matomo-standalone

Example:

# Install Matomo with Nginx and letsencrypt certificate.
- matomo-standalone:
    hostnames:
    - dev.frkl.io
    server_admin: hello@frkl.io
    use_https: true

Description

Install Matomo web analytics service.

This also installs Nginx as a reverse proxy, and, optionally, configures https with a letsencrypt certificate.

Make sure to specify the 'server_admin' email address when using this with https. There is no validation check for this yet.

Once finished, and you visit the hostname you provided (or localhost if you didn't), you'll be presented with a setup page. If you didn't change the defaults (which you should, at least for 'matomo_db_password'), here are the defaults:

Database Server: 127.0.0.1
Login: matomo
Password: matomo_password
Database Name: matomo

Leave the other settings.

Resources

Variables

Name Type Default Description

base_path

string /var/www

The matomo webapp parent directory.

hostnames

list ['localhost']

The hostname(s) of the server.

Will be used in the vhost configuration, as well as to request https certificates from letsencrypt.

letsencrypt_staging

boolean False

"Whether to use the letsencrypt staging server.

This is useful for developing -- the letsencrypt production server only allows a few requests per day. This option is disabled in the cli, as it is not used very often. Just use an overlay dict to enable this.

matomo_db_dump_file

string --

An (optional) database dump file.

matomo_db_import

boolean False

Whether to import a sql dump.

matomo_db_name

string matomo

The name of the database to use.

matomo_db_password

string matomo_password

The password for the database.

matomo_db_user

string matomo

The db user.

path

string /etc/nginx/sites-enabled/matomo.conf

The path to the vhost file.

server_admin

string --

The email address to use in the vhost file and with letsencrypt.

use_https

boolean --

Request a lets-encrypt certificate and serve devpi via https (needs 'server_admin' set).

webserver_group

string www-data

The group to run the webserver as (if applicable).

webserver_user

string www-data

The user to run the webserver as.

Examples

Example 1

Install Matomo with Nginx and letsencrypt certificate.

Code
- matomo-standalone:
    hostnames:
    - dev.frkl.io
    server_admin: hello@frkl.io
    use_https: true
Description

This will use the defaults for database-related settings. You should, in practice, at least set a proper database password.

Code

doc:
  short_help: Install Matomo analytics service.
  help: |
    Install [Matomo](https://matomo.org/) web analytics service.

    This also installs Nginx as a reverse proxy, and, optionally, configures https with a letsencrypt certificate.

    Make sure to specify the 'server_admin' email address
    when using this with https. There is no validation check for this yet.

    Once finished, and you visit the hostname you provided (or localhost if you didn't), you'll be presented with a
    setup page. If you didn't change the defaults (which you should, at least for 'matomo_db_password'), here are the defaults:

        Database Server: 127.0.0.1
        Login: matomo
        Password: matomo_password
        Database Name: matomo

    Leave the other settings.

  references:
    Matomo homepage: https://matomo.org/
  examples:
  - title: Install Matomo with Nginx and letsencrypt certificate.
    desc: |
      This will use the defaults for database-related settings. You should, in practice, at least set a proper database password.
    vars:
      hostnames:
      - dev.frkl.io
      server_admin: hello@frkl.io
      use_https: true

args:
  path:
    doc:
      short_help: The path to the vhost file.
    required: false
    default: /etc/nginx/sites-enabled/matomo.conf
    type: string
    cli:
      show_default: true
  base_path:
    doc:
      short_help: The matomo webapp parent directory.
    type: string
    required: false
    default: /var/www
    cli:
      show_default: true
  hostnames:
    doc:
      short_help: The hostname(s) of the server.
      help: |
        The hostname(s) of the server.

        Will be used in the vhost configuration, as well as to request https certificates from letsencrypt.
    type: list
    schema:
      type: string
    default:
    - localhost
    required: true
    cli:
      metavar: HOST
      param_decls:
      - --hostname
  letsencrypt_staging:
    doc:
      short_help: Whether to use the letsencrypt staging server.
      help: |
        "Whether to use the letsencrypt staging server.

