From c74c04c3f5a69014def43fdbabf0272f719a9dc8 Mon Sep 17 00:00:00 2001 From: Michel Memeteau Date: Tue, 7 Apr 2020 14:46:48 +0200 Subject: [PATCH 01/11] move to matomo 3-fpm (WIP) --- docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index b83e52c..33793e7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,7 +14,7 @@ services: networks: - back app: - image: piwik:fpm + image: matomo:3-fpm links: - db volumes: @@ -35,7 +35,7 @@ services: - back - lb_web cron: - image: piwik:fpm + image: matomo:3-fpm links: - db volumes_from: -- GitLab From dde8aa4aec25483b3f3f9994aa8b851880493d09 Mon Sep 17 00:00:00 2001 From: Michel Memeteau Date: Fri, 9 Apr 2021 08:22:37 +0200 Subject: [PATCH 02/11] Create install file for matomo --- scripts/install | 81 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 scripts/install diff --git a/scripts/install b/scripts/install new file mode 100644 index 0000000..a087dac --- /dev/null +++ b/scripts/install @@ -0,0 +1,81 @@ +#!/bin/bash -eux + +#Versions + +#source /etc/environment + +MATOMO_VERSION=4.2.1-fpm +MYSQL_VERSION=5.7 + +#Passwords + +MYSQL_ROOT_PASSWORD=`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 20 | xargs` +ADMIN_PASSWD=`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 20 | xargs` + +MYSQL_PASSWORD=`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 20 | xargs` + +MATOMO_DATABASE_PASSWORD=$MYSQL_PASSWORD + + +MATOMO_DATABASE_HOST=db + + + +var=$(for folder in `ls /data/domains`; do cat /data/domains/$folder/.env | grep SUBNET | cut -d"=" -f2; done | sort | tail -n1) +SUBNET=$(($var +1)) + + +# vars + + + +echo "SUBNET=${SUBNET}" >> .env + +echo "URL=${URL}" >> .env +#echo "VIRTUAL_HOST=${URL}" >> .env + +echo "MAIL_DOMAIN=${MAIL_DOMAIN}" >> .env +echo "SMTP_HOST=${MAIL_HOST}" >> .env +echo "SMTP_PORT=${MAIL_PORT}" >> .env +echo "SMTP_PASSWORD=${MAIL_PASS}" >> .env +echo "MAIL_FROM_ADDRESS=${MAIL_USER}" >> .env +echo "SMTP_NAME=${MAIL_USER}" >> .env + +#APP specific + +echo "MATOMO_DATABASE_HOST=${MATOMO_DATABASE_HOST} >> .env + + + +MYSQL_DATABASE=matomo +MYSQL_USER=matomo +MATOMO_DATABASE_ADAPTER=mysql +MATOMO_DATABASE_TABLES_PREFIX=matomo_ +MATOMO_DATABASE_USERNAME=matomo + +MATOMO_DATABASE_DBNAME=matomo + + + +#APP specific + +echo "MYSQL_DATABASE=${MYSQL_DATABASE}" >> .env + +echo "MYSQL_USER=${MYSQL_USER}" >> .env + +echo "MATOMO_DATABASE_ADAPTER=${MATOMO_DATABASE_ADAPTER}" >> .env + +echo "MATOMO_DATABASE_TABLES_PREFIX=${MATOMO_DATABASE_TABLES_PREFIX}" >> .env + +echo "MATOMO_DATABASE_USERNAME=${MATOMO_DATABASE_USERNAME}" >> .env + + +echo "MATOMO_DATABASE_DBNAME=${MATOMO_DATABASE_DBNAME}" >> .env + + + + + + +echo "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}" >> .env +echo "MYSQL_VERSION=${MYSQL_VERSION}" >> .env -- GitLab From 7eabb20154d96e8be7082537e30da258141c3164 Mon Sep 17 00:00:00 2001 From: Michel Memeteau Date: Fri, 9 Apr 2021 08:41:14 +0200 Subject: [PATCH 03/11] Update nginx.conf with Matomo one --- nginx.conf | 123 ++++++++++++++++++++++++++++------------------------- 1 file changed, 66 insertions(+), 57 deletions(-) diff --git a/nginx.conf b/nginx.conf index 765223c..56876d6 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,60 +1,69 @@ -user www-data; - -events { - worker_connections 