N'oublier pas de restaurer le fichier de configuration « config/config.ini.php ». Mais ne réactivez pas encore le tracking.
FTP
Télécharger la nouvelle version de PIWIK et l'envoyer sur le FTP en remplaçant les anciens fichiers.
Veiller à ce que le transfert FTP se fasse en mode BINAIRE.
SSH
wget http://builds.piwik.org/latest.zip # download latest versioncd /srv/http # se rendre là où se trouve le dossier piwik
7z x latest.zip # extraire l'archiverm latest.zip How\ to\ install\ Piwik.html # supprimer l'archive et le fichier d'aide
MAJ de la base de données
Aller sur la page d'accueil de votre PIWIK, un lien vous permettant de mettre à jour la BdD sera disponible.
N'oublier pas de réactiver le tracking.
# en ligne de commande
php /usr/share/webapps/piwik/console core:update
Configuration
Support Do Not Track preference
Settings → Privacy → Support Do Not Track preference
Exclure des IPs
Settings → Websites → Global list of Excluded IPs
Version
Le fichier « piwik/core/Version.php » contient la version de piwik.
# Créer un log journalier dans nginx
access_log /var/log/nginx/mediawiki_access_daily.piwik;
/etc/logrotate.d/nginx
/var/log/nginx/mediawiki_access_daily.piwik {
# archive le log tous les jours à 00h00
daily
# conserve 7 archives
rotate 7
# ajoute la date aux noms des archives
dateext
# format par défaut de la date: -%Y%m%d
dateformat -%Y-%m-%d
# ajoute la date avant l'extension
extension .piwik
missingok
create 640 http log
su http log
compress
postrotate
test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid`
endscript
}
crontab
# tous les jours à 1:00
0 1 * * * import_piwik_log_and_archive.sh
#!/bin/bashset -e
set -o pipefail
set -u
log_file='/var/log/nginx/bananeatomic_access.log'
nb_of_lines_to_skip=0
if [[ -r .piwik-skip ]] ; then
nb_of_lines_to_skip=$(cat .piwik-skip)
fi
nb_of_lines_in_the_log_file=$(wc -l < $log_file)
# si il n'y a pas eu de nouvelles entrées dans le log on ne fait rienif [[ $nb_of_lines_to_skip -eq $nb_of_lines_in_the_log_file ]] ; thenexit 0
# si il le log a été archivéelif [[ $nb_of_lines_to_skip -gt $nb_of_lines_in_the_log_file ]] ; then
nb_of_lines_to_skip=0
fiecho$nb_of_lines_in_the_log_file > .piwik-skip
python2 /srv/http/piwik/misc/log-analytics/import_logs.py \
--url=http://piwik.mon-domain.fr \
"$log_file" \
--recorders=4 \
--exclude-path="/load.php" \
--exclude-path="/api.php" \
--skip=$nb_of_lines_to_skip# déclencher manuellement l'archivage / la création des rapports
su http -m -c "/usr/bin/php /srv/http/piwik/console core:archive --url=http://piwik.mon-domain.fr"# « http » n'ayant pas le droit de se connecter à un shell, il faut utiliser l'option « -m »
Confidentialité
Créer un lien vers « http://monsite/piwik/index.php?module=CoreAdminHome&action=optOut&language=fr » pour créer un cookie signifiant à Piwiki de ne pas collecter les données.
# Mettre à jour la base de données :
/usr/bin/php /srv/http/piwik/console usercountry:attribute 2015-01-01,2016-01-01
# Reconstruire les rapports
/usr/bin/php /srv/http/piwik/console core:archive --force-all-websites --force-all-periods=315576000 --force-date-last-n=1000 --url=http://piwik
# supprimer toutes les tables commençant par archive_select concat('drop table ', group_concat(table_name), ';')
from information_schema.tables where table_schema ='piwik_db'and table_name like'archive_%';
# DROP TABLE archive_*;DELETEFROM log_visit WHERE idsite =1;
DELETEFROM log_link_visit_action WHERE idsite =1;
DELETEFROM log_conversion WHERE idsite =1;
DELETEFROM log_conversion_item WHERE idsite =1;
wget https://builds.matomo.org/matomo.zip
unzip matomo.zip
rm -f matomo.zip How\ to\ install\ Matomo.html
sudo mv matomo /var/www
sudo chown -R root:root /var/www/matomo
sudo chown www-data:www-data /var/www/matomo/tmp
sudo chown www-data:www-data /var/www/matomo/matomo.js # the js tracker has to be writable
sudo chown -R www-data:www-data /var/www/matomo/config # only for the installation# after the installation, reset access rights to the config folder
sudo chown -R root:root /var/www/matomo/config
# but allow to modifiy the config.ini.php file
sudo chown www-data:www-data /var/www/matomo/config/config.ini.php
server {
server_name matomo.localserver;
listen80;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.location / {
return301 https://$host$request_uri;
}
}
server {
server_name matomo.localserver;
listen443 ssl http2;
root /var/www/matomo;
index index.php;
ssl_certificate /etc/letsencrypt/live/matomo.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matomo.example.com/privkey.pem;
add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instanceadd_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