        This is useful for developing -- the letsencrypt production server only allows a few requests per day. This option is disabled in the cli, as it is not used very often. Just use an overlay dict to enable this.
    type: boolean
    required: false
    default: false
  server_admin:
    type: string
    doc:
      short_help: The email address to use in the vhost file and with letsencrypt.
    required: false
  use_https:
    type: boolean
    required: false
    doc:
      short_help: Request a lets-encrypt certificate and serve devpi via https (needs
        'server_admin' set).
    cli:
      is_flag: true
  webserver_user:
    doc:
      short_help: The user to run the webserver as.
    type: string
    required: false
    default: www-data
    cli:
      metavar: USERNAME
  webserver_group:
    doc:
      short_help: The group to run the webserver as (if applicable).
    type: string
    required: false
    default: www-data
    cli:
      metavar: GROUP
  listen_ip:
    doc:
      short_help: The ip to listen to.
      help: |
        The address to listen to, can be any of the following, optionally followed by a colon and a port number (or *):
          - The IP address of the virtual host;
          - A fully qualified domain name for the IP address of the virtual host (not recommended);
          - The character *, which acts as a wildcard and matches any IP address.
          - The string _default_, which is an alias for *
      references:
      - '[Apache VirtualHost documentation](https://httpd.apache.org/docs/current/mod/core.html#virtualhost)'
    type: string
    required: false
    default: _default_
  matomo_db_user:
    doc:
      short_help: The db user.
    type: string
    required: true
    default: matomo
    cli:
      metavar: DB_USER
  matomo_db_password:
    doc:
      short_help: The password for the database.
    type: string
    secret: true
    required: true
    default: matomo_password
  matomo_db_import:
    doc:
      short_help: Whether to import a sql dump.
    type: boolean
    default: false
    required: false
    cli:
      is_flag: true
  matomo_db_dump_file:
    doc:
      short_help: An (optional) database dump file.
    type: string
    required: false
    cli:
      metavar: PATH
  matomo_db_name:
    doc:
      short_help: The name of the database to use.
    type: string
    required: true
    default: matomo
    cli:
      metavar: DB_NAME

frecklets:
- folder-exists:
    path: '{{:: base_path ::}}'
    owner: '{{:: webserver_user ::}}'
    group: '{{:: webserver_group ::}}'
    become: true
- unzip-installed
- archive-extracted:
    src: https://builds.piwik.org/piwik.zip
    dest: /var/www
    owner: '{{:: webserver_user ::}}'
    group: '{{:: webserver_user ::}}'
    creates: '{{:: base_path ::}}/piwik'
    remote_src: true
  # creating database & installing server if necessary
- mariadb-database-exists:
    db_import: '{{:: matomo_db_import ::}}'
    db_dump_file: '{{:: matomo_db_dump_file ::}}'
    db_name: '{{:: matomo_db_name ::}}'
    db_user: '{{:: matomo_db_user ::}}'
    db_user_password: '{{:: matomo_db_password ::}}'

