATABASE=matomo \
 -e MARIADB_USER \
 -e MARIADB_PASSWORD \
 mariadb:latest

Start matomo

docker run -d \
 --name matomo \
 --network matomo-network \
 --link matomo-database:db \
 -v "$PWD/www:/var/www/html" \
 -p "127.0.0.1:$PORT:80" \
 matomo

Forward the client's IP

docker exec -it matomo bash
a2enmod remoteip
echo "RemoteIPHeader X-Forwarded-For" >> /etc/apache2/conf-available/remoteip.conf
echo "RemoteIPTrustedProxy 172.0.0.0/8 127.0.0.1 ::1" >> /etc/apache2/conf-available/remoteip.conf
a2enconf remoteip
/usr/sbin/apache2ctl -k restart
exit

Useful database commands

Connect to the database

docker run -it --rm --network matomo-network --link matomo-database:db mariadb mysql --host=db --user="$MARIADB_USER" --password="$MARIADB_PASSWORD" matomo

Dump the database to a file

docker run --rm -it --network matomo-network --link matomo-database:db mariadb mysqldump --host=db --user="$MARIADB_USER" --password="$MARIADB_PASSWORD" matomo > dump.sql

Restore a dump

docker run --rm -i --network matomo-network --link matomo-database:db mariadb mysql --host=db --user="$MARIADB_USER" --password="$MARIADB_PASSWORD" matomo < dump.sql

Nginx configuration

server {
    listen [::]:80;
    listen 80;

    server_name analytics.domain.me;

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;

    server_name analytics.domain.me;

    access_log /path/to/logs/matomo.access.log;
    error_log /path/to/logs/matomo.error.log;

    add_header Strict-Transport-Security max-age=15768000 always;

    ssl_certificate /etc/letsencrypt/live/analytics.domain.me/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/analytics.domain.me/privkey.pem;

    add_header Referrer-Policy origin always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;

    location / {
        proxy_pass       http://127.0.0.1:$PORT/;
        proxy_set_header Host              $host;
        proxy_set_header X-Forwarded-For   $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment