parent
ad6c773193
commit
e4dd772bda
6 changed files with 204 additions and 99 deletions
@ -0,0 +1,6 @@ |
||||
[package] |
||||
description = Install Matomo. |
||||
docs = https://matomo.com |
||||
tags = stats |
||||
title = Matomo |
||||
version = 0.1.0-d |
@ -1,99 +0,0 @@ |
||||
Install dependencies |
||||
|
||||
apt install apache2 mariadb-server php libapache2-mod-php php-cli php-fpm php-json php-common php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear phpbcmath curl unzip -v |
||||
|
||||
sudo systemctl start apache2 |
||||
sudo systemctl start mariadb |
||||
|
||||
|
||||
Enable and Create db |
||||
|
||||
sudo systemctl enable apache2 mariadb |
||||
|
||||
CREATE MYSQL DATABASE |
||||
MYSQL |
||||
CREATE DATABASE matomodb; |
||||
CREATE USER 'matomouser'@'localhost' IDENTIFIED BY 'password' |
||||
GRANT ALL PRIVILAGES ON matomodb.* TO 'matomouser'@'localhost' |
||||
|
||||
|
||||
Pull and unzip Matomo files and set permissions |
||||
|
||||
wget http://builds.matomo.org/matomo-latest.zip |
||||
|
||||
unzip matomo-latest.zip |
||||
|
||||
mv matomo /var/www/html/matomo |
||||
|
||||
chown -R www-data:www-data /var/www/html/matomo |
||||
|
||||
chmod -R 755 /var/www/html/matomo |
||||
|
||||
|
||||
|
||||
Create Apache config file |
||||
|
||||
sudo nano /etc/apache2/sites-available/matomo.conf |
||||
|
||||
<VirtualHost *:80> |
||||
|
||||
ServerName matomo.mark37.com |
||||
DocumentRoot /var/www/html/matomo/ |
||||
|
||||
<Directory /var/www/html/matomo> |
||||
Options FollowSymLinks |
||||
Allowoverride All |
||||
Require all granted |
||||
</Directory> |
||||
|
||||
<Files "console"> |
||||
Options None |
||||
Require all denied |
||||
</Files> |
||||
|
||||
<Directory /var/www/html/matomo/misc/user> |
||||
Options None |
||||
Required all granted |
||||
</Directory> |
||||
|
||||
<Directory /var/www/html/matomo/misc> |
||||
Options None |
||||
Required all granted |
||||
</Directory> |
||||
|
||||
<Directory /var/www/html/matomo/vendor> |
||||
Options None |
||||
Required all granted |
||||
</Directory> |
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/matomo_error.log |
||||
CustomLog ${APACHE_LOG_DIR}/matomo_access.log combined |
||||
|
||||
</VirtualHost> |
||||
|
||||
|
||||
|
||||
|
||||
Enable site |
||||
|
||||
sudo a2ensite matomo.mark37.com |
||||
|
||||
sudo a2enmod rewrite headers enc dif mime setenvif ssl |
||||
|
||||
sudo systemctl enable --now php7.4-fpm |
||||
sudo systemctl reload apache2 |
||||
|
||||
|
||||
Install SSL Certificate |
||||
|
||||
sudo apt install certbot python3-certbot-apache -y |
||||
|
||||
sudo ufw disable |
||||
sudo certbot --apache -d matomo.mark37.com |
||||
sudo ufw enable |
||||
|
||||
|
||||
|
||||
cron settings for Ssl renew |
||||
|
||||
0 6 * * 0 certbot renew -n -q --pre-hook “systemctl stop apache2” --post-hook “systemctl start apache2” |
@ -0,0 +1,91 @@ |
||||
[install dependencies] |
||||
install: $item |
||||
sudo: yes |
||||
items: apache2 mariadb-server php libapache2-mod-php php-cli php-fpm php-json php-common php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear phpbcmath curl unzip |
||||
|
||||
[make sure a maintenance root exists] |
||||
dir: /var/www/maint/www |
||||
group: {{ apache_group }} |
||||
owner: {{ apache_user }} |
||||
recursive: yes |
||||
sudo: yes |
||||
|
||||
[disable the default site] |
||||
apache.disable_site: 000-default |
||||
sudo: yes |
||||
|
||||
[install certbot] |
||||
install: certbot |
||||
sudo: yes |
||||
|
||||
[enable apache modules] |
||||
apache.enable_module: $item |
||||
items: rewrite headers enc dif mime setenvif ssl |
||||
sudo: yes |
||||
|
||||
; Is this really necessary? |
||||
[enable php] |
||||
run: systemctl enable --now php7.4-fpm |
||||
sudo: yes |
||||
|
||||
[create virtual host without SSL] |
||||
template: http.conf /etc/apache2/sites-available/{{ domain_name }}.conf |
||||
sudo: yes |
||||
|
||||
[enable the non-SSL site] |
||||
apache.enable_site: {{ domain_name }} |
||||
sudo: yes |
||||
|
||||
[reload apache with non-SSL site in place] |
||||
apache.reload: |
||||
sudo: yes |
||||
|
||||
[create the database] |
||||
mysql.create: {{ database_name }} |
||||
host: {{ database_host }} |
||||
|
||||
[create the database user] |
||||
mysql.user: {{ database_user }} |
||||
host: {{ database_host }} |
||||
password: {{ database_password }} |
||||
|
||||
[set privileges for database user] |
||||
mysql.grant: {{ database_user }} |
||||
database: {{ database_name }} |
||||
host: {{ database_host }} |
||||
|
||||
[download the latest copy of matomo] |
||||
run: wget http://builds.matomo.org/matomo-latest.zip |
||||
cd: /tmp |
||||
|
||||
[unzip the matomo package] |
||||
run: unzip matomo-latest.zip |
||||
cd: /tmp |
