Finished initial inventory for Matomo installer.

development
Shawn Davis 1 year ago
parent ad6c773193
commit e4dd772bda
  1. 6
      scripttease/data/inventory/matomo/meta.ini
  2. 99
      scripttease/data/inventory/matomo/notes.md
  3. 91
      scripttease/data/inventory/matomo/steps.ini
  4. 12
      scripttease/data/inventory/matomo/templates/http.conf
  5. 52
      scripttease/data/inventory/matomo/templates/https.conf
  6. 43
      scripttease/data/inventory/matomo/variables.ini

@ -0,0 +1,6 @@
[package]
description = Install Matomo.
docs = https://matomo.com
tags = stats
title = Matomo
version = 0.1.0-d

@ -1,99 +0,0 @@
Install dependencies
apt install apache2 mariadb-server php libapache2-mod-php php-cli php-fpm php-json php-common php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear phpbcmath curl unzip -v
sudo systemctl start apache2
sudo systemctl start mariadb
Enable and Create db
sudo systemctl enable apache2 mariadb
CREATE MYSQL DATABASE
MYSQL
CREATE DATABASE matomodb;
CREATE USER 'matomouser'@'localhost' IDENTIFIED BY 'password'
GRANT ALL PRIVILAGES ON matomodb.* TO 'matomouser'@'localhost'
Pull and unzip Matomo files and set permissions
wget http://builds.matomo.org/matomo-latest.zip
unzip matomo-latest.zip
mv matomo /var/www/html/matomo
chown -R www-data:www-data /var/www/html/matomo
chmod -R 755 /var/www/html/matomo
Create Apache config file
sudo nano /etc/apache2/sites-available/matomo.conf
<VirtualHost *:80>
ServerName matomo.mark37.com
DocumentRoot /var/www/html/matomo/
<Directory /var/www/html/matomo>
Options FollowSymLinks
Allowoverride All
Require all granted
</Directory>
<Files "console">
Options None
Require all denied
</Files>
<Directory /var/www/html/matomo/misc/user>
Options None
Required all granted
</Directory>
<Directory /var/www/html/matomo/misc>
Options None
Required all granted
</Directory>
<Directory /var/www/html/matomo/vendor>
Options None
Required all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/matomo_error.log
CustomLog ${APACHE_LOG_DIR}/matomo_access.log combined
</VirtualHost>
Enable site
sudo a2ensite matomo.mark37.com
sudo a2enmod rewrite headers enc dif mime setenvif ssl
sudo systemctl enable --now php7.4-fpm
sudo systemctl reload apache2
Install SSL Certificate
sudo apt install certbot python3-certbot-apache -y
sudo ufw disable
sudo certbot --apache -d matomo.mark37.com
sudo ufw enable
cron settings for Ssl renew
0 6 * * 0 certbot renew -n -q --pre-hook “systemctl stop apache2” --post-hook “systemctl start apache2”