768; +upstream php-handler { + server app:9000; } -http { - upstream backend { - server app:9000; - } - - include /etc/nginx/mime.types; - default_type application/octet-stream; - gzip on; - gzip_disable "msie6"; - - server { - listen 80; - - root /var/www/html/; - index index.php index.html index.htm; - - location / { - try_files $uri $uri/ =404; - } - - error_page 404 /404.html; - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location ~ \.php$ { - fastcgi_param GATEWAY_INTERFACE CGI/1.1; - fastcgi_param SERVER_SOFTWARE nginx; - fastcgi_param QUERY_STRING $query_string; - fastcgi_param REQUEST_METHOD $request_method; - fastcgi_param CONTENT_TYPE $content_type; - fastcgi_param CONTENT_LENGTH $content_length; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; - fastcgi_param REQUEST_URI $request_uri; - fastcgi_param DOCUMENT_URI $document_uri; - fastcgi_param DOCUMENT_ROOT $document_root; - fastcgi_param SERVER_PROTOCOL $server_protocol; - fastcgi_param REMOTE_ADDR $remote_addr; - fastcgi_param REMOTE_PORT $remote_port; - fastcgi_param SERVER_ADDR $server_addr; - fastcgi_param SERVER_PORT $server_port; - fastcgi_param SERVER_NAME $server_name; - fastcgi_intercept_errors on; - fastcgi_pass backend; - } - } +server { + listen 80; + + add_header Referrer-Policy origin; # make sure outgoing links don't show the URL to the Matomo instance + root /var/www/html; # replace with path to your matomo instance + index index.php; + try_files $uri $uri/ =404; + + ## only allow accessing the following php files + location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs).php { + # regex to split $uri to $fastcgi_script_name and $fastcgi_path + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + # Check that the PHP script exists before passing it + try_files $fastcgi_script_name =404; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/ + fastcgi_pass php-handler; + } + + ## deny access to all other .php files + location ~* ^.+\.php$ { + deny all; + return 403; + } + + ## disable all access to the following directories + location ~ /(config|tmp|core|lang) { + deny all; + return 403; # replace with 404 to not show these directories exist + } + location ~ /\.ht { + deny all; + return 403; + } + + location ~ js/container_.*_preview\.js$ { + expires off; + add_header Cache-Control 'private, no-cache, no-store'; + } + + location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ { + allow all; + ## Cache images,CSS,JS and webfonts for an hour + ## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade + expires 1h; + add_header Pragma public; + add_header Cache-Control "public"; + } + + location ~ /(libs|vendor|plugins|misc/user) { + deny all; + return 403; + } + + ## properly display textfiles in root directory + location ~/(.*\.md|LEGALNOTICE|LICENSE) { + default_type text/plain; + } } + +# vim: filetype=nginx -- GitLab From d6611fe65cab5d8c8d2a9cd97f711cb6b8a19e25 Mon Sep 17 00:00:00 2001 From: Michel Memeteau Date: Fri, 9 Apr 2021 08:46:09 +0200 Subject: [PATCH 04/11] Update docker-compose.yml for libresh 1.2 --- docker-compose.yml | 65 ++++++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 34 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 33793e7..eb4b965 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,30 +1,18 @@ -version: '2' +version: '2.4' networks: lb_web: external: true back: driver: bridge + ipam: + driver: default + config: + - subnet: 10.0.