||||
|
||||
[move the matomo package] |
||||
move: /tmp/matomo {{ install_path }}/{{ domain_tld }} |
||||
sudo: yes |
||||
|
||||
[set permissions on the matomo directory] |
||||
perms: {{ install_path }}/{{ domain_tld }} |
||||
owner: {{ apache_user }} |
||||
group: {{ apache_group }} |
||||
mode: 755 |
||||
recursive: yes |
||||
sudo: yes |
||||
|
||||
{% if not file_exists(letsencrypt_file, host=current_host) %} |
||||
[acquire SSL certificate] |
||||
certbot: {{ domain_name }} |
||||
email: {{ webmaster_email }} |
||||
webroot: /var/www/maint/www |
||||
sudo: yes |
||||
{% endif %} |
||||
|
||||
[create virtual host with SSL] |
||||
template: https.conf /etc/apache2/sites-available/{{ domain_name }}.conf |
||||
sudo: yes |
||||
|
||||
[reload apache with SSL in place] |
||||
apache.reload: |
||||
sudo: yes |
@ -0,0 +1,12 @@ |
||||
# The port 80 host is required for renewing Let's Encrypt certificates. By default document root is shared by all sites |
||||
# requiring SSL support, but this may be changed to {{ deploy.shared_path }}/maint/www in the deployment template if |
||||
# a custom maintenance site is required. |
||||
<VirtualHost *:80> |
||||
ServerName {{ domain_name }} |
||||
ServerAlias *.{{ domain_name }} |
||||
RewriteEngine On |
||||
RewriteCond %{HTTPS} off |
||||
RewriteCond %{REQUEST_URI} !^/.well-known [NC] |
||||
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L] |
||||
DocumentRoot /var/www/maint/www |
||||
</VirtualHost> |
@ -0,0 +1,52 @@ |
||||
# The port 80 host is required for renewing Let's Encrypt certificates. By default document root is shared by all sites |
||||
# requiring SSL support, but this may be changed to {{ deploy.shared_path }}/maint/www in the deployment template if |
||||
# a custom maintenance site is required. |
||||
<VirtualHost *:80> |
||||
ServerName {{ domain_name }} |
||||
ServerAlias *.{{ domain_name }} |
||||
RewriteEngine On |
||||
RewriteCond %{HTTPS} off |
||||
RewriteCond %{REQUEST_URI} !^/.well-known [NC] |
||||
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L] |
||||
DocumentRoot /var/www/maint/www |
||||
</VirtualHost> |
||||
|
||||
# The 443 host is where the application is actually served. |
||||
<VirtualHost *:443> |
||||
ServerName {{ domain_name }} |
||||
DocumentRoot {{ install_path }}/{{ domain_tld }} |
||||
|
||||
<Directory {{ install_path }}/{{ domain_tld }}> |
||||
Options FollowSymLinks |
||||
Allowoverride All |
||||
Require all granted |
||||
</Directory> |
||||
|
||||
<Files "console"> |
||||
Options None |
||||
Require all denied |
||||
</Files> |
||||
|
||||
<Directory {{ install_path }}/{{ domain_tld }}/misc/user> |
||||
Options None |
||||
Required all granted |
||||
</Directory> |
||||
|
||||
<Directory {{ install_path }}/{{ domain_tld }}/misc> |
||||
Options None |
||||
Required all granted |
||||
</Directory> |
||||
|
||||
<Directory {{ install_path }}/{{ domain_tld }}/vendor> |
||||
Options None |
||||
Required all granted |
||||
</Directory> |
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/matomo_error.log |
||||
CustomLog ${APACHE_LOG_DIR}/matomo_access.log combined |
||||
|
||||
SSLEngine on |
||||
SSLCertificateKeyFile /etc/letsencrypt/live/{{ domain_name }}/privkey.pem |
||||
SSLCertificateFile /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem |
||||
|
||||
</VirtualHost> |
@ -0,0 +1,43 @@ |
||||
[apache_user] |
||||
comment = The name of the user that runs Apache. |
||||
value = www-data |
||||
|
||||
[apache_group] |
||||
comment = The name of the group to which the Apache user is assigned. |
||||
value = www-data |
||||
|
||||
[database_host] |
||||
comment = The server name hosting the database. |
||||
value = localhost |
||||
|
||||
[database_name] |
||||
comment = The name of the database. |
||||
value = matomo_example_com |
||||
|
||||
[database_password] |
||||
comment = The password used to access the database. |
||||
value = change_this_to_something_secure! |
||||
|
||||
[database_user] |
||||
comment = The user name accessing the database. |
||||
value = matomo_example_com |
||||
|
||||
[domain_name] |
||||
comment = The domain name to use for the Matomo host. |
||||
value = matomo.example.com |
||||
|
||||
[domain_tld] |
||||
comment = The domain name as a directory. |
||||
value = matomo_example_com |
||||
|
||||
[letsencrypt_file] |
||||
comment = The path to the SSL cert. |
||||
value = /etc/letsencrypt/live/%(domain_name)/cert.pem |
||||
|
||||
[webmaster_email] |
||||
comment = The webmaster's email address. Used when setting up SSL. |
||||
value = webmaster@example.com |
||||
|
||||
[install_path] |
||||
comment = The path to document root where Matomo will be installed. |
||||
value = /var/www |
Loading…
Reference in new issue