Introduction
This is a short and straightforward guide on installing Matomo on servers running Ubuntu 20.04.
We will describe which terminal commands should be used for the first part of the Matomo installation, while you will complete the next part via the web interface.
Prerequisites
You can find the instructions related to the configuration on the Matomo website.
You must install the following packages on the server - unless they are already installed:
- PHP version 7.2.5 or higher;
- MySQL version 5.5 or higher or MariaDB;
- NGINX.
Finally, you need a domain name (e.g.: matomo.domain.com).
1. Verifying that the Ubuntu 20.04 server is up to date
Once logged in via SSH to the server, check for any updates:
sudo apt update
sudo apt upgrade
Install some dependencies (if they are not already installed on the server):
apt install curl wget unzip gnupg2 -y
2. Install the necessary packages
If you don’t have the packages listed under prerequisites already installed on your server, proceed with their installation as follows:
We propose two solutions depending on whether you want to install MySQL or MariaDB to create the database. We point out that these are two different solutions, where MySQL was the first to be developed in 1995, while MariaDB is a fork of MySQL developed in 2009. On the Internet, you can find several contributions comparing the two solutions.
In our case, we will use MariaDB.
And therefore, for installation purposes, opt for one of the following solutions that are alternatives to each other:
- For the database to be created if you want to install MYSQL only, proceed as follows:
apt install nginx mysql-server php7.4 php7.4-cli php7.4-fpm php7.4-common php7.4-curl php7.4-gd php7.4-xml php7.4-mbstring php7.4-mysql -y
- For the database you will need to create if you want to install only MariaDB, proceed as follows:
apt install nginx mariadb-server php7.4 php7.4-cli php7.4-fpm php7.4-common php7.4-curl php7.4-gd php7.4-xml php7.4-mbstring php7.4-mysql -y
3. Create the database
Access MySQL or MariaDB - without setting a password - with the following command:
sudo mysql -u root
After typing the command above, you will be presented with a prompt as follows:
MariaDB [(none)]>
If it were MySQL, you would have
mysql>
Then, proceed to create the database as follows:
CREATE DATABASE matomo;
Then you have to create user and password as follows, deciding - if you want - to change matomoadmin
with another username (it will be the one used to access the database), but replace strongpassword
with the password that the system will use to access the Matomo database.
CREATE USER 'matomoadmin'@'localhost' IDENTIFIED BY 'strongpassword';
Then, you have to grant the created user (assuming he intends to leave matomoadmin
, otherwise change to the chosen username) full access to the database like this:
GRANT ALL ON matomo.* TO 'matomoadmin'@'localhost';
Save the settings as follows:
FLUSH PRIVILEGES;
Exit the MariaDB or MySQL shell by typing:
exit;
4. Installing Matomo
Before installing Matomo, run these commands on the server:
Move to the folder where you will install Matomo:
cd /var/www/
then, with the command wget
we download the file “matomo.zip” by typing the link present on the Matomo installation page, and then we unzip the file:
wget https://builds.matomo.org/matomo.zip && unzip matomo.zip
The “matomo.zip” file will be downloaded and then automatically unzipped into the “matomo” folder, which will be in /var/www/
In fact, by typing
ls -la
You will see the folder “matomo” which will be in /var/www/matomo/
At this point, you will have to assign ownership to the user “www-data” for the folder “matomo” as follows
sudo chown -R www-data:www-data /var/www/matomo
Change the permissions for accessing the “matomo” folder as follows
sudo chmod -R 755 /var/www/matomo
5. Configuring NGINX with a domain name
You must create an NGINX configuration file for proper addressing if you have a domain name.
On the Matomo website at this page, clicking on Nginx, you will direct to a GitHub page where you can download the NGINX configuration file.
Then, on the server, move to the NGINX sites-available
folder as follows
cd /etc/nginx/sites-available/
Create a file to which we will give the name “domainname.conf” as follows
nano nomeadominio.conf
Create a file to which we will give the name “domainname.conf” as follows
server {
listen [::]:80; # remove this if you don't want Matomo to be reachable from IPv6
listen 80;
server_name matomo.domainname.com;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
location / {
return 301 https://$host$request_uri;
}
}
server {
listen [::]:443 ssl http2; # remove this if you don't want Matomo to be reachable from IPv6
listen 443 ssl http2;
server_name matomo.domainname.com; # list all domains Matomo should be reachable from
access_log /var/log/nginx/matomo.access.log;
error_log /var/log/nginx/matomo.error.log;
## uncomment if you want to enable HSTS with 6 months cache
## ATTENTION: Be sure you know the implications of this change (you won't be able to disable HTTPS anymore)
#add_header Strict-Transport-Security max-age=15768000 always;
## replace with your SSL certificate
ssl_certificate /etc/letsencrypt/live/matomo.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matomo.example.com/privkey.pem;
# include ssl.conf; # if you want to support older browsers, please read through this file
add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instance
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
root /var/www/matomo/; # replace with path to your matomo instance
index index.php;
## only allow accessing the following php files
location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php$ {
include snippets/fastcgi-php.conf; # if your Nginx setup doesn't come with a default fastcgi-php config, you can fetch it from https://github.com/nginx/nginx/blob/master/conf/fastcgi.conf
#try_files $fastcgi_script_name =404; # protects against CVE-2019-11043. If this line is already included in your snippets/fastcgi-php.conf you can comment it here.
fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; #replace with the path to your PHP socket file
#fastcgi_pass 127.0.0.1:9000; # uncomment if you are using PHP via TCP sockets (e.g. Docker container)
}
## deny access to all other .php files
location ~* ^.+\.php$ {
deny all;
return 403;
}
## serve all other files normally
location / {
try_files $uri $uri/ =404;
}
## disable all access to the following directories
location ~ ^/(config|tmp|core|lang) {
deny all;
return 403; # replace with 404 to not show these directories exist
}
location ~ /\.ht {
deny all;
return 403;
}
location ~ js/container_.*_preview\.js$ {
expires off;
add_header Cache-Control 'private, no-cache, no-store';
}
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
allow all;
## Cache images,CSS,JS and webfonts for an hour
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
expires 1h;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~ ^/(libs|vendor|plugins|misc|node_modules) {
deny all;
return 403;
}
## properly display textfiles in root directory
location ~/(.*\.md|LEGALNOTICE|LICENSE) {
default_type text/plain;
}
}
# vim: filetype=nginx
Once pasted, close the editor with Ctrl+X and type Y to save the file.
To verify that the configuration of the file is correct, type
nginx -t
If we get the following answer
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
It means that the configuration is correct. In this case, we can create the link in the folder /etc/nginx/sites-enabled/
highlighting that “nomeadominio.conf” is the name of the chosen Nginx configuration end.
Then we will type
ln -s /etc/nginx/sites-enabled/nomeadominio.conf /etc/nginx/sites-available/nomeadominio.conf
At this point, we restart Nginx with
systemctl restart nginx
6. Installing SSL certificate with Let’s Encrypt
To get a connection to matomo.domainname.com with HTTPS protocol, we install an SSL certificate with certbot
as follows:
certbot --nginx
At this point, follow the indications that appear in the terminal, paying attention to choose the item that corresponds to the domain name (we had exemplified with “matomo.domainname.com” and then choose No. 2, namely:
“2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you’re confident your site works on HTTPS. You can undo this change by editing your web server’s configuration.”.
7. Complete the installation with the browser
At this point, open the browser and type in the address bar the domain name we had set (in our case matomo.domainname.com).
If everything goes well, the web page from which to complete the configuration of Matomo will appear, as you can see on the official website.
If this resource was helpful, you could contribute by
Or donate via
Follow us on Mastodon
Stay tuned!