#  # creating matomo vhost
- nginx-server-block-file:
    path: '{{:: path ::}}'
    owner: root
    become: true
    server_names: '{{:: hostnames ::}}'
    use_https: '{{:: use_https ::}}'
    document_root: '{{:: base_path ::}}/piwik'
    index:
    - index.php
    add_header: Referrer-Policy origin
    server_admin: '{{:: server_admin ::}}'
    location_blocks:
        # for details, check: https://github.com/matomo-org/matomo-nginx/blob/master/sites-available/matomo.conf
    - location_match: ^/(index|matomo|piwik|js/index).php
      location_modifier: '~'
      properties: |
        include snippets/fastcgi-php.conf; # if your Nginx setup doesn't come with a default fastcgi-php config replace this with the one from this repository
        fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
        # fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; #replace with the path to your PHP socket file
        fastcgi_pass 127.0.0.1:9000;
    - location_match: /plugins/HeatmapSessionRecording/configs.php
      location_modifier: '='
      properties: |
        include snippets/fastcgi-php.conf;
        fastcgi_param HTTP_PROXY "";
        # fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; #replace with the path to your PHP socket file
        fastcgi_pass 127.0.0.1:9000; # uncomment if you are using PHP via TCP sockets
    - location_match: ^.+\.php$
      location_modifier: ~*
      properties: |
        deny all;
        return 403;
    - location_match: /
      properties: |
        try_files $uri $uri/ =404;
    - location_match: /(config|tmp|core|lang)
      location_modifier: '~'
      properties: |
        deny all;
        return 403; # replace with 404 to not show these directories exist
    - location_match: /\.ht
      location_modifier: '~'
      properties: |
        deny  all;
        return 403;
    - location_match: \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$
      location_modifier: '~'
      properties: |
        allow all;
        ## Cache images,CSS,JS and webfonts for an hour
        ## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
        expires 1h;
        add_header Pragma public;
        add_header Cache-Control "public";
    - location_match: /(libs|vendor|plugins|misc/user)
      location_modifier: '~'
      properties: |
        deny all;
        return 403;
    - location_match: /(.*\.md|LEGALNOTICE|LICENSE)
      location_modifier: '~'
      properties: |
        default_type text/plain;

#  # installing webserver and dependencies (php, https-cert...)
- webserver-service:
    webserver: nginx
    letsencrypt_webroot: '{{:: base_path ::}}/piwik'
    use_https: '{{:: use_https | default(false) ::}}'
    letsencrypt_email: '{{:: server_admin ::}}'
    letsencrypt_staging: '{{:: letsencrypt_staging ::}}'
    letsencrypt_domains: '{{:: hostnames ::}}'
    webserver_user: '{{:: webserver_user ::}}'
    webserver_group: '{{:: webserver_group ::}}'
    use_php: true
#      php_fpm_config:
#        php_fpm_listen_allowed_clients: "{{:: host ::}}"
    php_packages:
      debian:
      - php-curl
      - php-gd
      - php-cli
      - php-mysql
      - php-xml
      - php-zip
      - php-mbstring
frecklecute matomo-standalone --help

Usage: frecklecute matomo-standalone [OPTIONS]

  Install [Matomo](https://matomo.org/) web analytics service.

  This also installs Nginx as a reverse proxy, and, optionally, configures
  https with a letsencrypt certificate.

  Make sure to specify the 'server_admin' email address when using this with
  https. There is no validation check for this yet.

  Once finished, and you visit the hostname you provided (or localhost if
  you didn't), you'll be presented with a setup page. If you didn't change
  the defaults (which you should, at least for 'matomo_db_password'), here
  are the defaults:

      Database Server: 127.0.0.1     Login: matomo     Password:
      matomo_password     Database Name: matomo

  Leave the other settings.

Options:
  --base-path BASE_PATH           The matomo webapp parent directory.
  --hostname HOST                 The hostname(s) of the server.
  --letsencrypt-staging / --no-letsencrypt-staging
                                  Whether to use the letsencrypt staging
                                  server.
  --matomo-db-dump-file PATH      An (optional) database dump file.
  --matomo-db-import / --no-matomo-db-import
                                  Whether to import a sql dump.
  --matomo-db-name DB_NAME        The name of the database to use.
  --matomo-db-password MATOMO_DB_PASSWORD
                                  The password for the database.
  --matomo-db-user DB_USER        The db user.
  --path PATH                     The path to the vhost file.
  --server-admin SERVER_ADMIN     The email address to use in the vhost file
                                  and with letsencrypt.
  --use-https / --no-use-https    Request a lets-encrypt certificate and serve
                                  devpi via https (needs 'server_admin' set).
  --webserver-group GROUP         The group to run the webserver as (if
                                  applicable).
  --webserver-user USERNAME       The user to run the webserver as.
  --help                          Show this message and exit.
# -*- coding: utf-8 -*-


#
# module path: pycklets.matomo_standalone.MatomoStandalone
#


from dataclasses import dataclass
from pyckles import AutoPycklet
from typing import *    # noqa

@dataclass
class MatomoStandalone(AutoPycklet):
    """Install [Matomo](https://matomo.org/) web analytics service.

