Install Matomo
Table of Contents
Package #
Requirements #
apt install gpg
Download #
Create /var/www
directory if not exist:
mkdir -p /var/www
Download the latest Matomo release:
wget -q https://builds.matomo.org/matomo-latest.tar.gz
Verify the archive #
Verify the downloaded archive:
wget -q https://builds.matomo.org/matomo-latest.tar.gz.asc
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F529A27008477483777FC23D63BB30D0E5D2C749
gpg --verify matomo-latest.tar.gz.asc
Should see the Good signature… in the output:
|
|
Extract the archive #
Extract the tar.gz
archive:
tar -xf matomo-latest.tar.gz -C /var/www "matomo/"
chown -R www-data:www-data /var/www/matomo/
MariaDB #
Requirements #
apt install mariadb-server
Config #
Setup MariaDB:
mysql_secure_installation
Create the database and the user:
mysql --execute="CREATE DATABASE matomo; GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost' IDENTIFIED BY 'MATOMO_DB_PASSWORD' WITH GRANT OPTION; FLUSH PRIVILEGES;"
Running the PHP code #
There are two choice to run Matomo’s PHP code:
- Using the classic: nginx+php-fpm
- Using a bleeding edge technology: FrankenPHP
nginx+php-fpm #
nginx #
apt install nginx
nano /etc/nginx/sites-available/matomo
server {
listen 80;
server_name matomo.example.com;
add_header Referrer-Policy origin always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
root /var/www/matomo/;
index index.php;
location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/var/run/php/php-fpm.sock;
}
location ~* ^.+\.php$ {
deny all;
return 403;
}
location / {
try_files $uri $uri/ =404;
}
location ~ ^/(config|tmp|core|lang) {
deny all;
return 403;
}
location ~ /\.ht {
deny all;
return 403;
}
location ~ js/container_.*_preview\.js$ {
expires off;
add_header Cache-Control 'private, no-cache, no-store';
}
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2)$ {
allow all;
expires 12h;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~ ^/(libs|vendor|plugins|misc|node_modules) {
deny all;
return 403;
}
location ~/(.*\.md|LEGALNOTICE|LICENSE) {
default_type text/plain;
}
}
PHP-FPM #
Install PHP 8 than install the requirements:
apt install php-fpm php-curl php-gd php-mysql php-xml php-mbstring
FrankenPHP #
Install FrankenPHP:
wget -q -O- 'https://gorbe.io/posts/frankenphp/install/script.sh' | bash -x -
Change the owner and the group of the PHP files:
chown -R frankenphp:frankenphp /var/www/matomo/
Configure the Caddyfile :
nano /etc/frankenphp/Caddyfile
{
frankenphp
order php_server before file_server
servers matomo.example.com {
trusted_proxies static 1.2.3.4
}
}
matomo.example.com {
@private-dirs {
path /config/*
path /tmp/*
path /lang/*
}
respond @private-dirs 403 {
close
}
root * /var/www/matomo
php_server
}
systemctl restart frankenphp