Matomo - Free, Open Source, Privacy Respecting Page Analytics

Brian McGonagill

Aug 18, 2020 • 7 min read

I wanted to see what kind of traffic I'm getting on this Show Notes site, and make sure it was being used (which it appears to be) so that I'm not spending extra time on things that aren't useful each week when prepping a new video to be posted.

Immediately, of course, Google Analytics came to mind, but I really don't want to use something like that. As much as the world is becoming more educated about online privacy, it's not to a point that I will ever trust a company that thrives almost completely on advertising through data collection. So feeding them more data is the last thing I want to do...besides that...I'm all about open source and self hosting.

I started searching, and found quite a few different options, but for whatever reason Matomo jumped out at me. I figured I would set it up and see what it's all about.

In the video above, I'll show you how to setup MariaDB (necessary to use Matomo) on bare metal, and get it set so it's a bit more friendly. Also, I'll show how to set it up so you can access it remotely if needed. The nice thing about a bare metal install is it can be used with Docker contained apps, but also installed applications on the system as well.

First things first, here are the timestamps for the video. Also, they are in the video description on YouTube.

00:00 Beginning
00:11 Introduction to Matomo
05:06 the Matomo User Interface
07:34 UI Based Settings - Brief Overview
11:25 Install and Setup MariaDB for Matomo
18:55 Allow Remote Connections to MariaDB
20:50 Install Matomo with Docker-CE
24:35 Setup my URL wtih NginX-Proxy-Manager
26:50 Matomo First Run / Setup Wizard
31:50 Add Tracking Code to a Site to Collect Stats

Next, we'll install Matomo using Docker. Matomo is very lightweight, so it uses very few resources in the system, and to me that's ideal for Docker.

We'll connect the Dockerized Matomo to your MariaDB, and then get the tracking code necessary setup on a page / site, and look at the data it provides back.

Installing MariaDB

Note: I use Ubuntu based systems for almost everything. Feel free to use whatever OS makes you the most happy. Just know you may need to modify commands listed in order to better fit thos Operating System needs.

Update the system packages:

sudo apt update

Install MariaDB

sudo apt install mariadb-server -y

sudo mysql -u root -p <– Note that sudo is necessary here.

At the mysql prompt enter the following:

use mysql;

SELECT User,Host,plugin FROM mysql.user;

MariaDB [mysql]> SELECT User,Host,plugin FROM mysql.user;
+---------------+-----------+-----------------------+
| User          | Host      | plugin                |
+---------------+-----------+-----------------------+
| root          | localhost | unix_socket           |

Now, let's add our local user account:

`CREATE USER 'brian'@'localhost' IDENTIFIED BY 'some_password_here';

In the above, you should replace brian with your desired username, and some_password_here with a password that's strong and of your choosing.

You should get a return that says Query OK

Next, we'll create a remote user account as well. For this, just press the up arrow key on your keyboard...this should show the last query you just entered.

Now modify that query by deleting localhost and putting a percent sign in it's place %. The entire command should now look like:

CREATE USER 'brian'@'%' IDENTIFIED BY 'some_other_password_here';

Again, you should get a Query OK message back.

Now you have a local account <your user>@localhost you can use when you are ssh'd in, or physically on that machine. You also have a remote user you can use whtn you are not ssh'd in, or physically on the machine, <your user>@%.

Next we grant privileges to these accounts.

GRANT ALL PRIVILEGES ON *.* TO 'brian'@'localhost';
GRANT ALL PRIVILEGES ON *.* TO 'brian'@'%';
FLUSH PRIVILEGES;

Enter each of the lines above individually, again replacing the user brian with your username, and pressing Enter / Return after the ; each time.

Each Query should again give a Query OK message.

We need to enable the mysql_native_plugin so our passwords and access will work with the web applications. For this we run one final query:

UPDATE user SET plugin='mysql_native_password' WHERE User='<your user here>';

Replace <your user here> with your actual username, and press Return / Enter.

You shoudl get a message that 2 records were updated.

