Matomo (fka PIWIK)

Matomo kommt von InnoCraft und hiess bis Januar 2018 PIWIK. Es konkurriert mit Google Analytics, ist aber Open Source und kann self-hosted betrieben werden.

Unsere Blogbeiträge zu Matomo.

Matomo sollte wegen Content Security Policy Headern am besten auf einem eigenen Host (z.B. analytics.example.com) und nicht unter der URL der Webseite betrieben werden. Für Matomo müssen die CSP recht offen sein („data:“ erlaubt), was von Security-Scannern moniert wird, und im Falle eines Mischens/Betrieb unter der Webseite (mysite.ch/analytics) die Webseite in einem Security-Ranking runterstufen könnte.

Installation

Ein aktuelles PHP unter Apache httpd verwenden, als Datenbank ist MariaDB empfohlen.

PHP: memory_limit >= 192M setzen.

Darüber hinaus wird benötigt:

yum -y install gd
yum -y install php php-pdo php-mysqlnd php-mbstring php-gd php-dom

Download:

rm -f /tmp/latest.zip*
rm -rf /tmp/matomo*
wget http://builds.matomo.org/latest.zip --output-document=/tmp/latest.zip
unzip -o /tmp/latest.zip -d /var/www/html/
rm -rf /var/www/html/matomo/tmp/*

chown -R apache:apache /var/www/html/matomo
find /var/www/html/matomo/tmp -type f -exec chmod 644 {} \;
find /var/www/html/matomo/tmp -type d -exec chmod 755 {} \;
find /var/www/html/matomo/tmp/assets -type f -exec chmod 644 {} \;
find /var/www/html/matomo/tmp/assets -type d -exec chmod 755 {} \;
find /var/www/html/matomo/tmp/cache -type f -exec chmod 644 {} \;
find /var/www/html/matomo/tmp/cache -type d -exec chmod 755 {} \;
find /var/www/html/matomo/tmp/tcpdf -type f -exec chmod 644 {} \;
find /var/www/html/matomo/tmp/tcpdf -type d -exec chmod 755 {} \;
find /var/www/html/matomo/tmp/templates_c -type f -exec chmod 644 {} \;
find /var/www/html/matomo/tmp/templates_c -type d -exec chmod 755 {} \;

SELinux:

semanage fcontext --add --type httpd_sys_rw_content_t "/var/www/html/matomo/config(/.*)?"
semanage fcontext --add --type httpd_sys_rw_content_t "/var/www/html/matomo/matomo.js"
semanage fcontext --add --type httpd_sys_rw_content_t "/var/www/html/matomo/piwik.js"
semanage fcontext --add --type httpd_sys_rw_content_t "/var/www/html/matomo/tmp(/.*)?"

restorecon -Fvr /var/www/html/matomo

Wenn Matomo hinter einem Reverse Proxy läuft:

/var/www/html/matomo/config/config.ini.php
[General]
; for Reverse Proxying https://matomo.org/faq/how-to-install/faq_98/
assume_secure_protocol = 1
proxy_client_headers[] = HTTP_X_FORWARDED_FOR
proxy_host_headers[] = HTTP_X_FORWARDED_HOST

Cronjob für automatische Datenarchivierung und -optimierung einrichten. Sind diese nicht aktiv, macht sich das nach einiger Zeit im Betrieb in kaputten Widgets in der Weboberfläche aufgrund von Timeouts wegen zu grosser Datenmengen bemerkbar.

# Matomo Auto Archiving
5 * * * * /usr/bin/php /var/www/html/matomo/console core:archive --url=https://analytics.example.com/ > /var/log/matomo-archive.log 1> /dev/null

Der gleiche Cronjob als Systemd-Timer:

/etc/systemd/system/matomo-archive.service
[Unit]
Description=Matomo Archive Service

[Service]
ExecStart=/usr/bin/php /var/www/html/matomo/console --matomo-domain=analytics.linuxfabrik.ch core:archive
Type=oneshot
User=root

[Install]
WantedBy=basic.target
/etc/systemd/system/matomo-archive.timer
[Unit]
Description=Matomo Archive Timer

[Timer]
OnCalendar=05:07:00
Unit=matomo-archive.service

[Install]
WantedBy=timers.target

Jetzt die Instanz per http://matomo/index.php aufrufen und im Setup-Wizard den ersten Benutzer anlegen.

