# change the folder rights to allow the updatechown -R www-data:www-data /var/www/matomo
# manual update of the database
php /var/www/matomo/console core:update
# reset folder rights after the updatechown -R www-data:www-data /var/www/matomo/tmp
chown www-data:www-data /var/www/matomo/matomo.js
chown www-data:www-data /var/www/matomo/config/config.ini.php
# download the latest version
wget https://builds.matomo.org/matomo.zip
# extract it to "matomo/" directory
unzip -o matomo.zip
# delete the archiverm matomo.zip
# check for any obsolete files, Matomo 4.13.2+ only
./console diagnostics:unexpected-files
# delete any obsolete files, Matomo 4.13.2+ only
./console diagnostics:unexpected-files --delete
Once Matomo is successfully upgraded, visit the Admin > Diagnostics > System check report and review the report and follow any recommended actions.
# Créer un log journalier dans nginx
access_log /var/log/nginx/mediawiki_access_daily.piwik;
/etc/logrotate.d/nginx
/var/log/nginx/mediawiki_access_daily.piwik {
# archive le log tous les jours à 00h00
daily
# conserve 7 archives
rotate 7
# ajoute la date aux noms des archives
dateext
# format par défaut de la date: -%Y%m%d
dateformat -%Y-%m-%d
# ajoute la date avant l'extension
extension .piwik
missingok
create 640 http log
su http log
compress
postrotate
test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid`
endscript
}
crontab
# tous les jours à 1:00
0 1 * * * import_piwik_log_and_archive.sh
#!/bin/bashset -e
set -o pipefail
set -u
log_file='/var/log/nginx/bananeatomic_access.log'
nb_of_lines_to_skip=0
if [[ -r .piwik-skip ]] ; then
nb_of_lines_to_skip=$(cat .piwik-skip)
fi
nb_of_lines_in_the_log_file=$(wc -l < $log_file)
# si il n'y a pas eu de nouvelles entrées dans le log on ne fait rienif [[ $nb_of_lines_to_skip -eq $nb_of_lines_in_the_log_file ]] ; thenexit 0
# si il le log a été archivéelif [[ $nb_of_lines_to_skip -gt $nb_of_lines_in_the_log_file ]] ; then
nb_of_lines_to_skip=0
fiecho$nb_of_lines_in_the_log_file > .piwik-skip
python2 /srv/http/piwik/misc/log-analytics/import_logs.py \
--url=http://piwik.mon-domain.fr \
"$log_file" \
--recorders=4 \
--exclude-path="/load.php" \
--exclude-path="/api.php" \
--skip=$nb_of_lines_to_skip# déclencher manuellement l'archivage / la création des rapports
su http -m -c "/usr/bin/php /srv/http/piwik/console core:archive --url=http://piwik.mon-domain.fr"# « http » n'ayant pas le droit de se connecter à un shell, il faut utiliser l'option « -m »
# Mettre à jour la base de données :
/usr/bin/php /srv/http/piwik/console usercountry:attribute 2015-01-01,2016-01-01
# Reconstruire les rapports
/usr/bin/php /srv/http/piwik/console core:archive --force-all-websites --force-all-periods=315576000 --force-date-last-n=1000 --url=http://piwik
# drop all tables starting with archive_ except archive_invalidationsselect concat('drop table ', group_concat(table_name), ';')
from information_schema.tables where table_schema ='matomo'and table_name like'archive_n%'or'archive_b%';
deletefrom log_visit where idsite =1;
deletefrom log_link_visit_action where idsite =1;
deletefrom log_conversion where idsite =1;
deletefrom log_conversion_item where idsite =1;
wget https://builds.matomo.org/matomo.zip
unzip matomo.zip
rm -f matomo.zip How\ to\ install\ Matomo.html
sudo mv matomo /var/www
sudo chown -R root:root /var/www/matomo
sudo chown www-data:www-data /var/www/matomo/tmp
sudo chown www-data:www-data /var/www/matomo/matomo.js # the js tracker has to be writable
sudo chown -R www-data:www-data /var/www/matomo/config # only for the installation# after the installation, reset access rights to the config folder
sudo chown -R root:root /var/www/matomo/config
# but allow to modifiy the config.ini.php file
sudo chown www-data:www-data /var/www/matomo/config/config.ini.php
server {
server_name matomo.localserver;
listen80;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.location / {
return301 https://$host$request_uri;
}
}
server {
server_name matomo.localserver;
listen443 ssl http2;
root /var/www/matomo;
index index.php;
ssl_certificate /etc/letsencrypt/live/matomo.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matomo.example.com/privkey.pem;
