From e6eb845efae5b67931c704fa8b500b88723d90e0 Mon Sep 17 00:00:00 2001 From: Simon C Date: Tue, 15 Feb 2022 00:02:42 +0100 Subject: [PATCH] feat(Matomo): Add service --- README.md | 1 + matomo/.env | 35 ++++++++++++++++ matomo/README.md | 22 ++++++++++ matomo/docker-compose.local.yml | 6 +++ matomo/docker-compose.traefik.yml | 15 +++++++ matomo/docker-compose.yml | 42 +++++++++++++++++++ matomo/web/Dockerfile | 3 ++ matomo/web/matomo.conf.template | 70 +++++++++++++++++++++++++++++++ 8 files changed, 194 insertions(+) create mode 100644 matomo/.env create mode 100644 matomo/README.md create mode 100644 matomo/docker-compose.local.yml create mode 100644 matomo/docker-compose.traefik.yml create mode 100644 matomo/docker-compose.yml create mode 100644 matomo/web/Dockerfile create mode 100644 matomo/web/matomo.conf.template diff --git a/README.md b/README.md index c7ae580..483c89b 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ Vous trouverez dans ce dépôt l'ensemble des services Open Source que RésiLien - [Directus](./directus) : Permet d'administrer une base de données - [HedgeDoc](./hedgedoc) : Prise de note en Markdown collaborative en temps réel +- [Matomo](./matomo) : Logiciel libre et open source de mesure de statistiques web - [Mobilizon](./mobilizon): Permet l'organisation d'évènements et de gestion de groupes - [Nextcloud](./nextcloud) : Site d'hébergement de fichiers et une plateforme de collaboration diff --git a/matomo/.env b/matomo/.env new file mode 100644 index 0000000..50a30a1 --- /dev/null +++ b/matomo/.env @@ -0,0 +1,35 @@ +######## +# DOCKER + +#DOCKER_CONTEXT= +#DOCKER_HOST= +SERVICES_DIR=.. +COMPOSE_FILE=${SERVICES_DIR}/matomo/docker-compose.yml:${SERVICES_DIR}/matomo/docker-compose.local.yml:${SERVICES_DIR}/mariadb/docker-compose.yml +#COMPOSE_PROJECT_NAME= + +## APP + +#MATOMO_DOMAIN=matomo.cool.life +#MATOMO_CONTAINER_NAME= +#MATOMO_VOLUME_NAME= +#MATOMO_IMAGE= +#PHP_MEMORY_LIMIT= + +########## +# MARIADB + +#MARIADB_CONTAINER_NAME= +#MARIADB_VOLUME_NAME= +#MARIADB_IMAGE= +MARIADB_ROOT_PASSWORD=replace-me +MARIADB_USER=user-example +MARIADB_PASSWORD=password-example +MARIADB_DATABASE=mariadb-database-name-example +MARIADB_COMMAND=--max-allowed-packet=64MB + +######### +# TRAEFIK + +#TRAEFIK_NETWORK_NAME= +#TRAEFIK_ROUTER_NAME= # Don't use char '.' +#TRAEFIK_ENTRYPOINTS= diff --git a/matomo/README.md b/matomo/README.md new file mode 100644 index 0000000..5c838f4 --- /dev/null +++ b/matomo/README.md @@ -0,0 +1,22 @@ +# Matomo + +> Matomo, anciennement Piwik, est un logiciel libre et open source de mesure de statistiques web, conçu pour être une alternative libre à Google Analytics. +> +> [Wikipédia][wikipedia] + +## Commande + +``` +docker compose exec --user www-data matomo-fpm php console +``` + +## Liens + +- [Site Officiel][site] +- [Code source][source] +- [Docker Hub][dockerhub] + +[wikipedia]: https://fr.wikipedia.org/wiki/Matomo_(logiciel) +[site]: https://fr.matomo.org/ +[source]: https://github.com/matomo-org/matomo +[dockerhub]: https://hub.docker.com/_/matomo/ diff --git a/matomo/docker-compose.local.yml b/matomo/docker-compose.local.yml new file mode 100644 index 0000000..8352a6f --- /dev/null +++ b/matomo/docker-compose.local.yml @@ -0,0 +1,6 @@ +version: "3.8" + +services: + matomo-web: + ports: + - ${LOCAL_PORT:-80}:80 diff --git a/matomo/docker-compose.traefik.yml b/matomo/docker-compose.traefik.yml new file mode 100644 index 0000000..00cae99 --- /dev/null +++ b/matomo/docker-compose.traefik.yml @@ -0,0 +1,15 @@ +version: "3.8" + +networks: + default: + name: ${TRAEFIK_NETWORK_NAME:-traefik} + +services: + matomo-web: + environment: + TRUSTED_PROXIES: ${TRAEFIK_NETWORK_NAME:-traefik} + labels: + - traefik.enable=true + - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik} + - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-matomo}.rule=Host(`${MATOMO_DOMAIN:?err}`) + - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-matomo}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web} diff --git a/matomo/docker-compose.yml b/matomo/docker-compose.yml new file mode 100644 index 0000000..72dfd4e --- /dev/null +++ b/matomo/docker-compose.yml @@ -0,0 +1,42 @@ +version: "3.8" + +volumes: + matomo: + name: ${MATOMO_VOLUME_NAME:-matomo} + +services: + matomo-fpm: + container_name: ${MATOMO_CONTAINER_NAME:-matomo}-fpm + image: ${MATOMO_IMAGE:-matomo:4.7.1-fpm-alpine} + restart: always + environment: + MATOMO_DATABASE_HOST: ${MARIADB_CONTAINER_NAME:-mariadb} + MATOMO_DATABASE_ADAPTER: mysql + MATOMO_DATABASE_TABLES_PREFIX: matomo_ + MATOMO_DATABASE_USERNAME: ${MARIADB_USER:?err} + MATOMO_DATABASE_PASSWORD: ${MARIADB_PASSWORD:?err} + MATOMO_DATABASE_DBNAME: ${MARIADB_DATABASE:?err} + PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT:-256M} + PUID: ${MATOMO_PUID:-1000} + PGID: ${MATOMO_PGID:-1000} + depends_on: + - mariadb + volumes: + - matomo:/var/www/html + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + + matomo-web: + container_name: ${MATOMO_CONTAINER_NAME:-matomo}-web + build: web + restart: always + environment: + MATOMO_FPM_CONTAINER_NAME: ${MATOMO_CONTAINER_NAME:-matomo}-fpm + PUID: ${MATOMO_PUID:-1000} + PGID: ${MATOMO_PGID:-1000} + depends_on: + - matomo-fpm + volumes: + - matomo:/var/www/html + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro diff --git a/matomo/web/Dockerfile b/matomo/web/Dockerfile new file mode 100644 index 0000000..edef405 --- /dev/null +++ b/matomo/web/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx:1.21.6-alpine + +COPY matomo.conf.template /etc/nginx/templates/default.conf.template diff --git a/matomo/web/matomo.conf.template b/matomo/web/matomo.conf.template new file mode 100644 index 0000000..8441a4f --- /dev/null +++ b/matomo/web/matomo.conf.template @@ -0,0 +1,70 @@ +upstream php-handler { + server ${MATOMO_FPM_CONTAINER_NAME}:9000; +} + +server { + listen 80; + server_name ${MATOMO_DOMAIN} + + add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instance + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + root /var/www/html; # replace with path to your matomo instance + index index.php; + try_files $uri $uri/ =404; + + ## only allow accessing the following php files + location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs).php { + # regex to split $uri to $fastcgi_script_name and $fastcgi_path + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + # Check that the PHP script exists before passing it + try_files $fastcgi_script_name =404; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/ + fastcgi_pass php-handler; + } + + ## deny access to all other .php files + location ~* ^.+\.php$ { + deny all; + return 403; + } + + ## disable all access to the following directories + location ~ /(config|tmp|core|lang) { + deny all; + return 403; # replace with 404 to not show these directories exist + } + location ~ /\.ht { + deny all; + return 403; + } + + location ~ js/container_.*_preview\.js$ { + expires off; + add_header Cache-Control 'private, no-cache, no-store'; + } + + location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ { + allow all; + ## Cache images,CSS,JS and webfonts for an hour + ## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade + expires 1h; + add_header Pragma public; + add_header Cache-Control "public"; + } + + location ~ /(libs|vendor|plugins|misc/user) { + deny all; + return 403; + } + + ## properly display textfiles in root directory + location ~/(.*\.md|LEGALNOTICE|LICENSE) { + default_type text/plain; + } +}