How to Install Matomo Web Analytics on Ubuntu 18.04 LTS

Matomo formerly known as Piwik is a free web analytics application that can be used to tracks online visits to one or more websites and displays reports on these visits for analysis. Matomo comes with lots of features including, Google AdWords, Facebook Ads, Yahoo! Search Marketing, Tracking and Reporting API, Cost Per Click (CPC) and many more.

In this tutorial, I am going to explain how to install Matomo on Ubuntu 18.04 LTS server.

Requirements

  • A server running Ubuntu 18.04 LTS.
  • A non-root user with sudo privileges.

Install LAMP Server

Matomo runs on the web server, written in PHP language and use MariaDB to store their data. So, you will need to install Apache, MariaDB, PHP and other required PHP modules to your system.

Update the Ubuntu repository and install PHP along with Apache and MariaDB with the following command:

sudo apt-get update -y
sudo apt-get install apache2 mariadb-server php7.2 libapache2-mod-php7.2 php7.2-common php7.2-sqlite php7.2-curl php7.2-intl php7.2-mbstring php7.2-xmlrpc php7.2-mysql php7.2-gd php7.2-xml php7.2-cli php7.2-zip wget unzip git -y

Once all the packages are installed, start Apache and MariaDB service and enable them to start on boot time with the following command:

sudo systemctl start apache2
sudo systemctl enable apache2
sudo systemctl start mariadb
sudo systemctl enable mariadb

Next, you will need to modify php.ini file. You can do this with the following command:

sudo nano /etc/php/7.2/apache2/php.ini

Make the following changes:

memory_limit = 256M
upload_max_filesize = 200M
max_execution_time = 360
date.timezone = Europe/Berlin

Save and close the file, when you are finished.

Configure MariaDB

Next, you will need to secure your MariaDB installation. You can do this by running the following script:

sudo mysql_secure_installation

Answer all the questions as shown below:

    Enter current password for root (enter for none):
    Set root password? [Y/n]: N
    Remove anonymous users? [Y/n]: Y
    Disallow root login remotely? [Y/n]: Y
    Remove test database and access to it? [Y/n]:  Y
    Reload privilege tables now? [Y/n]:  Y

Once the MariaDB is secured, log in to MariaDB shell:

mysql -u root

Create a database and user with the following command:

MariaDB [(none)]> CREATE DATABASE matomodb;
MariaDB [(none)]> CREATE USER matomo;

Next, grant privileges to the Matomo database with the following command:

MariaDB [(none)]> GRANT ALL PRIVILEGES ON matomodb.* TO 'matomo'@'localhost' IDENTIFIED BY 'mypassword';

Replace the word ‘mypassword’ with a secure password of your choice. Next, flush the privileges with the following command:

MariaDB [(none)]> FLUSH PRIVILEGES;

Next, exit from the MariaDB console with the following command:

MariaDB [(none)]> exit

Install Matomo

First, download the latest version of Matomo from their official website to the /tmp directory:

cd /tmp
wget https://builds.matomo.org/piwik.zip

Next, unzip the downloaded file with the following command:

unzip piwik.zip

Then copy the extracted directory to the Apache root directory and give proper permissions:

sudo cp -r piwik /var/www/html/matomo
sudo chown -R www-data:www-data /var/www/html/matomo/
sudo chmod -R 755 /var/www/html/matomo/

Finally, create an Apache configuration file for Matomo with the following command:

sudo nano /etc/apache2/sites-available/matomo.conf

Add the following lines:

<VirtualHost *:80>
     ServerAdmin [email protected]
     DocumentRoot /var/www/html/matomo
     ServerName example.com

     <Directory /var/www/html/matomo/>
          Options FollowSymlinks
          AllowOverride All
          Require all granted
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/matomo_error.log
     CustomLog ${APACHE_LOG_DIR}/matomo_access.log combined

</VirtualHost>

Replace example.com and the email address [email protected] with your own domain name and email address. Save and close the file, then enable virtual host file and Apache rewrite module with the following command:

sudo a2ensite matomo
sudo a2enmod rewrite

Restart Apache web service to apply all the changes:

sudo systemctl restart apache2

Enable SSL with Let’s encrypt for Matomo

In this step, we will enable SSL for Matomo by using a free Let’s encrypt SSL certificate. The first step is to install the certbot Let’s encrypt client which we will use to obtain the SSL certificate.

sudo apt-get install certbot python-certbot-apache

Request the SSL cert with this command:

sudo certbot --apache

IMPORTANT: The domain name or subdomain that you use for the RoundCube website must be accessible from the internet to get an SSL Cert. Certbot will ask a few questions now.

root@server: certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]
-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: a
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: n
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: example.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/matomo-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/matomo-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/matomo-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/matomo.conf to ssl vhost in /etc/apache2/sites-available/matomo-le-ssl.conf
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://example.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
-------------------------------------------------------------------------------
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2019-07-10. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

The Matomo vhost is accessible by https now.

Access Matomo

Now, open your web browser and type the URL https://example.com, you will be redirected to the Matomo welcome page:

Welcome to Matomo installer

Now, click on the Next button. You should see the following page:

Matomo System Check

Here, make sure all the required module has been installed. Then, click on the Next button. You should see the following page:

Database setup

Here, provide your Matomo database and username. Then, click on the Next button. You should see the following page:

Creating Database Tables

Now, click on the Next button. You should see the following page:

Add Super User

Here, provide your admin username and password. Then, click on the Next button. You should see the following page:

Setup a Website in Matomo

Now, provide site name, website URL. Then, click on the Next button. You should see the Tracking code for Matomo site in the following page:

Site code

Now, click on the Next button. Once the installation has been completed. You should see the following page:

Matomo has been successfully installed

Now, click on the CONTINUE TO MATOMO button. You should see the following page:

Matomo Login

Now, provide the Admin login credentials and click on the SIGN IN button. You should see the Matomo Dashboard in the following page:

Matomo Dashboard