Matomo ohne Tracking-Code (matomo.js)

Adblocker verhindern die Ausführung der matomo.js. Wer trotzdem grundlegende Statistiken haben möchte, kann den Webserver anweisen, bei Bedarf sogar in Echtzeit direkt nach Matomo zu loggen.

Zunächst das Python-Script https://github.com/matomo-org/matomo-log-analytics/blob/5.x-dev/import_logs.py z.B. in /usr/local/sbin/import_logs.py auf dem Webserver ablegen, welcher die Seite über die Domain-Namen verarbeitet (also beispielsweise auf dem Reverse Proxy). Eventuell den Shebang auf #!/usr/bin/python3 ändern, damit das Skript auch wirklich ausgeführt werden kann.

In Matomo muss im „Administration“-Bereich (oben rechts über das Gear-Icon erreichbar) unter Personal > Security ein neues „Auth Token“ angelegt werden. Die „Description“ könnte „srv-proxy site.example.com import_logs.py“ lauten, wenn es ein Token für „site.example.com“ auf dem Reverse Proxy „srv-proxy“ sein soll.

Dann:

chmod +x /usr/local/sbin/import_logs.py

Bemerkung

  • Mit --url ist die URL des Matomo-Servers gemeint, nicht die der auszuwertenden Seite.

  • --token-auth muss von einem User mit Admin- oder Superuser-Rechten kommen.

  • Es funktionieren (Stand 2024-01) nur Auth-Token, bei denen „Only allow secure requests“ („Secure use only“) NICHT aktiv ist.

  • Das Import-Tool prüft rein gar nichts vor dem Import. Mehrfache Aufrufe auf die gleichen Log-Daten führen in Matomo also auch zu mehrfach gezählten Daten.

Real-time-Auswertung der Logfiles
chown apache:apache /usr/local/sbin/import_logs.py

Für eine die Apache vHost-Definition anpassen:

vhost.conf
# Matomo Realtime Logging
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" matomo
CustomLog "||/usr/local/sbin/import_logs.py \
    --debug \
    --enable-bots \
    --enable-http-errors \
    --idsite=1234 \
    --output=/var/log/matomo.log \
    --recorders=4 \
    --token-auth=2ac48e93-2ca7-4df3-9e7c-c81b36d0a474 \
    --url=https://analytics.example.com \
    -" matomo

Auswertung aktivieren:

httpd -t
setsebool -P httpd_can_network_connect on
systemctl reload httpd

SELinux:

semanage fcontext --add --type httpd_log_t "/var/log/matomo.log"
restorecon -Fv /var/log/matomo.log
Periodische Auswertung der Logfiles

Per Cronjob oder systemd-timer folgenden Aufruf konfigurieren:

/usr/local/sbin/import_logs.py \
    --debug \
    --enable-bots \
    --enable-http-errors \
    --idsite=1234 \
    --output=/var/log/matomo.log \
    --recorders=4 \
    --token-auth=2ac48e93-2ca7-4df3-9e7c-c81b36d0a474 \
    --url=https://analytics.example.com \
    /path/to/analytics.example.com-access.log

Um bereits rotierte Logfiles von gestern zu importieren, folgendes Konstrukt verwenden:

/usr/local/sbin/import_logs.py \
    ... \
    $(date --date=yesterday +/path/to/analytics.example.com-access.log-\%Y\%m\%d)

Logging:

tail -f /var/log/audit/audit.log /var/log/httpd/analytics.example.com-error.log /var/log/matomo.log

