I’ve never understand how much power has the owner of a website/app in terms of data until I started having websites.
I tried Google Analytics since I wanted to understand a little bit more about my website but I understood immediately that it was very invasive.
It’s my website, I write posts but still I don’t know how user read them. If they read them.
It’s not about spying, it’s about understanding what is good from what is not.
Imagine the owner of a shop with a foulard that cover his view and earplugs in his hears. Taking care of the shop would me a mess: are clients coming inside the shop? If yes, when they go out? What if most of them go out after checking prices? Do I want this? It could be, maybe I’m aiming to a very particular niche, but since they came in maybe I can offer something to them.
A webmaster or a blogger without a good analytic tool is blind and deaf and can’t understand what happening to his websites’s visitors.
Don’t misunderstand me, I’m not the kind of person that loose more time on analytics than writing (I usually spend most of my time fixing what it’s not working), and I think that having a good open source analytic tool like Matomo doesn’t change the game.
Docker and docker-compose
I suppose you already know what Docker is and that you have both, docker and docker compose, on your host system.
Indeed we’ll use docker compose to run Matomo and if you follow this tutorial everything should work.
If not blame who updated Matomo or docker. 🙂
(and write a comment here so I can update the post)
Matomo docker-compose
Ok, first thing to say is that I took the docker-compose.yml from the official Matomo Github repository.
Create a folder called matomo.
mkdir matomo
Then let’s go inside that folder.
cd matomo
Now you have to create three files. If nano does’t work use sudo in front of nano.
Docker-compose.yml
nano docker-compose.yml
version: '3'
services:
db:
image: mariadb
command: --max-allowed-packet=64MB
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
env_file:
- ./db.env
app:
image: matomo:fpm-alpine
restart: always
links:
- db
volumes:
# - ./config:/var/www/html/config:rw
# - ./logs:/var/www/html/logs
- matomo:/var/www/html
environment:
- MATOMO_DATABASE_HOST=db
env_file:
- ./db.env
web:
image: nginx:alpine
restart: always
volumes:
- matomo:/var/www/html:ro
# see https://github.com/matomo-org/matomo-nginx
- ./matomo.conf:/etc/nginx/conf.d/default.conf:ro
ports:
- 8080:80
volumes:
db:
matomo:
db.env
Here we specify our enviroment variables. You can directly copy and paste it but make sure to change the password (XXXXXXXX and YYYYYYYY).
nano db.env
MYSQL_PASSWORD=XXXXXXXX MYSQL_DATABASE=matomo MYSQL_USER=matomo MATOMO_DATABASE_ADAPTER=mysql MATOMO_DATABASE_TABLES_PREFIX=matomo_ MATOMO_DATABASE_USERNAME=matomo MATOMO_DATABASE_PASSWORD=YYYYYYYY MATOMO_DATABASE_DBNAME=matomo
Matomo.conf
You can copy and paste this without modify anything.
nano matomo.conf
upstream php-handler {
server app:9000;
}
server {
listen 80;
add_header Referrer-Policy origin; # make sure outgoing links don't show the URL to the Matomo instance
root /var/www/html; # replace with path to your matomo instance
index index.php;
try_files $uri $uri/ =404;
## only allow accessing the following php files
location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs).php {
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
fastcgi_pass php-handler;
}
## deny access to all other .php files
location ~* ^.+\.php$ {
deny all;
return 403;
}
## disable all access to the following directories
location ~ /(config|tmp|core|lang) {
deny all;
return 403; # replace with 404 to not show these directories exist
}
location ~ /\.ht {
deny all;
return 403;
}
location ~ js/container_.*_preview\.js$ {
expires off;
add_header Cache-Control 'private, no-cache, no-store';
}
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
allow all;
## Cache images,CSS,JS and webfonts for an hour
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
expires 1h;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~ /(libs|vendor|plugins|misc/user) {
deny all;
return 403;
}
## properly display textfiles in root directory
location ~/(.*\.md|LEGALNOTICE|LICENSE) {
default_type text/plain;
}
}
# vim: filetype=nginx
I hope it works for you as it worked for me. If you have any suggestions or if you encountered in any problem feel free to leave a message here.