nixos/modules/services/web-apps/matomo-doc.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-matomo">
  <title>Matomo</title>
  <para>
    Matomo is a real-time web analytics application. This module
    configures php-fpm as backend for Matomo, optionally configuring an
    nginx vhost as well.
  </para>
  <para>
    An automatic setup is not suported by Matomo, so you need to
    configure Matomo itself in the browser-based Matomo setup.
  </para>
  <section xml:id="module-services-matomo-database-setup">
    <title>Database Setup</title>
    <para>
      You also need to configure a MariaDB or MySQL database and -user
      for Matomo yourself, and enter those credentials in your browser.
      You can use passwordless database authentication via the
      UNIX_SOCKET authentication plugin with the following SQL commands:
    </para>
    <programlisting>
# For MariaDB
INSTALL PLUGIN unix_socket SONAME 'auth_socket';
CREATE DATABASE matomo;
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH unix_socket;
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';

# For MySQL
INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
CREATE DATABASE matomo;
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket;
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
</programlisting>
    <para>
      Then fill in <literal>matomo</literal> as database user and
      database name, and leave the password field blank. This
      authentication works by allowing only the
      <literal>matomo</literal> unix user to authenticate as the
      <literal>matomo</literal> database user (without needing a
      password), but no other users. For more information on
      passwordless login, see
      <link xlink:href="https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/" role="uri">https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/</link>.
    </para>
    <para>
      Of course, you can use password based authentication as well,
      e.g. when the database is not on the same host.
    </para>
  </section>
  <section xml:id="module-services-matomo-archive-processing">
    <title>Archive Processing</title>
    <para>
      This module comes with the systemd service
      <literal>matomo-archive-processing.service</literal> and a timer
      that automatically triggers archive processing every hour. This
      means that you can safely
      <link xlink:href="https://matomo.org/docs/setup-auto-archiving/#disable-browser-triggers-for-matomo-archiving-and-limit-matomo-reports-to-updating-every-hour">disable
      browser triggers for Matomo archiving</link> at
      <literal>Administration &gt; System &gt; General Settings</literal>.
    </para>
    <para>
      With automatic archive processing, you can now also enable to
      <link xlink:href="https://matomo.org/docs/privacy/#step-2-delete-old-visitors-logs">delete
      old visitor logs</link> at
      <literal>Administration &gt; System &gt; Privacy</literal>, but
      make sure that you run
      <literal>systemctl start matomo-archive-processing.service</literal>
      at least once without errors if you have already collected data
      before, so that the reports get archived before the source data
      gets deleted.
    </para>
  </section>
  <section xml:id="module-services-matomo-backups">
    <title>Backup</title>
    <para>
      You only need to take backups of your MySQL database and the
      <filename>/var/lib/matomo/config/config.ini.php</filename> file.
      Use a user in the <literal>matomo</literal> group or root to
      access the file. For more information, see
      <link xlink:href="https://matomo.org/faq/how-to-install/faq_138/" role="uri">https://matomo.org/faq/how-to-install/faq_138/</link>.
    </para>
  </section>
  <section xml:id="module-services-matomo-issues">
    <title>Issues</title>
    <itemizedlist spacing="compact">
      <listitem>
        <para>
          Matomo will warn you that the JavaScript tracker is not
          writable. This is because it’s located in the read-only nix
          store. You can safely ignore this, unless you need a plugin
          that needs JavaScript tracker access.
        </para>
      </listitem>
    </itemizedlist>
  </section>
  <section xml:id="module-services-matomo-other-web-servers">
    <title>Using other Web Servers than nginx</title>
    <para>
      You can use other web servers by forwarding calls for
      <filename>index.php</filename> and <filename>piwik.php</filename>
      to the
      <link linkend="opt-services.phpfpm.pools._name_.socket"><literal>services.phpfpm.pools.&lt;name&gt;.socket</literal></link>
      fastcgi unix socket. You can use the nginx configuration in the
      module code as a reference to what else should be configured.
    </para>
  </section>
</chapter>