     This also installs Nginx as a reverse proxy, and, optionally, configures https with a letsencrypt certificate.

     Make sure to specify the 'server_admin' email address
     when using this with https. There is no validation check for this yet.

     Once finished, and you visit the hostname you provided (or localhost if you didn't), you'll be presented with a
     setup page. If you didn't change the defaults (which you should, at least for 'matomo_db_password'), here are the defaults:

         Database Server: 127.0.0.1
         Login: matomo
         Password: matomo_password
         Database Name: matomo

     Leave the other settings.

       Args:
         base_path: The matomo webapp parent directory.
         hostnames: The hostname(s) of the server.
         letsencrypt_staging: Whether to use the letsencrypt staging server.
         matomo_db_dump_file: An (optional) database dump file.
         matomo_db_import: Whether to import a sql dump.
         matomo_db_name: The name of the database to use.
         matomo_db_password: The password for the database.
         matomo_db_user: The db user.
         path: The path to the vhost file.
         server_admin: The email address to use in the vhost file and with letsencrypt.
         use_https: Request a lets-encrypt certificate and serve devpi via https (needs 'server_admin' set).
         webserver_group: The group to run the webserver as (if applicable).
         webserver_user: The user to run the webserver as.

    """

    FRECKLET_ID = "matomo-standalone"

    base_path: str = None
    hostnames: List = None
    letsencrypt_staging: bool = None
    matomo_db_dump_file: str = None
    matomo_db_import: bool = None
    matomo_db_name: str = None
    matomo_db_password: str = None
    matomo_db_user: str = None
    path: str = None
    server_admin: str = None
    use_https: bool = None
    webserver_group: str = None
    webserver_user: str = None


    def __post_init__(self):
        super(MatomoStandalone, self).__init__(var_names=["base_path", "hostnames", "letsencrypt_staging", "matomo_db_dump_file", "matomo_db_import", "matomo_db_name", "matomo_db_password", "matomo_db_user", "path", "server_admin", "use_https", "webserver_group", "webserver_user"])


frecklet_class = MatomoStandalone
# -*- coding: utf-8 -*-


#
# module path: pycklets.matomo_standalone.MatomoStandalone
#


from pyckles import AutoPycklet

class MatomoStandalone(AutoPycklet):
    """Install [Matomo](https://matomo.org/) web analytics service.

     This also installs Nginx as a reverse proxy, and, optionally, configures https with a letsencrypt certificate.

     Make sure to specify the 'server_admin' email address
     when using this with https. There is no validation check for this yet.

     Once finished, and you visit the hostname you provided (or localhost if you didn't), you'll be presented with a
     setup page. If you didn't change the defaults (which you should, at least for 'matomo_db_password'), here are the defaults:

         Database Server: 127.0.0.1
         Login: matomo
         Password: matomo_password
         Database Name: matomo

     Leave the other settings.

       Args:
         base_path: The matomo webapp parent directory.
         hostnames: The hostname(s) of the server.
         letsencrypt_staging: Whether to use the letsencrypt staging server.
         matomo_db_dump_file: An (optional) database dump file.
         matomo_db_import: Whether to import a sql dump.
         matomo_db_name: The name of the database to use.
         matomo_db_password: The password for the database.
         matomo_db_user: The db user.
         path: The path to the vhost file.
         server_admin: The email address to use in the vhost file and with letsencrypt.
         use_https: Request a lets-encrypt certificate and serve devpi via https (needs 'server_admin' set).
         webserver_group: The group to run the webserver as (if applicable).
         webserver_user: The user to run the webserver as.