${SUBNET}.0/24 services: - db: - image: mysql:5.7 - volumes: - - ./mysql/runtime:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD - networks: - - back - app: - image: matomo:3-fpm - links: - - db - volumes: - - ./config:/var/www/html/config - networks: - - back web: image: nginx volumes: - - ./nginx.conf:/etc/nginx/nginx.conf:ro + - ./nginx.conf:/etc/nginx/conf.d/default.conf links: - app volumes_from: @@ -32,21 +20,30 @@ services: environment: - VIRTUAL_HOST networks: - - back - - lb_web - cron: - image: matomo:3-fpm + - back + - lb_web + app: + image: matomo:${MATOMO_VERSION} + volumes: + - ./data/html:/var/www/html/ links: - - db - volumes_from: - - app - entrypoint: | - bash -c 'bash -s < Date: Fri, 9 Apr 2021 08:51:10 +0200 Subject: [PATCH 05/11] use Mariadb --- scripts/install | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index a087dac..04d00c2 100644 --- a/scripts/install +++ b/scripts/install @@ -5,7 +5,8 @@ #source /etc/environment MATOMO_VERSION=4.2.1-fpm -MYSQL_VERSION=5.7 +#Mariadb +MYSQL_VERSION=10.5 #Passwords -- GitLab From 714c5f6715456a2802fceee2a09922f9b39fe8a9 Mon Sep 17 00:00:00 2001 From: Michel Memeteau Date: Fri, 9 Apr 2021 09:11:41 +0200 Subject: [PATCH 06/11] install +x --- scripts/install | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 scripts/install diff --git a/scripts/install b/scripts/install old mode 100644 new mode 100755 -- GitLab From 5e2833861afd8b94f0ba13eca3ea15ee152ad147 Mon Sep 17 00:00:00 2001 From: Michel Memeteau Date: Fri, 9 Apr 2021 09:31:44 +0200 Subject: [PATCH 07/11] Fix quote error --- scripts/install | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/scripts/install b/scripts/install index 04d00c2..c5a548a 100755 --- a/scripts/install +++ b/scripts/install @@ -20,16 +20,11 @@ MATOMO_DATABASE_PASSWORD=$MYSQL_PASSWORD MATOMO_DATABASE_HOST=db - - var=$(for folder in `ls /data/domains`; do cat /data/domains/$folder/.env | grep SUBNET | cut -d"=" -f2; done | sort | tail -n1) SUBNET=$(($var +1)) - # vars - - echo "SUBNET=${SUBNET}" >> .env echo "URL=${URL}" >> .env @@ -44,12 +39,9 @@ echo "SMTP_NAME=${MAIL_USER}" >> .env #APP specific -echo "MATOMO_DATABASE_HOST=${MATOMO_DATABASE_HOST} >> .env - - - MYSQL_DATABASE=matomo MYSQL_USER=matomo + MATOMO_DATABASE_ADAPTER=mysql MATOMO_DATABASE_TABLES_PREFIX=matomo_ MATOMO_DATABASE_USERNAME=matomo @@ -57,7 +49,6 @@ MATOMO_DATABASE_USERNAME=matomo MATOMO_DATABASE_DBNAME=matomo - #APP specific echo "MYSQL_DATABASE=${MYSQL_DATABASE}" >> .env @@ -70,13 +61,10 @@ echo "MATOMO_DATABASE_TABLES_PREFIX=${MATOMO_DATABASE_TABLES_PREFIX}" >> .env echo "MATOMO_DATABASE_USERNAME=${MATOMO_DATABASE_USERNAME}" >> .env +echo "MATOMO_DATABASE_HOST=${MATOMO_DATABASE_HOST}" >> .env echo "MATOMO_DATABASE_DBNAME=${MATOMO_DATABASE_DBNAME}" >> .env - - - - echo "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}" >> .env echo "MYSQL_VERSION=${MYSQL_VERSION}" >> .env -- GitLab From 44c1eb5b0c7b0aacb72210dd5c027eb048b32494 Mon Sep 17 00:00:00 2001 From: Michel Memeteau Date: Fri, 9 Apr 2021 09:34:26 +0200 Subject: [PATCH 08/11] add MATOMO_VERSION in .env --- scripts/install | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/install b/scripts/install index c5a548a..6e09487 100755 --- a/scripts/install +++ b/scripts/install @@ -51,6 +51,10 @@ MATOMO_DATABASE_DBNAME=matomo #APP specific + +echo "MATOMO_VERSION=${MATOMO_VERSION}" >> .env + + echo "MYSQL_DATABASE=${MYSQL_DATABASE}" >> .env echo "MYSQL_USER=${MYSQL_USER}" >> .env -- GitLab From 13458efdf9e9980dcdae778dfaa67f7293e6be44 Mon Sep 17 00:00:00 2001 From: Michel Memeteau Date: Fri, 9 Apr 2021 12:47:36 +0200 Subject: [PATCH 09/11] Add MYSQL_PASSWORD --- scripts/install | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/scripts/install b/scripts/install index 6e09487..c17b9fc 100755 --- a/scripts/install +++ b/scripts/install @@ -11,13 +11,10 @@ MYSQL_VERSION=10.5 #Passwords MYSQL_ROOT_PASSWORD=`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 20 | xargs` -ADMIN_PASSWD=`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 20 | xargs` - MYSQL_PASSWORD=`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 20 | xargs` - MATOMO_DATABASE_PASSWORD=$MYSQL_PASSWORD - +#app MATOMO_DATABASE_HOST=db var=$(for folder in `ls /data/domains`; do cat /data/domains/$folder/.env | grep SUBNET | cut -d"=" -f2; done | sort | tail -n1) @@ -39,25 +36,25 @@ echo "SMTP_NAME=${MAIL_USER}" >> .env #APP specific -MYSQL_DATABASE=matomo -MYSQL_USER=matomo - MATOMO_DATABASE_ADAPTER=mysql + MATOMO_DATABASE_TABLES_PREFIX=matomo_ + MATOMO_DATABASE_USERNAME=matomo MATOMO_DATABASE_DBNAME=matomo -#APP specific +#Db specific +MYSQL_DATABASE=matomo -echo "MATOMO_VERSION=${MATOMO_VERSION}" >> .env +MYSQL_USER=matomo -echo "MYSQL_DATABASE=${MYSQL_DATABASE}" >> .env +#APP specific -echo "MYSQL_USER=${MYSQL_USER}" >> .env +echo "MATOMO_VERSION=${MATOMO_VERSION}" >> .env echo "MATOMO_DATABASE_ADAPTER=${MATOMO_DATABASE_ADAPTER}" >> .env @@ -69,6 +66,17 @@ echo "MATOMO_DATABASE_HOST=${MATOMO_DATABASE_HOST}" >> .env echo "MATOMO_DATABASE_DBNAME=${MATOMO_DATABASE_DBNAME}" >> .env +echo "MATOMO_DATABASE_PASSWORD=${MATOMO_DATABASE_PASSWORD}" >> .env + + +#DB specific + +echo "MYSQL_DATABASE=${MYSQL_DATABASE}" >> .env + +echo "MYSQL_USER=${MYSQL_USER}" >> .env + +echo "MYSQL_PASSWORD=${MYSQL_PASSWORD}" >> .env echo "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}" >> .env + echo "MYSQL_VERSION=${MYSQL_VERSION}" >> .env -- GitLab From 8f2cb9b3d22ca9d5d7716be525da7b5a5503f5ac Mon Sep 17 00:00:00 2001 From: Michel Memeteau Date: Mon, 12 Apr 2021 16:48:59 +0200 Subject: [PATCH 10/11] source /etc/environment --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index c17b9fc..a6d9376 100755 --- a/scripts/install +++ b/scripts/install @@ -2,7 +2,7 @@ #Versions -#source /etc/environment +source /etc/environment MATOMO_VERSION=4.2.1-fpm #Mariadb -- GitLab From 12c4a79f1413a71d8f6aeb1aaf0d544cedf698eb Mon Sep 17 00:00:00 2001 From: Michel Memeteau Date: Thu, 14 Apr 2022 09:58:40 +0000 Subject: [PATCH 11/11] Move to 4.8-fpm --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index a6d9376..432eac3 100755 --- a/scripts/install +++ b/scripts/install @@ -4,7 +4,7 @@ source /etc/environment -MATOMO_VERSION=4.2.1-fpm +MATOMO_VERSION=4.8-fpm #Mariadb MYSQL_VERSION=10.5 -- GitLab