Alle Kommandozeilen-Parameter auf einen Blick:

usage: import_logs.py [-h] [--auth-user AUTH_USER]
                      [--auth-password AUTH_PASSWORD] [--debug]
                      [--debug-tracker]
                      [--debug-request-limit DEBUG_REQUEST_LIMIT] --url
                      MATOMO_URL [--api-url MATOMO_API_URL]
                      [--tracker-endpoint-path MATOMO_TRACKER_ENDPOINT_PATH]
                      [--dry-run] [--show-progress]
                      [--show-progress-delay SHOW_PROGRESS_DELAY]
                      [--add-sites-new-hosts] [--idsite SITE_ID]
                      [--idsite-fallback SITE_ID_FALLBACK]
                      [--config CONFIG_FILE] [--login LOGIN]
                      [--password PASSWORD] [--token-auth MATOMO_TOKEN_AUTH]
                      [--hostname HOSTNAMES] [--exclude-path EXCLUDED_PATHS]
                      [--exclude-path-from EXCLUDE_PATH_FROM]
                      [--include-path INCLUDED_PATHS]
                      [--include-path-from INCLUDE_PATH_FROM]
                      [--useragent-exclude EXCLUDED_USERAGENTS]
                      [--enable-static] [--enable-bots] [--enable-http-errors]
                      [--enable-http-redirects] [--enable-reverse-dns]
                      [--strip-query-string]
                      [--query-string-delimiter QUERY_STRING_DELIMITER]
                      [--log-format-name LOG_FORMAT_NAME]
                      [--log-format-regex LOG_FORMAT_REGEX]
                      [--log-date-format LOG_DATE_FORMAT]
                      [--log-hostname LOG_HOSTNAME] [--skip SKIP]
                      [--recorders RECORDERS]
                      [--recorder-max-payload-size RECORDER_MAX_PAYLOAD_SIZE]
                      [--replay-tracking]
                      [--replay-tracking-expected-tracker-file REPLAY_TRACKING_EXPECTED_TRACKER_FILE]
                      [--output OUTPUT] [--encoding ENCODING]
                      [--disable-bulk-tracking]
                      [--debug-force-one-hit-every-Ns FORCE_ONE_ACTION_INTERVAL]
                      [--force-lowercase-path] [--enable-testmode]
                      [--download-extensions DOWNLOAD_EXTENSIONS]
                      [--add-download-extensions EXTRA_DOWNLOAD_EXTENSIONS]
                      [--w3c-map-field KEY=VAL] [--w3c-time-taken-millisecs]
                      [--w3c-fields W3C_FIELDS] [--w3c-field-regex KEY=VAL]
                      [--title-category-delimiter TITLE_CATEGORY_DELIMITER]
                      [--dump-log-regex]
                      [--ignore-groups REGEX_GROUPS_TO_IGNORE]
                      [--regex-group-to-visit-cvar KEY=VAL]
                      [--regex-group-to-page-cvar KEY=VAL]
                      [--track-http-method TRACK_HTTP_METHOD]
                      [--retry-max-attempts MAX_ATTEMPTS]
                      [--retry-delay DELAY_AFTER_FAILURE]
                      [--request-timeout REQUEST_TIMEOUT]
                      [--include-host INCLUDE_HOST]
                      [--exclude-host EXCLUDE_HOST]
                      [--exclude-older-than EXCLUDE_OLDER_THAN]
                      [--exclude-newer-than EXCLUDE_NEWER_THAN]
                      [--add-to-date SECONDS_TO_ADD_TO_DATE]
                      [--request-suffix REQUEST_SUFFIX]
                      [--accept-invalid-ssl-certificate]
                      [--php-binary PHP_BINARY]
                      file [file ...]

