One place for hosting & domains

      Analytics

      How To Install Matomo Web Analytics on Ubuntu 20.04


      Introduction

      Matomo is an open-source, self-hosted web analytics application written in PHP.

      In this tutorial you will install Matomo and a MariaDB database using Docker Compose, then install Nginx to act as a reverse proxy for the Matomo app. Finally, you will enable secure HTTPS connections by using Certbot to download and configure SSL certificates from the Let’s Encrypt Certificate Authority.

      Prerequisites

      In order to complete this tutorial, you’ll first need the following:

      Note: These prerequisite steps can be skipped if you’re using DigitalOcean’s One-Click Docker Image. This image will have Docker, Docker Compose, and UFW already installed and configured.

      Launch a new Docker image in the region of your choice, then log in as the root user and proceed with the tutorial. Because you’ll be using the root user, you could leave off the sudo parts of all the commands that follow, but it’s not necessary.

      Finally, to enable SSL you’ll need a domain name pointed at your server’s public IP address. This should be something like example.com or matomo.example.com, for instance. If you’re using DigitalOcean, please see our DNS Quickstart for information on creating domain resources in our control panel.

      When you’ve satisfied all the prerequisites, proceed to Step 1, where you’ll download and launch the Matomo software.

      Step 1 — Running Matomo and MariaDB with Docker Compose

      Your first step will be to create the Docker Compose configuration that will launch containers for both the Matomo app and a MariaDB database.

      This tutorial will put your configuration inside a matomo directory in your home directory. You could also choose to work in an /opt/matomo directory or some other directory of your choosing.

      First ensure you’re in your home directory:

      Then create the matomo directory and cd into it:

      Now open a new blank YAML file called docker-compose.yml:

      This is the configuration file that the docker-compose software will read when bringing up your containers. Paste the following into the file:

      docker-compose.yml

      version: "3"
      
      services:
        db:
          image: mariadb
          command: --max-allowed-packet=64MB
          restart: always
          environment:
            - MARIADB_DATABASE=matomo
            - MARIADB_USER
            - MARIADB_PASSWORD
            - MARIADB_ROOT_PASSWORD
          volumes:
            - ./db:/var/lib/mysql
      
        app:
          image: matomo
          restart: always
          volumes:
            - ./matomo:/var/www/html
          ports:
            - 127.0.0.1:8080:80
      

      The file defines two services, one db service which is the MariaDB container, and an app service which runs the Matomo software. Both services also reference a named volume where they store some data, and the app service also opens up port 8080 on the loopback (127.0.0.1) interface, which we’ll connect to via localhost.

      Save the file and exit your text editor to continue. In nano, press CTRL+O then ENTER to save, then CTRL+X to exit.

      The MariaDB container needs some configuration to be passed to it through environment variables in order to function. The docker-compose.yml file lists these environment variables, but not all of them have associated values. That’s because it’s good practice to keep passwords out of your docker-compose.yml file, especially if you’ll be committing it to a Git repository or other source control system.

      Instead, we’ll put the necessary information in a .env file in the same directory, which the docker-compose command will automatically load when we start our containers.

      Open a new .env file with nano:

      You’ll need to fill in a user name and password, as well as a strong password for the MariaDB root superuser account:

      .env

      MARIADB_USER=matomo
      MARIADB_PASSWORD=a_strong_password_for_user
      MARIADB_ROOT_PASSWORD=a_strong_password_for_root
      

      One way of generating a strong password is to use the openssl command, which should be available on most any operating system. The following command will print out a random 30 character hash that you can use as a password:

      • openssl rand 30 | base64 -w 0 ; echo

      When you’re done filling out the information in your .env file, save it and exit your text editor.

