Go to file

continuous-integration/drone/push Build is passing

Details

Merge pull request 'Update docker Docker tag to v27.4.0' (#39 ) from renovate/docker-27.x into master

Reviewed-on: #39

2025-02-10 09:15:20 +00:00

LICENSES

make REUSE compliant

2019-12-18 16:47:50 +01:00

.drone.yml

Update docker Docker tag to v27.4.0

2024-12-10 00:20:38 +00:00

.gitignore

make REUSE compliant

2019-12-18 16:47:50 +01:00

clean-matomo-tables.sh

make REUSE compliant

2019-12-18 16:47:50 +01:00

cron.txt

include gahn

2024-09-27 15:43:05 +02:00

cron.txt.license

make REUSE compliant

2019-12-18 16:47:50 +01:00

docker-compose.yml

remove leftovers from nginx reverse proxy

2022-01-13 15:11:19 +01:00

Dockerfile-mariadb

use static major version of mariadb

2020-10-13 13:51:09 +02:00

Dockerfile-matomo

Update matomo Docker tag to v5.1.2

2024-09-27 00:12:02 +00:00

get_logs.sh

adapt to python3

2023-07-13 14:29:43 +02:00

host_options.ini

Add .ogx

2023-06-01 10:23:58 +02:00

id_rsa.pub

change SSH key

2019-11-22 19:50:32 +01:00

id_rsa.pub.license

make REUSE compliant

2019-12-18 16:47:50 +01:00

README.md

Trigger re-deploy

2023-07-04 14:51:55 +02:00

renovate.json

update docker image

2023-11-11 11:45:13 +01:00

renovate.json.license

make REUSE compliant

2022-02-25 13:32:14 +01:00

rp_hosts.csv

make REUSE compliant

2019-12-18 16:47:50 +01:00

README.md

FSFE Matomo/Piwik

This service serves as the single point inside the FSFE to gather web statistics for different domains and evaluate them.

Because we do not like JavaScript that much, we import the webserver logs directly into Matomo.

We use the standard Docker image for Matomo but with a few modifications, mostly concerning the automated log import.

Log import

Modes

The normal mode in get_logs.sh connects via SSH to download the most recently rotated Apache log.

The docker mode instead reads the logs of the reverse proxy which is in front of all our Docker containers that run publicly facing web services. For all containers defined in rp_hosts.csv, it scrapes the logs and imports them.

You can run get_logs.sh -h to read more about the script's usage.

Host options

Because logs for some sites need special treatment before to be more useful or require certain import options, there is the file host_options.ini in which you can define per page a) one shell command to run over the log, and b) options for Matomo's import_logs.py.

Scheduling

The cron.txt file is appended to /etc/crontab in the matomo container and controls when imports are scheduled for which pages.

Server preparation

Normal (Apache)

To restrict rsync's access to only the log files, provide rsync's rrsync:

Put rrsync to /usr/local/bin/
chmod +x /usr/local/bin/rrsync
Add in root's authorized_keys file: command="/usr/local/bin/rrsync -ro /var/log/apache2/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa ...
The Apache webserver file indicated in cron.txt is relative to the path declared in command=

Docker (reverse proxy)

In the Docker daemon's user authorized_keys file: command="docker logs ${SSH_ORIGINAL_COMMAND#*docker logs}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa...

Clean Matomo site

In the matomo-mariadb container, you can run clean-matomo-tables.sh to clean the stats for one or all sites. This is useful if the recording went mad during your tests. But remember that this is a complete reset!

Environment variables

Docker-compose wants to have the following environment variables:

SSH_KEY: the SSH key used to connect to the individual hosts via SSH
MYSQL_DATABASE: the name of the database
MYSQL_ROOT_PASSWORD: root password for the DB
MYSQL_USER: user for Matomo
MYSQL_PASSWORD: password for the Matomo user

The other variables are rather standard for the FSFE's usual setup.

License

All custom scripts and files in this repo are licensed under GPL-3.0-or-later.