allow192.168.0.0/24;
deny all;
access_log /var/log/nginx/matomo-access.log;
error_log /var/log/nginx/matomo-error.log;
## only allow accessing the following php fileslocation~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/fastcgi_pass unix:/var/run/php/php-fpm.sock;
}
## deny access to all other .php fileslocation~* ^.+\.php$ {
deny all;
return403;
}
## serve all other files normallylocation / {
try_files$uri$uri/ =404;
}
## disable all access to the following directorieslocation~ ^/(config|tmp|core|lang) {
deny all;
return403; # replace with 404 to not show these directories exist
}
location~ /\.ht {
deny all;
return403;
}
location~ js/container_.*_preview\.js$ {
expiresoff;
add_header Cache-Control 'private, no-cache, no-store';
}
location~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2)$ {
allow all;
## Cache images,CSS,JS and webfonts for an hour## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgradeexpires1h;
add_header Pragma public;
add_header Cache-Control "public";
}
location~ ^/(libs|vendor|plugins|misc|node_modules) {
deny all;
return403;
}
## properly display textfiles in root directorylocation ~/(.*\.md|LEGALNOTICE|LICENSE) {
default_type text/plain;
}
}
Nginx et uwsgi
/etc/nginx/nginx.conf
server {
listen80;
server_name piwik;
root /usr/share/webapps/piwik;
index index.php;
location~ \.php$ {
include uwsgi_params;
uwsgi_modifier114;
uwsgi_pass unix:/run/uwsgi/piwik.sock;
}
}
/etc/uwsgi/piwik.ini
[uwsgi]; loglogger = file:/var/log/uwsgi/%n.log
; maximum number of worker processesprocesses = 40; start with only 4 and spawn the others on demand, maintaining a minimal pool of 4 processes.cheaper = 1; the user and group id of the process once it’s starteduid = http
gid = http
master = truesocket = /run/uwsgi/%n.sock
chdir = /usr/share/webapps/%n
; clear environment on exitvacuum = true; phpplugins = php
php-docroot = /usr/share/webapps/%n
php-index = index.php
php-allowed-ext = .php
; For some mysterious reason, the opcode cache is disabled in the embed SAPI.; You can bypass the problem by telling the PHP engine that is running under the apache SAPIphp-sapi-name = apache
; extensionsphp-set = extension=pdo_mysql.so
php-set = extension=iconv.so
php-set = extension=geoip.so
; php configphp-set = open_basedir=/usr/share/webapps/piwik/:/tmp/:/usr/share/GeoIP/
php-set = iconv.input_encoding=ISO-8859-1php-set = iconv.internal_encoding=ISO-8859-1php-set = iconv.output_encoding=ISO-8859-1; To give Piwik enough memory to process your web analytics reports, increase the memory limit to 512Mphp-set = memory_limit=512M
; define the GeoIP directoryphp-set = geoip.custom_directory=/usr/share/GeoIP/
Database Setup
create database matomo defaultcharacterset utf8mb4 collate utf8mb4_unicode_ci;
createuser matomo@localhost identified by'password';
grantallon matomo.*to matomo@localhost;
flush privileges;
# LOAD DATA INFILEshow grants for matomo@localhost;
# GRANT USAGE ON *.* TO 'piwik_user'@'localhost' IDENTIFIED BY PASSWORD 'xxx'grant file on*.*TO'piwik_user'@'localhost';
show grants for'piwik_user'@'localhost';
# GRANT FILE ON *.* TO 'piwik_user'@'localhost' IDENTIFIED BY PASSWORD 'xxx'
# LOAD DATA INFILEchown http:mysql /usr/share/webapps/piwik/tmp/assets
PHP configuration
/etc/php/8.2/fpm/pool.d/matomo.conf
listen = /run/php/php8.2-fpm-matomo.sock
pm = ondemand
pm.max_children = 2; Enable LOAD DATA INFILE
php_value[mysqli.allow_local_infile ] = On
php_value[mysqli.local_infile_directory] = /var/www/matomo/tmp/assets/
be sure to have the write rights on /var/www/matomo/plugins
Marketplace on the left menu → Browse
Useful plugins and themes
Name
Description
Dark Theme
a dark theme for Matomo web site
Security Info
provides security information about your PHP environment
Log Viewer
display log messages logged by Matomo
Bot Tracker
detection of bots & spiders and count their visits without tracking them in the visitor-log
Erreurs
Can't get stat of '/usr/share/webapps/piwik/tmp/assets/option-xx.csv' (Errcode: 13 "Permission denied")
Administration → Diagnostic → System Check → Database abilities: LOAD DATA INFILE
# le dossier assets n'est pas accessible par mysql
ll /usr/share/webapps/piwik/tmp/assets
# drwxr-x---chmod o+rx /usr/share/webapps/piwik/tmp/assets
ll /usr/share/webapps/piwik/tmp/assets
# drwxr-xr-x
The mysql driver is not currently installed
Décommentez la ligne suivante
/etc/php/php.ini
extension=pdo_mysql.so
# redemarrez le serveur
sudo systemctl restart httpd
SQLSTATE[HY000] [2002] Connection refused
Mauvais hôte, identifiant ou mot de passe.
Essayez localhost au lieu de 127.0.0.1
You need to configure and rebuild PHP with "iconv" support enabled, --with-iconv