      You’re now ready to bring up the two containers with docker-compose:

      • sudo docker-compose up -d

      The up subcommand tells docker-compose to start the containers (and volumes and networks) defined in the docker-compose.yml file, and the -d flag tells it to do so in the background (“daemonize”) so the command doesn’t take over your terminal. docker-compose will print some brief output as it starts the containers:

      Output

      Creating matomo_db_1 ... done Creating matomo_app_1 ... done

      When that’s done, Matomo should be running. You can test that a webserver is running at localhost:8080 by fetching the homepage using the curl command:

      • curl --head http://localhost:8080

      This will print out only the HTTP headers from the response:

      Output

      HTTP/1.1 200 OK Date: Tue, 25 Jan 2022 19:56:16 GMT Server: Apache/2.4.51 (Debian) X-Powered-By: PHP/8.0.14 X-Matomo-Request-Id: 1e953 Cache-Control: no-store, must-revalidate Referrer-Policy: same-origin Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; Set-Cookie: MATOMO_SESSID=dde7d477b0822e166ed90448964ec1e7; path=/; HttpOnly; SameSite=Lax Content-Type: text/html; charset=utf-8

      The 200 OK response means the Matomo server is up and running, but it’s only available on localhost. The highlighted X-Matomo-Request-Id header indicates that the server is Matomo and not something else that might be configured to listen on port 8080. Next we’ll set up Nginx to proxy public traffic to the Matomo container.

      Step 2 — Installing and Configuring Nginx

      Putting a web server such as Nginx in front of your Matomo server can improve performance by offloading caching, compression, and static file serving to a more efficient process. We’re going to install Nginx and configure it to reverse proxy requests to Matomo, meaning it will take care of handing requests from your users to Matomo and back again. Using a non-containerized Nginx will also make it easier to add Let’s Encrypt SSL certificates in the next step.

      First, refresh your package list, then install Nginx using apt:

      • sudo apt update
      • sudo apt install nginx

      Allow public traffic to ports 80 and 443 (HTTP and HTTPS) using the “Nginx Full” UFW application profile:

      • sudo ufw allow "Nginx Full"

      Output

      Rule added Rule added (v6)

      Next, open up a new Nginx configuration file in the /etc/nginx/sites-available directory. We’ll call ours matomo.conf but you could use a different name:

      • sudo nano /etc/nginx/sites-available/matomo.conf

      Paste the following into the new configuration file, being sure to replace your_domain_here with the domain that you’ve configured to point to your Matomo server. This should be something like matomo.example.com, for instance:

      /etc/nginx/sites-available/matomo.conf

      server {
          listen       80;
          listen       [::]:80;
          server_name  your_domain_here;
      
          access_log  /var/log/nginx/matomo.access.log;
          error_log   /var/log/nginx/matomo.error.log;
      
          location / {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Proto https;
            proxy_pass http://localhost:8080;
        }
      }
      

      This configuration is HTTP-only for now, as we’ll let Certbot take care of configuring SSL in the next step. The rest of the config sets up logging locations and then passes all traffic, as well as some important proxy headers, along to http://localhost:8080, the Matomo container we started up in the previous step.

      Save and close the file, then enable the configuration by linking it into /etc/nginx/sites-enabled/:

      • sudo ln -s /etc/nginx/sites-available/matomo.conf /etc/nginx/sites-enabled/

      Use nginx -t to verify that the configuration file syntax is correct:

      Output

      nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

      And finally, reload the nginx service to pick up the new configuration:

      • sudo systemctl reload nginx

      Your Matomo site should now be available on plain HTTP. Load http://your_domain_here (you may have to click through a security warning) and it will look like this:

      Screenshot of the first page of the Matomo web installation process, with a

      Now that you have your site up and running over HTTP, it’s time to secure the connection with Certbot and Let’s Encrypt certificates. You should do this before going through Matomo’s web-based setup procedure.

      Step 3 — Installing Certbot and Setting Up SSL Certificates

      Thanks to Certbot and the Let’s Encrypt free certificate authority, adding SSL encryption to our Matomo app will take only two commands.

      First, install Certbot and its Nginx plugin:

      • sudo apt install certbot python3-certbot-nginx

      Next, run certbot in --nginx mode, and specify the same domain you used in the Nginx server_name config:

      • sudo certbot --nginx -d your_domain_here

      You’ll be prompted to agree to the Let’s Encrypt terms of service, and to enter an email address.

      Afterwards, you’ll be asked if you want to redirect all HTTP traffic to HTTPS. It’s up to you, but this is generally recommended and safe to do.

      After that, Let’s Encrypt will confirm your request and Certbot will download your certificate:

      Output

      Congratulations! You have successfully enabled https://matomo.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=matomo.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/matomo.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/matomo.example.com/privkey.pem Your cert will expire on 2021-12-06. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

      Certbot will automatically reload Nginx to pick up the new configuration and certificates. Reload your site and it should switch you over to HTTPS automatically if you chose the redirect option.