Import HTTP access logs to Matomo. log_file is the path to a server access log
file (uncompressed, .gz, .bz2, or specify - to read from stdin). You may also
import many log files at once (for example set log_file to *.log or *.log.gz).
By default, the script will try to produce clean reports and will exclude
bots, static files, discard http error and redirects, etc. This is
customizable, see below.

positional arguments:
  file

optional arguments:
  -h, --help            show this help message and exit
  --auth-user AUTH_USER
                        Basic auth user
  --auth-password AUTH_PASSWORD
                        Basic auth password
  --debug, -d           Enable debug output (specify multiple times for more
                        verbose)
  --debug-tracker       Appends &debug=1 to tracker requests and prints out
                        the result so the tracker can be debugged. If using
                        the log importer results in errors with the tracker or
                        improperly recorded visits, this option can be used to
                        find out what the tracker is doing wrong. To see debug
                        tracker output, you must also set the [Tracker]
                        debug_on_demand INI config to 1 in your Matomo's
                        config.ini.php file.
  --debug-request-limit DEBUG_REQUEST_LIMIT
                        Debug option that will exit after N requests are
                        parsed. Can be used w/ --debug-tracker to limit the
                        output of a large log file.
  --url MATOMO_URL      REQUIRED Your Matomo server URL, eg.
                        https://example.com/matomo/ or
                        https://analytics.example.net
  --api-url MATOMO_API_URL
                        This URL will be used to send API requests (use it if
                        your tracker URL differs from UI/API url), eg.
                        https://other-example.com/matomo/ or
                        https://analytics-api.example.net
  --tracker-endpoint-path MATOMO_TRACKER_ENDPOINT_PATH
                        The tracker endpoint path to use when tracking.
                        Defaults to /piwik.php.
  --dry-run             Perform a trial run with no tracking data being
                        inserted into Matomo
  --show-progress       Print a progress report X seconds (default: 1, use
                        --show-progress-delay to override)
  --show-progress-delay SHOW_PROGRESS_DELAY
                        Change the default progress delay
  --add-sites-new-hosts
                        When a hostname is found in the log file, but not
                        matched to any website in Matomo, automatically create
                        a new website in Matomo with this hostname to import
                        the logs
  --idsite SITE_ID      When specified, data in the specified log files will
                        be tracked for this Matomo site ID. The script will
                        not auto-detect the website based on the log line
                        hostname (new websites will not be automatically
                        created).
  --idsite-fallback SITE_ID_FALLBACK
                        Default Matomo site ID to use if the hostname doesn't
                        match any known Website's URL. New websites will not
                        be automatically created. Used only if --add-sites-
                        new-hosts or --idsite are not set
  --config CONFIG_FILE  This is only used when --login and --password is not
                        used. Matomo will read the configuration file
                        (default: /usr/config/config.ini.php) to fetch the
                        Super User token_auth from the config file.
  --login LOGIN         You can manually specify the Matomo Super User login
  --password PASSWORD   You can manually specify the Matomo Super User
                        password
  --token-auth MATOMO_TOKEN_AUTH
                        Matomo user token_auth, the token_auth is found in
                        Matomo > Settings > API. You must use a token_auth
                        that has at least 'admin' or 'super user' permission.
                        If you use a token_auth for a non admin user, your
                        users' IP addresses will not be tracked properly.
  --hostname HOSTNAMES  Accepted hostname (requests with other hostnames will
                        be excluded). You may use the star character *
                        Example: --hostname=*domain.com Can be specified
                        multiple times
  --exclude-path EXCLUDED_PATHS
                        Any URL path matching this exclude-path will not be
                        imported in Matomo. You must use the star character *.
                        Example: --exclude-path=*/admin/* Can be specified
                        multiple times.
  --exclude-path-from EXCLUDE_PATH_FROM
                        Each line from this file is a path to exclude. Each
                        path must contain the character * to match a string.
                        (see: --exclude-path)
  --include-path INCLUDED_PATHS
                        Paths to include. Can be specified multiple times. If
                        not specified, all paths are included.
  --include-path-from INCLUDE_PATH_FROM
