omotam img

Skip to main content
  1. Posts/

Install Matomo

··407 words·2 mins·
Matomo Analytics
Install Matomo Cover
Table of Contents

Package #

Requirements #

apt install gpg

Download #

Create /var/www directory if not exist:

mkdir -p /var/www

Download the latest Matomo release:

wget -q https://builds.matomo.org/matomo-latest.tar.gz

Verify the archive #

Verify the downloaded archive:

wget -q https://builds.matomo.org/matomo-latest.tar.gz.asc

gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F529A27008477483777FC23D63BB30D0E5D2C749

gpg --verify matomo-latest.tar.gz.asc

Should see the Good signature… in the output:

1
2
3
4
5
6
7

gpg: assuming signed data in 'matomo-latest.tar.gz'
gpg: Signature made Fri 08 Mar 2024 12:36:28 AM CET
gpg:                using RSA key F529A27008477483777FC23D63BB30D0E5D2C749
gpg: Good signature from "Matomo <hello@matomo.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: F529 A270 0847 7483 777F  C23D 63BB 30D0 E5D2 C749

Extract the archive #

Extract the tar.gz archive:

tar -xf matomo-latest.tar.gz -C /var/www "matomo/"

chown -R www-data:www-data /var/www/matomo/

MariaDB #

Requirements #

apt install mariadb-server

Config #

Setup MariaDB:

mysql_secure_installation

Create the database and the user:

mysql --execute="CREATE DATABASE matomo; GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost' IDENTIFIED BY 'MATOMO_DB_PASSWORD' WITH GRANT OPTION; FLUSH PRIVILEGES;"

Running the PHP code #

There are two choice to run Matomo’s PHP code:

  1. Using the classic: nginx+php-fpm
  2. Using a bleeding edge technology: FrankenPHP

nginx+php-fpm #

nginx #

apt install nginx

nano /etc/nginx/sites-available/matomo

server {
    
	listen 80;

    server_name matomo.example.com;

	add_header Referrer-Policy origin always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header X-XSS-Protection "1; mode=block" always;
	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

    root /var/www/matomo/;

    index index.php;

	location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php$ {
		include snippets/fastcgi-php.conf;
		fastcgi_param HTTP_PROXY "";
		fastcgi_pass unix:/var/run/php/php-fpm.sock;
	}

	location ~* ^.+\.php$ {
		deny all;
		return 403;
	}

	location / {
		try_files $uri $uri/ =404;
	}

	location ~ ^/(config|tmp|core|lang) {
		deny all;
		return 403;
	}

	location ~ /\.ht {
		deny  all;
		return 403;
	}

	location ~ js/container_.*_preview\.js$ {
		expires off;
		add_header Cache-Control 'private, no-cache, no-store';
	}

	location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2)$ {
		allow all;
		expires 12h;
		add_header Pragma public;
		add_header Cache-Control "public";
	}

	location ~ ^/(libs|vendor|plugins|misc|node_modules) {
		deny all;
		return 403;
	}

	location ~/(.*\.md|LEGALNOTICE|LICENSE) {
		default_type text/plain;
	}
}

PHP-FPM #

Install PHP 8 than install the requirements:

apt install php-fpm php-curl php-gd php-mysql php-xml php-mbstring

FrankenPHP #

Install FrankenPHP:

wget -q -O- 'https://gorbe.io/posts/frankenphp/install/script.sh' | bash -x -

Change the owner and the group of the PHP files:

chown -R frankenphp:frankenphp /var/www/matomo/

Configure the Caddyfile :

nano /etc/frankenphp/Caddyfile

{
	frankenphp
	order php_server before file_server

	servers matomo.example.com {
		trusted_proxies static 1.2.3.4
	}
}

matomo.example.com {

	@private-dirs {
		path /config/*
		path /tmp/*
		path /lang/*
	}

	respond @private-dirs 403 {
		close
	}

	root * /var/www/matomo
	php_server
}

systemctl restart frankenphp