      Your site is now secure and it’s safe to continue with the web-based setup steps.

      Step 4 — Setting Up Matomo

      Back in your web browser you should now have Matomo’s Welcome! page open via a secure https:// connection. Now you can enter usernames and passwords safely to complete the installation process.

      Click the Next button. You’ll be taken to the System Check step:

      Screenshot of Matomo's "System Check" page with a list of system properties with green checkmarks next to them

      This is a summary of the system Matomo is running on, and everything should be green checkmarks indicating there are no problems. Scroll all the way to the bottom and click the Next button.

      Now you’ll be on the Database Setup page:

      Screenshot of Matomo's "Database Setup" page, with a form for inputting database connection details

      The information you fill in on this page will tell the Matomo application how to connect to the MariaDB database. You’ll need the MARIADB_USER and MARIADB_PASSWORD that you chose in Step 1. You can copy them out of your .env file if you need to.

      Fill out the first four fields:

      • Database Server: db
      • Login: the username you set in the MARIADB_USER environment variable
      • Password: the password you set in the MARIADB_PASSWORD environment variable
      • Database Name: matomo

      The defaults are fine for the remaining two fields.

      Click Next once more. You’ll get a confirmation that the database was set up correctly. Click Next again. You’ll then need to set up an admin user, and finally you’ll set up information about the first website you want to collect analytics for.

      After all that, you should end up on step 8, a Congratulations page. You’re almost all done. Scroll down to the bottom and click the Continue to Matomo button, and you’ll be taken to the homepage:

      Screenshot of the Matomo homepage with a large orange

      There will be a large warning at the top of the page. There’s a small update you’ll need to do to Matomo’s configuration file to finish up this process.

      Back on the command line, open up the configuration file with a text editor:

      • sudo nano matomo/config/config.ini.php

      Near the top you should have a [General] section. Add the last three lines, highlighted below, to the end of that section:

      config.ini.php

      [General]
      proxy_client_headers[] = "HTTP_X_FORWARDED_FOR"
      proxy_host_headers[] = "HTTP_X_FORWARDED_HOST"
      salt = "e0a81d6e54d6d2200efd0f0ef6ef8563"
      trusted_hosts[] = "localhost"
      trusted_hosts[] = "example.com"
      trusted_hosts[] = "localhost:8080"
      assume_secure_protocol = 1
      force_ssl = 1
      

      These options let Matomo know that it’s safe to use port 8080, and that it should assume it’s always being accessed over a secure connection.

      Save and close the configuration file, then switch back to your browser and reload the page. The error should be gone, and you’ll be presented with a login prompt:

      Screenshot of Matomo's "Sign in" screen with a form for username and password

      Log in with the admin account you created during setup, and you should be taken to the dashboard:

      Screenshot of Matomo's homepage dashboard with a placeholder indicating "No data has been recorded yet" and instructions on how to set up the tracking code

      Because you’ve probably not set up your tracking code yet, the dashboard will indicate that no data has been recorded. Follow the instructions to finish setting up the JavaScript code on your website to start receiving analytics data.

      Conclusion

      In this tutorial, you launched the Matamo analytics app and a MariaDB database using Docker Compose, then set up an Nginx reverse proxy and secured it using Let’s Encrypt SSL certificates.

      You’re now ready to set up your website and add the Matomo analytics tracking script. For more information about operating the Matomo software, please see the official Matomo documentation.



      Source link

      How To Install Fathom Analytics on Ubuntu 20.04


      Introduction

      Fathom Analytics is an open-source, self-hosted web analytics application that focuses on simplicity and privacy. It is written in Go and ships as a single binary file, making installation relatively straightforward.

      In this tutorial you will install and configure Fathom, then install Nginx to act as a reverse proxy for the Fathom app. Finally, you will enable secure HTTPS connections by using Certbot to download and configure SSL certificates from the Let’s Encrypt Certificate Authority.