Now we can re-run our initial query, and should see our new accounts like below:

SELECT User,Host,plugin FROM mysql.user;

MariaDB [mysql]> SELECT User,Host,plugin FROM mysql.user;
+---------------+-----------+-----------------------+
| User          | Host      | plugin                |
+---------------+-----------+-----------------------+
| root          | localhost | unix_socket           |
| brian         | localhost | mysql_native_password |
| brian         | %         | mysql_native_password |

Finally, type quit and press enter to exit the mysql CLI.

Now, we need to do one last thing to allow remote access to our MariaDB server.

In the terminal type nano /etc/mysql/my.cnf and press enter.

In the file tht opens, use the arrow key to move to the bottom / end of the file and add the following on a new line.

bind-address=0.0.0.0

Save with CTRL+O, then press enter to confirm, then CTRL+X to exit.

Now we need to restart mysql and mariadb.

sudo systemctl restart mysql

sudo systemctl restart mariadb

Done! Whew...now you have a MariaDB install with new users, local and remote, and access from remote systems (which is kind of how the Docker container will be viewed).

Install Matomo with Docker-CE

This part is a bit less CLI intensive. We want to install Matomo with Docker, so we just need a single command.

For this portion you need to have Docker installed. If you don't have it installed yet, here's a link with a very simple how to.

docker run -d -p 10080:80 -p 10443:443 -v matomo:/var/www/html --name=matamo matamo

This basically says, run the Matomo application after pulling it down as a daemon (a process that will continue running in the background), and forward the host port 10080 to the docker port 80, and the host port 10443 to the docker port 443. Make a volumne so I don't lose data when I update the Matomo image / container called "matomo" on the host, and forward it to /var/www/html inside the docker container.

Finally, name the container "matomo" and use the image from docker hub called matomo.

Now just press Enter, and let it run.

Use NginX-Proxy-Manager Handle Traffic to Matomo (optional)

If you have NginX-Proxy-Manager installed, you can use it to proxy and control the traffic to your new Matomo installation, as well as to secure the install with LetsEncrypt SSL certificates.

If you would like to install NginX-Proxy-Manager in Docker as well, then check out my video at Install and Use NginX-Proxy-Manager.

Create a new Host, and on the Details tab, enter your domain name for the analytics page. For instance, I used "analytics.opensourceisawesome.com", then press enter to make sure the entry is saved in the field. Add the IP Address of the Matomo application in the IP / Hostname field, and the port you set for your host machine (I used 10080).

At this point, you can save, and just make sure the startup wizard page shows for Matomo with this, by going to your site (in my case I went to http://analytics.opensourceisawesome.com). If it loads, doing good, move to the next step for SSL.

Now, edit your entry, and move to the Custom Locations tab. Click the 'Add Location' button, and enter the same domain info as on the Details tab (e.g. for me it was "analytics.opensourceisawesome.com"). Next, enter the IP address of the server again in the IP / Hostname field, and this time, enter the host SSL port we used (for me it was 10443).

Next, move to the "SSL" tab, and in the SSL Certificate drop down, select the option to request a new certificate. Click the "Force SSL" switch to enable it. Enter your email address, and click the 'I agree...' switch. Now click 'Save'. Be patient. This is now requesting certificates from LetsEncrypt, and the LetsEncrypt system is challenging your server to ensure you're setup properly.

If you don't see any errors, you're set. Now see if you can access your site, and ensure it forces you to your SSL version (https).

The Matomo First Run Wizard

When you get to the First Run Wizard with an SSL based system, you can click 'Next', and Matomo will run through a system self-check. Scroll through the results, and make sure you don't see any issues with it. As long as everyting looks good, continue forward.

Next, you need to enter your database information so Matomo can create the database and tables it needs.

Here, because of how we setup MariaDB on the host, and Matomo in Docker, we need to treat the setup as though they are on different servers (because technically, they are).

Enter the IP of the server (pulbic IP, as the Docker container will see localhost as it's own container, and the private IP of the server won't exist for Docker). Port 3306, your remote username and password. For database name, I just picked 'matomo'. For table prefix, I left it as is, and finally left the driver as PDO/Mysql.

Click next, and if all goes well, you should get a message that says "Table Created".

Now, you can create your first website tracking code...and this is where the magic starts. Enter the information for the site you want to add tracking to, and then copy the supplied code. You need to put that code in the <head> tag area of your site.

Done! You're up and ready, and should start seeing analytic information coming from your site.