                        Each line from this file is a path to include
  --useragent-exclude EXCLUDED_USERAGENTS
                        User agents to exclude (in addition to the standard
                        excluded user agents). Can be specified multiple times
  --enable-static       Track static files (images, css, js, ico, ttf, etc.)
  --enable-bots         Track bots. All bot visits will have a Custom Variable
                        set with name='Bot' and value='$Bot_user_agent_here$'
  --enable-http-errors  Track HTTP errors (status code 4xx or 5xx)
  --enable-http-redirects
                        Track HTTP redirects (status code 3xx except 304)
  --enable-reverse-dns  Enable reverse DNS, used to generate the 'Providers'
                        report in Matomo. Disabled by default, as it impacts
                        performance
  --strip-query-string  Strip the query string from the URL
  --query-string-delimiter QUERY_STRING_DELIMITER
                        The query string delimiter (default: ?)
  --log-format-name LOG_FORMAT_NAME
                        Access log format to detect (supported are:
                        amazon_cloudfront, common, common_complete,
                        common_vhost, elb, gandi, haproxy, icecast2, iis,
                        incapsula_w3c, ncsa_extended, nginx_json, ovh, s3,
                        shoutcast, traefik_json, w3c_extended). When not
                        specified, the log format will be autodetected by
                        trying all supported log formats.
  --log-format-regex LOG_FORMAT_REGEX
                        Regular expression used to parse log entries. Regexes
                        must contain named groups for different log fields.
                        Recognized fields include: date, path, query_string,
                        ip, user_agent, referrer, status, length, host,
                        userid, generation_time_milli, event_action,
                        event_name, timezone, session_time. For an example of
                        a supported Regex, see the source code of this file.
                        Overrides --log-format-name.
  --log-date-format LOG_DATE_FORMAT
                        Format string used to parse dates. You can specify any
                        format that can also be specified to the strptime
                        python function.
  --log-hostname LOG_HOSTNAME
                        Force this hostname for a log format that doesn't
                        include it. All hits will seem to come to this host
  --skip SKIP           Skip the n first lines to start parsing/importing data
                        at a given line for the specified log file
  --recorders RECORDERS
                        Number of simultaneous recorders (default: 1). It
                        should be set to the number of CPU cores in your
                        server. You can also experiment with higher values
                        which may increase performance until a certain point
  --recorder-max-payload-size RECORDER_MAX_PAYLOAD_SIZE
                        Maximum number of log entries to record in one
                        tracking request (default: 200).
  --replay-tracking     Replay piwik.php requests found in custom logs (only
                        piwik.php requests expected). See
                        https://matomo.org/faq/how-to/faq_17033/
  --replay-tracking-expected-tracker-file REPLAY_TRACKING_EXPECTED_TRACKER_FILE
                        The expected suffix for tracking request paths. Only
                        logs whose paths end with this will be imported. By
                        default requests to the piwik.php file or the
                        matomo.php file will be imported.
  --output OUTPUT       Redirect output (stdout and stderr) to the specified
                        file
  --encoding ENCODING   Log files encoding (default: utf8)
  --disable-bulk-tracking
                        Disables use of bulk tracking so recorders record one
                        hit at a time.
  --debug-force-one-hit-every-Ns FORCE_ONE_ACTION_INTERVAL
                        Debug option that will force each recorder to record
                        one hit every N secs.
  --force-lowercase-path
                        Make URL path lowercase so paths with the same letters
                        but different cases are treated the same.
  --enable-testmode     If set, it will try to get the token_auth from the
                        matomo_tests directory
  --download-extensions DOWNLOAD_EXTENSIONS
                        By default Matomo tracks as Downloads the most popular
                        file extensions. If you set this parameter (format:
                        pdf,doc,...) then files with an extension found in the
                        list will be imported as Downloads, other file
                        extensions downloads will be skipped.
  --add-download-extensions EXTRA_DOWNLOAD_EXTENSIONS
                        Add extensions that should be treated as downloads.
                        See --download-extensions for more info.
  --w3c-map-field KEY=VAL
                        Map a custom log entry field in your W3C log to a
                        default one. Use this option to load custom log files
                        that use the W3C extended log format such as those