      Prerequisites

      In order to complete this tutorial, you’ll first need the following:

      • An Ubuntu 20.04 server, with the UFW firewall enabled and a non-root user with sudo privileges configured. Please read our Initial Server Setup with Ubuntu 20.04 to learn more about setting up these requirements
      • A domain name pointed at your server’s public IP address. This should be something like example.com or fathom.example.com, for instance. If you’re using DigitalOcean, please see our DNS Quickstart for information on creating domain resources in our control panel.

      When you’ve satisfied all the prerequisites, proceed to Step 1, where you’ll download and install Fathom.

      Step 1 — Downloading Fathom

      To install the Fathom software, you’ll first download the latest release, then extract the executable file to the /usr/local/bin directory.

      First, move to a directory you can write to. The /tmp directory is a good choice:

      In your web browser, visit the GitHub page for Fathom’s latest software release, then find the file with a name like fathom_1.2.1_linux_amd64.tar.gz. The version number may be different.

      Right-click on the link to the file, then select Copy Link (or similar, depending on your browser).

      Use the curl command to download the file from the link you just copied:

      • curl -L -O https://github.com/usefathom/fathom/releases/download/v1.2.1/fathom_1.2.1_linux_amd64.tar.gz

      You should now have a fathom_1.2.1_linux_amd64.tar.gz file in your /tmp directory. Use the tar command to extract the fathom executable and move it to /usr/local/bin:

      • sudo tar -C /usr/local/bin/ -xzf fathom*.tar.gz fathom

      The sudo command is necessary because /usr/local/bin is a protected directory, so you need superuser privileges to write to it.

      Now use sudo and chmod to update the permissions of the fathom binary:

      • sudo chmod +x /usr/local/bin/fathom

      This makes fathom executable. To test it out, run fathom --version:

      Output

      Fathom version 1.2.1, commit 8f7c6d2e45ebb28651208e2a7320e29948ecdb2c, built at 2018-11-30T09:21:37Z

      The command will print out Fathom’s version number and some additional details. You’ve successfully downloaded and installed the Fathom binary. Next you’ll configure and run Fathom for the first time.

      Step 2 — Configuring and Running Fathom

      Before configuring Fathom you’re going to create a new fathom user on your system. This new user account will be used to run the Fathom server, which will help isolate and secure the service.

      Make a new user named fathom with the adduser command:

      • sudo adduser --system --group --home /opt/fathom fathom

      This creates a special --system user, meaning it has no password and cannot log in like a normal user could. We also make a fathom group using the --group flag, and a home directory in /opt/fathom.

      Move to the fathom user’s home directory now:

      Now we have to execute a few commands that need to be run as the fathom user. To do this, open a bash shell as the fathom user using sudo:

      Your prompt will change to something like fathom@host:~$. Until we exit this shell, every command we run will be run as the fathom user.

      Now you’re ready to set up a configuration file for Fathom. One item we’ll need in this configuration file is a random string that Fathom will use for signing and encryption purposes. Use the openssl command to generate a random string now:

      Output

      iKo/rYHFa2hDINjgCcIeeCe9pNglQreQrzrs+qK5tYg=

      Copy the string to your clipboard, or note it down on a temporary scratch document of some sort, then open a new .env file for the configuration:

      This will open a new blank file in the nano text editor. Feel free to use your favorite editor instead.

      Paste the following into the file, making sure to update the random string to the one you generated previously:

      /opt/fathom/.env

      FATHOM_SERVER_ADDR="127.0.0.1:8080"
      FATHOM_DATABASE_DRIVER="sqlite3"
      FATHOM_DATABASE_NAME="fathom.db"
      FATHOM_SECRET="your_random_string_here"
      

      This configuration first specifies that the server should only listen on localhost (127.0.0.1) port 8080, and that it should use an SQLite database file called fathom.db.

      Save and close the file. In nano you can press CTRL+O then ENTER to save, then press CTRL+X to exit.

      Now that the database is configured, we can add the first user to our Fathom instance:

      • fathom user add --email="your_email" --password="your_password"

      Since this is the first time you’re running fathom with the database configured, you should notice some initial database migrations happening:

      Output

      INFO[0000] Fathom version 1.2.1, commit 8f7c6d2e45ebb28651208e2a7320e29948ecdb2c, built at 2018-11-30T09:21:37Z INFO[0000] Configuration file: /opt/fathom/.env INFO[0000] Connected to sqlite3 database: /opt/fathom/fathom.db INFO[0000] Applied 26 database migrations! INFO[0000] Created user sammy@example.com

      Your fathom.db database file is now created and the user is added.