add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instanceadd_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
allow192.168.0.0/24;
deny all;
access_log /var/log/nginx/matomo-access.log;
error_log /var/log/nginx/matomo-error.log;
## only allow accessing the following php fileslocation~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/fastcgi_pass unix:/var/run/php/php-fpm.sock;
}
## deny access to all other .php fileslocation~* ^.+\.php$ {
deny all;
return403;
}
## serve all other files normallylocation / {
try_files$uri$uri/ =404;
}
## disable all access to the following directorieslocation~ ^/(config|tmp|core|lang) {
deny all;
return403; # replace with 404 to not show these directories exist
}
location~ /\.ht {
deny all;
return403;
}
location~ js/container_.*_preview\.js$ {
expiresoff;
add_header Cache-Control 'private, no-cache, no-store';
}
location~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2)$ {
allow all;
## Cache images,CSS,JS and webfonts for an hour## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgradeexpires1h;
add_header Pragma public;
add_header Cache-Control "public";
}
location~ ^/(libs|vendor|plugins|misc|node_modules) {
deny all;
return403;
}
## properly display textfiles in root directorylocation ~/(.*\.md|LEGALNOTICE|LICENSE) {
default_type text/plain;
}
}
Nginx et uwsgi
/etc/nginx/nginx.conf
server {
listen80;
server_name piwik;
root /usr/share/webapps/piwik;
index index.php;
location~ \.php$ {
include uwsgi_params;
uwsgi_modifier114;
uwsgi_pass unix:/run/uwsgi/piwik.sock;
}
}
/etc/uwsgi/piwik.ini
[uwsgi]; loglogger = file:/var/log/uwsgi/%n.log
; maximum number of worker processesprocesses = 40; start with only 4 and spawn the others on demand, maintaining a minimal pool of 4 processes.cheaper = 1; the user and group id of the process once it’s starteduid = http
gid = http
master = truesocket = /run/uwsgi/%n.sock
chdir = /usr/share/webapps/%n
; clear environment on exitvacuum = true; phpplugins = php
php-docroot = /usr/share/webapps/%n
php-index = index.php
php-allowed-ext = .php
; For some mysterious reason, the opcode cache is disabled in the embed SAPI.; You can bypass the problem by telling the PHP engine that is running under the apache SAPIphp-sapi-name = apache
; extensionsphp-set = extension=pdo_mysql.so
php-set = extension=iconv.so
php-set = extension=geoip.so
; php configphp-set = open_basedir=/usr/share/webapps/piwik/:/tmp/:/usr/share/GeoIP/
php-set = iconv.input_encoding=ISO-8859-1php-set = iconv.internal_encoding=ISO-8859-1php-set = iconv.output_encoding=ISO-8859-1; To give Piwik enough memory to process your web analytics reports, increase the memory limit to 512Mphp-set = memory_limit=512M
; define the GeoIP directoryphp-set = geoip.custom_directory=/usr/share/GeoIP/
be sure to have the write rights on /var/www/matomo/plugins
Marketplace on the left menu → Browse
Useful plugins and themes
Name
Description
Security Info
provides security information about your PHP environment and offers suggestions based on PhpSecInfo
Tracking Spam Prevention
prevent spammers and bots from making your data inaccurate
Provider
reports the Internet Service Provider of the visitors
Log Viewer
display log messages logged by Matomo
Bot Tracker
detection of bots & spiders and count their visits without tracking them in the visitor-log
Erreurs
Can't get stat of '/usr/share/webapps/piwik/tmp/assets/option-xx.csv' (Errcode: 13 "Permission denied")
Administration → Diagnostic → System Check → Database abilities: LOAD DATA INFILE
# le dossier assets n'est pas accessible par mysql
ll /usr/share/webapps/piwik/tmp/assets
# drwxr-x---chmod o+rx /usr/share/webapps/piwik/tmp/assets
ll /usr/share/webapps/piwik/tmp/assets
# drwxr-xr-x
The mysql driver is not currently installed
Décommentez la ligne suivante
/etc/php/php.ini
extension=pdo_mysql.so
# redemarrez le serveur
sudo systemctl restart httpd
SQLSTATE[HY000] [2002] Connection refused
Mauvais hôte, identifiant ou mot de passe.
Essayez localhost au lieu de 127.0.0.1
You need to configure and rebuild PHP with "iconv" support enabled, --with-iconv