    """

    FRECKLET_ID = "matomo-standalone"

    def __init__(self, base_path="/var/www", hostnames=['localhost'], letsencrypt_staging=None, matomo_db_dump_file=None, matomo_db_import=None, matomo_db_name="matomo", matomo_db_password="matomo_password", matomo_db_user="matomo", path="/etc/nginx/sites-enabled/matomo.conf", server_admin=None, use_https=None, webserver_group="www-data", webserver_user="www-data"):

        super(MatomoStandalone, self).__init__(var_names=["base_path", "hostnames", "letsencrypt_staging", "matomo_db_dump_file", "matomo_db_import", "matomo_db_name", "matomo_db_password", "matomo_db_user", "path", "server_admin", "use_https", "webserver_group", "webserver_user"])
        self._base_path = base_path
        self._hostnames = hostnames
        self._letsencrypt_staging = letsencrypt_staging
        self._matomo_db_dump_file = matomo_db_dump_file
        self._matomo_db_import = matomo_db_import
        self._matomo_db_name = matomo_db_name
        self._matomo_db_password = matomo_db_password
        self._matomo_db_user = matomo_db_user
        self._path = path
        self._server_admin = server_admin
        self._use_https = use_https
        self._webserver_group = webserver_group
        self._webserver_user = webserver_user

    @property
    def base_path(self):
        return self._base_path

    @base_path.setter
    def base_path(self, base_path):
        self._base_path = base_path

    @property
    def hostnames(self):
        return self._hostnames

    @hostnames.setter
    def hostnames(self, hostnames):
        self._hostnames = hostnames

    @property
    def letsencrypt_staging(self):
        return self._letsencrypt_staging

    @letsencrypt_staging.setter
    def letsencrypt_staging(self, letsencrypt_staging):
        self._letsencrypt_staging = letsencrypt_staging

    @property
    def matomo_db_dump_file(self):
        return self._matomo_db_dump_file

    @matomo_db_dump_file.setter
    def matomo_db_dump_file(self, matomo_db_dump_file):
        self._matomo_db_dump_file = matomo_db_dump_file

    @property
    def matomo_db_import(self):
        return self._matomo_db_import

    @matomo_db_import.setter
    def matomo_db_import(self, matomo_db_import):
        self._matomo_db_import = matomo_db_import

    @property
    def matomo_db_name(self):
        return self._matomo_db_name

    @matomo_db_name.setter
    def matomo_db_name(self, matomo_db_name):
        self._matomo_db_name = matomo_db_name

    @property
    def matomo_db_password(self):
        return self._matomo_db_password

    @matomo_db_password.setter
    def matomo_db_password(self, matomo_db_password):
        self._matomo_db_password = matomo_db_password

    @property
    def matomo_db_user(self):
        return self._matomo_db_user

    @matomo_db_user.setter
    def matomo_db_user(self, matomo_db_user):
        self._matomo_db_user = matomo_db_user

    @property
    def path(self):
        return self._path

    @path.setter
    def path(self, path):
        self._path = path

    @property
    def server_admin(self):
        return self._server_admin

    @server_admin.setter
    def server_admin(self, server_admin):
        self._server_admin = server_admin

    @property
    def use_https(self):
        return self._use_https

    @use_https.setter
    def use_https(self, use_https):
        self._use_https = use_https

    @property
    def webserver_group(self):
        return self._webserver_group

    @webserver_group.setter
    def webserver_group(self, webserver_group):
        self._webserver_group = webserver_group

    @property
    def webserver_user(self):
        return self._webserver_user

    @webserver_user.setter
    def webserver_user(self, webserver_user):
        self._webserver_user = webserver_user



frecklet_class = MatomoStandalone