      Start the Fathom server now to test it out:

      Output

      INFO[0000] Fathom version 1.2.1, commit 8f7c6d2e45ebb28651208e2a7320e29948ecdb2c, built at 2018-11-30T09:21:37Z INFO[0000] Configuration file: /opt/fathom/.env INFO[0000] Connected to sqlite3 database: /opt/fathom/fathom.db

      In a second terminal connected to your server, fetch the homepage of your Fathom instance using curl:

      Output

      <!DOCTYPE html> <html class="no-js" lang="en"> <head> <title>Fathom - simple website analytics</title> <link href="https://www.digitalocean.com/community/tutorials/assets/css/styles.css?t=1543569696966" rel="stylesheet"> . . .

      You should see a few lines of HTML code printed to your screen. This shows that the server is up and responding to requests on localhost.

      Back in your first terminal, exit the fathom server process by pressing CTRL+C.

      You’re all done running commands as the fathom user, so exit that session as well:

      Your shell prompt should return to normal.

      Fathom is now fully configured and you’ve successfully run it manually from the command line. Next we’ll set Fathom up to run as a Systemd service.

      Step 3 — Setting Up Fathom as a Systemd Service

      To run fathom serve at all times, even when you’re not logged into the server, you’ll set it up as a service with Systemd. Systemd is a service manager that handles starting, stopping, and restarting services on Ubuntu and many other Linux distributions.

      The fathom.service file you create will contain all the configuration details that Systemd needs to properly run the server. Open the new file now:

      • sudo nano /etc/systemd/system/fathom.service

      Add the following into the file:

      /etc/systemd/system/fathom.service

      [Unit]
      Description=Fathom Analytics server
      Requires=network.target
      After=network.target
      
      [Service]
      Type=simple
      User=fathom
      Group=fathom
      Restart=always
      RestartSec=3
      WorkingDirectory=/opt/fathom
      ExecStart=/usr/local/bin/fathom server
      
      [Install]
      WantedBy=multi-user.target
      

      This file specifies when the service should be launched (After=network.target, meaning after the network is up), that it should be run as the fathom user and group, that Systemd should always try to restart the process if it exits (Restart=always), that it should be run from the /opt/fathom directory, and what command to use to run the server (ExecStart=/usr/local/bin/fathom server).

      Save and close the file. Reload the Systemd config:

      • sudo systemctl daemon-reload

      Enable the service:

      • sudo systemctl enable fathom.service

      Enabling the service means that Systemd will start it automatically during system startup. We’ll also need to start the service manually now, just this once:

      • sudo systemctl start fathom

      Note in the previous command that you can leave off the .service portion of the service name. Finally, check the status of the service to make sure it’s running:

      • sudo systemctl status fathom

      Output

      ● fathom.service - Fathom Analytics server Loaded: loaded (/etc/systemd/system/fathom.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2021-11-03 15:32:45 UTC; 13s ago Main PID: 3748 (fathom) Tasks: 5 (limit: 1136) Memory: 10.3M CGroup: /system.slice/fathom.service └─3748 /usr/local/bin/fathom server Nov 03 15:32:45 ubuntu-fathom systemd[1]: Started Fathom Analytics server. Nov 03 15:32:46 ubuntu-fathom fathom[3748]: time="2021-11-03T15:32:46Z" level=info msg="Fathom version 1.2.1, commit 8f> Nov 03 15:32:46 ubuntu-fathom fathom[3748]: time="2021-11-03T15:32:46Z" level=info msg="Configuration file: /opt/fathom> Nov 03 15:32:46 ubuntu-fathom fathom[3748]: time="2021-11-03T15:32:46Z" level=info msg="Connected to sqlite3 database: >

      The service is up and running again on localhost port 8080. Next we’ll set up Nginx as a reverse proxy to expose the Fathom service to the outside world.

      Step 4 — Installing and Configuring Nginx

      Putting a web server such as Nginx in front of your application server can improve performance by offloading caching, compression, and static file serving to a more efficient process. We’re going to install Nginx and configure it to reverse proxy requests to Fathom, meaning it will take care of handing requests from your users to Fathom and back again.