@ -0,0 +1,91 @@
[install dependencies]
install: $item
sudo: yes
items: apache2 mariadb-server php libapache2-mod-php php-cli php-fpm php-json php-common php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear phpbcmath curl unzip
[make sure a maintenance root exists]
dir: /var/www/maint/www
group: {{ apache_group }}
owner: {{ apache_user }}
recursive: yes
sudo: yes
[disable the default site]
apache.disable_site: 000-default
sudo: yes
[install certbot]
install: certbot
sudo: yes
[enable apache modules]
apache.enable_module: $item
items: rewrite headers enc dif mime setenvif ssl
sudo: yes
; Is this really necessary?
[enable php]
run: systemctl enable --now php7.4-fpm
sudo: yes
[create virtual host without SSL]
template: http.conf /etc/apache2/sites-available/{{ domain_name }}.conf
sudo: yes
[enable the non-SSL site]
apache.enable_site: {{ domain_name }}
sudo: yes
[reload apache with non-SSL site in place]
apache.reload:
sudo: yes
[create the database]
mysql.create: {{ database_name }}
host: {{ database_host }}
[create the database user]
mysql.user: {{ database_user }}
host: {{ database_host }}
password: {{ database_password }}
[set privileges for database user]
mysql.grant: {{ database_user }}
database: {{ database_name }}
host: {{ database_host }}
[download the latest copy of matomo]
run: wget http://builds.matomo.org/matomo-latest.zip
cd: /tmp
[unzip the matomo package]
run: unzip matomo-latest.zip
cd: /tmp
[move the matomo package]
move: /tmp/matomo {{ install_path }}/{{ domain_tld }}
sudo: yes
[set permissions on the matomo directory]
perms: {{ install_path }}/{{ domain_tld }}
owner: {{ apache_user }}
group: {{ apache_group }}
mode: 755
recursive: yes
sudo: yes
{% if not file_exists(letsencrypt_file, host=current_host) %}
[acquire SSL certificate]
certbot: {{ domain_name }}
email: {{ webmaster_email }}
webroot: /var/www/maint/www
sudo: yes
{% endif %}
[create virtual host with SSL]
template: https.conf /etc/apache2/sites-available/{{ domain_name }}.conf
sudo: yes
[reload apache with SSL in place]
apache.reload:
sudo: yes

@ -0,0 +1,12 @@
# The port 80 host is required for renewing Let's Encrypt certificates. By default document root is shared by all sites
# requiring SSL support, but this may be changed to {{ deploy.shared_path }}/maint/www in the deployment template if
# a custom maintenance site is required.
<VirtualHost *:80>
ServerName {{ domain_name }}
ServerAlias *.{{ domain_name }}
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/.well-known [NC]
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
DocumentRoot /var/www/maint/www
</VirtualHost>

@ -0,0 +1,52 @@
# The port 80 host is required for renewing Let's Encrypt certificates. By default document root is shared by all sites
# requiring SSL support, but this may be changed to {{ deploy.shared_path }}/maint/www in the deployment template if
# a custom maintenance site is required.
<VirtualHost *:80>
ServerName {{ domain_name }}
ServerAlias *.{{ domain_name }}
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/.well-known [NC]
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
DocumentRoot /var/www/maint/www
</VirtualHost>
# The 443 host is where the application is actually served.
<VirtualHost *:443>
ServerName {{ domain_name }}
DocumentRoot {{ install_path }}/{{ domain_tld }}
<Directory {{ install_path }}/{{ domain_tld }}>
Options FollowSymLinks
Allowoverride All
Require all granted
</Directory>
<Files "console">
Options None
Require all denied
</Files>
<Directory {{ install_path }}/{{ domain_tld }}/misc/user>
Options None
Required all granted
</Directory>
<Directory {{ install_path }}/{{ domain_tld }}/misc>
Options None
Required all granted
</Directory>
<Directory {{ install_path }}/{{ domain_tld }}/vendor>
Options None
Required all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/matomo_error.log
CustomLog ${APACHE_LOG_DIR}/matomo_access.log combined
SSLEngine on
SSLCertificateKeyFile /etc/letsencrypt/live/{{ domain_name }}/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem
</VirtualHost>

@ -0,0 +1,43 @@
[apache_user]
comment = The name of the user that runs Apache.
value = www-data
[apache_group]
comment = The name of the group to which the Apache user is assigned.
value = www-data
[database_host]
comment = The server name hosting the database.
value = localhost
[database_name]
comment = The name of the database.
value = matomo_example_com
[database_password]
comment = The password used to access the database.
value = change_this_to_something_secure!
[database_user]
comment = The user name accessing the database.
value = matomo_example_com
[domain_name]
comment = The domain name to use for the Matomo host.
value = matomo.example.com
[domain_tld]
comment = The domain name as a directory.
value = matomo_example_com
[letsencrypt_file]
comment = The path to the SSL cert.
value = /etc/letsencrypt/live/%(domain_name)/cert.pem
[webmaster_email]
comment = The webmaster's email address. Used when setting up SSL.
value = webmaster@example.com
[install_path]
comment = The path to document root where Matomo will be installed.
value = /var/www
Loading…
Cancel
Save