debian12使用docker安装matomo

docker部署适合想快速测试功能或不想花费更多时间配置环境的用户。考虑到手动部署的可操作性更强，相关教程更多，如果你的网站访问量较大，或考虑长期使用后扩展和升级，我建议仍选择手动部署。（此为个人观点，我是门外汉）

安装docker和docker compose

wget -qO- get.docker.com | bash
systemctl enable docker

sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

安装nginx proxy manager

mkdir docker docker/npm
cd docker/npm
vim docker-compose.yml

输入保存以下内容

version: '3.8'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP

    # Uncomment the next line if you uncomment anything in the section
    # environment:
      # Uncomment this if you want to change the location of
      # the SQLite DB file within the container
      # DB_SQLITE_FILE: "/data/database.sqlite"

      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'

    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

docker compose up -d

默认管理员用户，登录ip:81后修改：

Email:    admin@example.com
Password: changeme

添加proxy hosts，绑定域名到npm，开启ssl

安装matomo

mkdir /root/docker/matomo
cd /root/docker/matomo
vim docker-compose.yml

输入保存以下内容https://github.com/matomo-org/docker/blob/master/.examples/nginx/docker-compose.yml

version: "3"

services:
  db:
    image: mariadb:10.11
    command: --max-allowed-packet=64MB
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
    environment:
      - MYSQL_ROOT_PASSWORD=  # 修改数据库密码
      - MARIADB_AUTO_UPGRADE=1
      - MARIADB_DISABLE_UPGRADE_BACKUP=1
    env_file:
      - ./db.env

  app:
    image: matomo:fpm-alpine
    restart: always
    links:
      - db
    volumes:
      - ./config:/var/www/html/config:z
      - ./logs:/var/www/html/logs:z
      - matomo:/var/www/html:z
    environment:
      - MATOMO_DATABASE_HOST=db
      - PHP_MEMORY_LIMIT=2048M
    env_file:
      - ./db.env

  web:
    image: nginx:alpine
    restart: always
    volumes:
      - matomo:/var/www/html:z,ro
      # see https://github.com/matomo-org/matomo-nginx
      - ./matomo.conf:/etc/nginx/conf.d/default.conf:z,ro
    ports:
      - 8080:80

  cron:
    image: matomo:fpm-alpine
    restart: always
    environment:
      - MATOMO_DATABASE_HOST=db
    volumes:
      - ./config:/var/www/html/config:z
      - ./logs:/var/www/html/logs:z
      - matomo:/var/www/html:z
    depends_on: [matomo]
    entrypoint:  "sh -c 'while true; do php console core:archive --url=https://matomo.example.com/; sleep 600; done'"  # 修改matomo.example.com为你的matomo域名，sleep 600为每10分钟归档一次，官方建议1小时一次，根据流量和性能自行修改

volumes:
  db:
  matomo:

添加数据库配置文件：

vim db.env

输入保存：

MYSQL_PASSWORD=  # 添加数据库密码，与yml文件匹配
MYSQL_DATABASE=matomo
MYSQL_USER=matomo
MATOMO_DATABASE_ADAPTER=mysql
MATOMO_DATABASE_TABLES_PREFIX=matomo_
MATOMO_DATABASE_USERNAME=matomo
MATOMO_DATABASE_PASSWORD=  # 添加数据库密码
MATOMO_DATABASE_DBNAME=matomo
MARIADB_AUTO_UPGRADE=1
MARIADB_INITDB_SKIP_TZINFO=1

添加nginx配置文件

vim matomo.conf

输入保存：

upstream php-handler {
	server app:9000;
}

server {
	listen 80;

	add_header Referrer-Policy origin; # make sure outgoing links don't show the URL to the Matomo instance
	root /var/www/html; # replace with path to your matomo instance
	index index.php;
	try_files $uri $uri/ =404;

	## only allow accessing the following php files
	location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs).php {
		# regex to split $uri to $fastcgi_script_name and $fastcgi_path
		fastcgi_split_path_info ^(.+\.php)(/.+)$;

		# Check that the PHP script exists before passing it
		try_files $fastcgi_script_name =404;

		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
		fastcgi_pass php-handler;
	}

	## deny access to all other .php files
	location ~* ^.+\.php$ {
		deny all;
		return 403;
	}

	## disable all access to the following directories
	location ~ /(config|tmp|core|lang) {
		deny all;
		return 403; # replace with 404 to not show these directories exist
	}
	location ~ /\.ht {
		deny all;
		return 403;
	}

	location ~ js/container_.*_preview\.js$ {
		expires off;
		add_header Cache-Control 'private, no-cache, no-store';
	}

	location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
		allow all;
		## Cache images,CSS,JS and webfonts for an hour
		## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
		expires 1h;
		add_header Pragma public;
		add_header Cache-Control "public";
	}

	location ~ /(libs|vendor|plugins|misc/user) {
		deny all;
		return 403;
	}

	## properly display textfiles in root directory
	location ~/(.*\.md|LEGALNOTICE|LICENSE) {
		default_type text/plain;
	}
}

# vim: filetype=nginx

运行：

docker compose up -d

在npm反代8080端口的matomo，并强制跳转ssl访问。建议统计域名不使用analytics.xxx.com 因为analytics会被广告屏蔽规则屏蔽。

添加网站

请看：

性能优化

在设置中可以看到自动检测出的问题，根据提示修复，优化至没有叉号和红色感叹号即可。这里记录下我遇到的问题。

通过配置文件强制ssl访问并优化数据库设置

修改配置文件

vim /root/docker/matomo/config/config.ini.php

在 [General] 下添加一行

force_ssl = 1

在 [database] 下添加一行

schema = Mariadb

设置自动存档报告

在docker-compose.yml的cron部分已经设置了自动存档。只需在归档设置中关闭实时归档即可：

设置完成：

matomo使用cdn后获取访客真实ip

运行一天查看报表时，发现显示的ip为cdn节点ip，查看官方文档https://matomo.org/faq/how-to-install/faq_98/

发现需要修改config/config.ini.php，在[General]添加以下内容：

assume_secure_protocol = 1
proxy_host_headers[] = HTTP_X_FORWARDED_HOST
proxy_ip_read_last_in_list = 0

添加上述内容后重启docker，发现能正常获取访客ip，如果仍有问题，建议查看官方文档修改配置。

更新

如果matomo自动检测到更新，会在主页顶部提示更新，一键更新即可。

设置中也可以手动检查更新：

参考

https://github.com/matomo-org/docker/tree/master

https://github.com/matomo-org/docker/issues/298