      First, refresh your package list, then install Nginx using apt:

      • sudo apt update
      • sudo apt install nginx

      Allow public traffic to ports 80 and 443 (HTTP and HTTPS) using the “Nginx Full” UFW application profile:

      • sudo ufw allow "Nginx Full"

      Output

      Rule added Rule added (v6)

      Next, open up a new Nginx configuration file in the /etc/nginx/sites-available directory. We’ll call ours fathom.conf but you could use a different name:

      • sudo nano /etc/nginx/sites-available/fathom.conf

      Paste the following into the new configuration file, being sure to replace your_domain_here with the domain that you’ve configured to point to your Fathom server. This should be something like fathom.example.com, for instance:

      /etc/nginx/sites-available/fathom.conf

      server {
          listen       80;
          listen       [::]:80;
          server_name  your_domain_here;
      
          access_log  /var/log/nginx/fathom.access.log;
          error_log   /var/log/nginx/fathom.error.log;
      
          location / {
            proxy_pass http://localhost:8080;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $host;
        }
      }
      

      This configuration is HTTP-only for now. We’ll let Certbot take care of configuring SSL in the next step. The rest of the config sets up logging locations and then passes all traffic along to our Fathom server at http://localhost:8080, adding a few important proxy forwarding headers along the way.

      Save and close the file, then enable the configuration by linking it into /etc/nginx/sites-enabled/:

      • sudo ln -s /etc/nginx/sites-available/fathom.conf /etc/nginx/sites-enabled/

      Use nginx -t to verify that the configuration file syntax is correct:

      Output

      nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

      And finally, reload the nginx service to pick up the new configuration:

      • sudo systemctl reload nginx

      Your Fathom site should now be available on plain HTTP. Load http://your_domain_here and it will look like this:

      A screenshot of the Fathom login page, with 'Email' and 'Password' textboxes

      Now that you have your site up and running over HTTP, it’s time to secure the connection with Certbot and Let’s Encrypt certificates.

      Step 5 — Installing Certbot and Setting Up SSL Certificates

      Thanks to Certbot and the Let’s Encrypt free certificate authority, adding SSL encryption to our Fathom app will take only two commands.

      First, install Certbot and its Nginx plugin:

      • sudo apt install certbot python3-certbot-nginx

      Next, run certbot in --nginx mode, and specify the same domain you used in the Nginx server_name config:

      • sudo certbot --nginx -d your_domain_here

      You’ll be prompted to agree to the Let’s Encrypt terms of service, and to enter an email address.

      Afterwards, you’ll be asked if you want to redirect all HTTP traffic to HTTPS. It’s up to you, but this is generally recommended and safe to do.

      After that, Let’s Encrypt will confirm your request and Certbot will download your certificate:

      Output

      Congratulations! You have successfully enabled https://Fathom.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=Fathom.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/Fathom.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/Fathom.example.com/privkey.pem Your cert will expire on 2021-12-06. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

      Certbot will automatically reload Nginx to pick up the new configuration and certificates. Reload your site and it should switch you over to HTTPS automatically if you chose the redirect option.

      Your site is now secure and it’s safe to log in with the user details you set up in Step 2.

      When you successfully log in, you’ll see a prompt to get your first website set up with Fathom:

      A screenshot of the Fathom initial setup workflow, asking for the domain of your website

      Once that is done you’ll see the (currently empty) dashboard for the site you just set up:

      A screenshot of the Fathom dashboard, showing no data yet

      You have successfully installed and secured your Fathom analytics software.

      Conclusion

      In this tutorial, you downloaded, installed, and configured the Fathom Analytics app, then set up an Nginx reverse proxy and secured it using Let’s Encrypt SSL certificates.

      You’re now ready to finish setting up your website by adding the Fathom Analytics tracking script to it. Please see the official Fathom Analytics documentation for further information on using the software and setting up your site.



      Source link

      How To Install Plausible Analytics on Ubuntu 20.04


      Introduction

      Plausible Analytics is an open-source, self-hosted web analytics application written in Elixir that focuses on simplicity and privacy. It stores data about your website’s visitors in PostgreSQL and ClickHouse databases.

      In this tutorial you will install Plausible using Docker Compose, then install Nginx to act as a reverse proxy for the Plausible app. Finally, you will enable secure HTTPS connections by using Certbot to download and configure SSL certificates from the Let’s Encrypt Certificate Authority.

      Prerequisites

      In order to complete this tutorial, you’ll first need the following:

      Note: These prerequisite steps can be skipped if you’re using DigitalOcean’s One-Click Docker Image. This image will have Docker, Docker Compose, and UFW already installed and configured.

      Launch a new Docker image in the region of your choice, then log in as the root user and proceed with the tutorial. Optionally, you could leave off the sudo parts of all commands, but it’s not necessary.

      Finally, to enable SSL you’ll need a domain name pointed at your server’s public IP address. This should be something like example.com or plausible.example.com, for instance. If you’re using DigitalOcean, please see our DNS Quickstart for information on creating domain resources in our control panel.

      When you’ve satisfied all the prerequisites, proceed to Step 1, where you’ll download and launch the Plausible software.

      Step 1 – Installing Plausible Analytics with Docker Compose

      Plausible has created a Git repository with all the configuration files needed to self-host the software. Your first step will be to clone this repo to your server, update two configuration files, and then start the Plausible app and database containers.

      Log into your server now.

      First, use the cd command to navigate into the /opt directory:

      Then use the git command to clone the repo from GitHub into a new directory within /opt called plausible:

      • sudo git clone https://github.com/plausible/hosting plausible

      This will pull all the necessary configuration files into /opt/plausible. Move into the newly created directory:

      The first file we need to edit is plausible-conf.env, a file that has a few configuration variables we need to set.

      Before you open the file to edit it, generate a new random hash:

      • openssl rand 64 | base64 -w 0 ; echo

      This uses the openssl command to generate 64 random characters, and the base64 command to base64 encode them. Copy the output to your clipboard, then open the configuration file:

      • sudo nano plausible-conf.env

      The file contains five variables that you’ll need to fill in:

      plausible-conf.env

      ADMIN_USER_EMAIL=your_email_here
      ADMIN_USER_NAME=admin_username
      ADMIN_USER_PWD=admin_password
      BASE_URL=https://your_domain_here
      SECRET_KEY_BASE=paste_your_random_characters_here
      

      Fill in the email, username, password, and base URL, then paste in the random characters you generated with openssl. Note that the password you specify here must be at least six characters long.

      Save the file (CTRL+O then ENTER in nano) and close out of your editor (CTRL+X).

      There are more configuration options you can add to this file, but this minimal set will get you up and running. More information on configuring Plausible through plausible-conf.env can be found in the official Plausible Analytics self-hosting documentation.

      Now you need to update the docker-compose.yml file. This file is what the docker-compose command uses to configure and launch multiple Docker containers. We need to change one option in this file: the IP that Plausible binds to.

      • sudo nano docker-compose.yml

      Find the section that defines the Plausible container. It will start with plausible:. In that section find the ports: definition and update it to the following:

      docker-compose.yml

          ports:
            - 127.0.0.1:8000:8000
      

      This ensures that Plausible is only listening on the localhost interface, and is not publicly available. Even though you have a UFW firewall set up, due to some quirks in how Docker networking works, if you didn’t take this step your Plausible container would be accessible to the public on port 8000, and we only want it accessible through the Nginx proxy you’ll set up in the next step.

      Save and close the docker-compose.yml file, then use docker-compose to download, configure, and launch the containers:

      • sudo docker-compose up --detach

      The --detach flag tells docker-compose to create the containers in the background, detached from our terminal session:

      Output

      . . . Starting plausible_plausible_events_db_1 ... done Starting plausible_plausible_db_1 ... done Starting plausible_mail_1 ... done Starting plausible_plausible_1 ... done

      The app container and all of its supporting mail and database containers should now be running. You can verify this by using the curl command to fetch the homepage of your new Plausible container running on localhost:

      • curl http://localhost:8000

      Output

      <html><body>You are being <a href="https://www.digitalocean.com/login">redirected</a>.</body></html>

      If some HTML is output to your terminal, you know the server is up and running.

      Next, we’ll set up Nginx to reverse proxy Plausible from localhost:8000 to the public.

      Step 2 — Installing and Configuring Nginx

      Putting a web server such as Nginx in front of your elixir server can improve performance by offloading caching, compression, and static file serving to a more efficient process. We’re going to install Nginx and configure it to reverse proxy requests to Plausible, meaning it will take care of handing requests from your users to Plausible and back again.

      First, refresh your package list, then install Nginx using apt:

      • sudo apt update
      • sudo apt install nginx

      Allow public traffic to ports 80 and 443 (HTTP and HTTPS) using the “Nginx Full” UFW application profile:

      • sudo ufw allow "Nginx Full"

      Output

      Rule added Rule added (v6)

      Next, open up a new Nginx configuration file in the /etc/nginx/sites-available directory. We’ll call ours plausible.conf but you could use a different name:

      • sudo nano /etc/nginx/sites-available/plausible.conf

      Paste the following into the new configuration file, being sure to replace your_domain_here with the domain that you’ve configured to point to your Plausible server. This should be something like plausible.example.com, for instance:

      /etc/nginx/sites-available/plausible.conf

      server {
          listen       80;
          listen       [::]:80;
          server_name  your_domain_here;
      
          access_log  /var/log/nginx/plausible.access.log;
          error_log   /var/log/nginx/plausible.error.log;
      
          location / {
            proxy_pass http://localhost:8000;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
      }
      

      This configuration is HTTP-only for now, as we’ll let Certbot take care of configuring SSL in the next step. The rest of the config sets up logging locations and then passes all traffic along to http://localhost:8000, the Plausible instance we started up in the previous step.

      Save and close the file, then enable the configuration by linking it into /etc/nginx/sites-enabled/:

      • sudo ln -s /etc/nginx/sites-available/plausible.conf /etc/nginx/sites-enabled/

      Use nginx -t to verify that the configuration file syntax is correct:

      Output

      nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

      And finally, reload the nginx service to pick up the new configuration:

      • sudo systemctl reload nginx

      Your Plausible site should now be available on plain HTTP. Load http://your_domain_here and it will look like this:

      A screenshot of the Plausible login page, with 'Email' and 'Password' textboxes

      Now that you have your site up and running over HTTP, it’s time to secure the connection with Certbot and Let’s Encrypt certificates.

      Step 3 — Installing Certbot and Setting Up SSL Certificates

      Thanks to Certbot and the Let’s Encrypt free certificate authority, adding SSL encryption to our Plausible app will take only two commands.

      First, install Certbot and its Nginx plugin:

      • sudo apt install certbot python3-certbot-nginx

      Next, run certbot in --nginx mode, and specify the same domain you used in the Nginx server_name config:

      • sudo certbot --nginx -d your_domain_here

      You’ll be prompted to agree to the Let’s Encrypt terms of service, and to enter an email address.

      Afterwards, you’ll be asked if you want to redirect all HTTP traffic to HTTPS. It’s up to you, but this is generally recommended and safe to do.

      After that, Let’s Encrypt will confirm your request and Certbot will download your certificate:

      Output

      Congratulations! You have successfully enabled https://plausible.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=plausible.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/plausible.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/plausible.example.com/privkey.pem Your cert will expire on 2021-12-06. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

      Certbot will automatically reload Nginx to pick up the new configuration and certificates. Reload your site and it should switch you over to HTTPS automatically if you chose the redirect option.

      Your site is now secure and it’s safe to log in with the default user details you set up in Step 1. You will then be prompted to verify your registration, and a verification code will be emailed to the address you configured.

      By default this email is sent directly from your server, which can create issues due to various spam-prevention measures. If you don’t get the email, check your spam folder. If it’s not there as well, you may need to set up more suitable SMTP details in the plausible-conf.env file. See the official Plausible self-hosting documentation for details on mail configuration.

      When you successfully log in, you’ll see a prompt to get your first website set up with Plausible:

      A screenshot of the Plausible initial setup workflow, asking for the domain of your website and a timezone

      You have successfully installed and secured your Plausible analytics software.

      Conclusion

      In this tutorial, you launched the Plausible Analytics app and its associated helper containers using Docker Compose, then set up an Nginx reverse proxy and secured it using Let’s Encrypt SSL certificates.

      You’re now ready to set up your website and add the Plausible Analytics tracking script. Please see the official Plausible Analytics documentation for further information on using the software and setting up your site.



      Source link