                        from the Advanced Logging W3C module. Used as, eg,
                        --w3c-map-field my-date=date. Recognized default
                        fields include: date, time, cs-uri-stem, cs-uri-query,
                        c-ip, cs(User-Agent), cs(Referer), sc-status, sc-
                        bytes, cs-host, cs-method, cs-username, time-taken
                        Formats that extend the W3C extended log format (like
                        the cloudfront RTMP log format) may define more fields
                        that can be mapped.
  --w3c-time-taken-millisecs
                        If set, interprets the time-taken W3C log field as a
                        number of milliseconds. This must be set for importing
                        IIS logs.
  --w3c-fields W3C_FIELDS
                        Specify the '#Fields:' line for a log file in the W3C
                        Extended log file format. Use this option if your log
                        file doesn't contain the '#Fields:' line which is
                        required for parsing. This option must be used in
                        conjunction with --log-format-name=w3c_extended.
                        Example: --w3c-fields='#Fields: date time c-ip ...'
  --w3c-field-regex KEY=VAL
                        Specify a regex for a field in your W3C extended log
                        file. You can use this option to parse fields the
                        importer does not natively recognize and then use one
                        of the --regex-group-to-XXX-cvar options to track the
                        field in a custom variable. For example, specifying
                        --w3c-field-regex=sc-
                        win32-status=(?P<win32_status>\S+) --regex-group-to-
                        page-cvar="win32_status=Windows Status Code" will
                        track the sc-win32-status IIS field in the 'Windows
                        Status Code' custom variable. Regexes must contain a
                        named group.
  --title-category-delimiter TITLE_CATEGORY_DELIMITER
                        If --enable-http-errors is used, errors are shown in
                        the page titles report. If you have changed
                        General.action_title_category_delimiter in your Matomo
                        configuration, you need to set this option to the same
                        value in order to get a pretty page titles report.
  --dump-log-regex      Prints out the regex string used to parse log lines
                        and exists. Can be useful for using formats in newer
                        versions of the script in older versions of the
                        script. The output regex can be used with the --log-
                        format-regex option.
  --ignore-groups REGEX_GROUPS_TO_IGNORE
                        Comma separated list of regex groups to ignore when
                        parsing log lines. Can be used to, for example,
                        disable normal user id tracking. See documentation for
                        --log-format-regex for list of available regex groups.
  --regex-group-to-visit-cvar KEY=VAL
                        Track an attribute through a custom variable with
                        visit scope instead of through Matomo's normal
                        approach. For example, to track usernames as a custom
                        variable instead of through the uid tracking
                        parameter, supply --regex-group-to-visit-
                        cvar="userid=User Name". This will track usernames in
                        a custom variable named 'User Name'. The list of
                        available regex groups can be found in the
                        documentation for --log-format-regex (additional regex
                        groups you may have defined in --log-format-regex can
                        also be used).
  --regex-group-to-page-cvar KEY=VAL
                        Track an attribute through a custom variable with page
                        scope instead of through Matomo's normal approach. For
                        example, to track usernames as a custom variable
                        instead of through the uid tracking parameter, supply
                        --regex-group-to-page-cvar="userid=User Name". This
                        will track usernames in a custom variable named 'User
                        Name'. The list of available regex groups can be found
                        in the documentation for --log-format-regex
                        (additional regex groups you may have defined in
                        --log-format-regex can also be used).
  --track-http-method TRACK_HTTP_METHOD
                        Enables tracking of http method as custom page
                        variable if method group is available in log format.
  --retry-max-attempts MAX_ATTEMPTS
                        The maximum number of times to retry a failed tracking
                        request.
  --retry-delay DELAY_AFTER_FAILURE
                        The number of seconds to wait before retrying a failed
                        tracking request.
  --request-timeout REQUEST_TIMEOUT
                        The maximum number of seconds to wait before
                        terminating an HTTP request to Matomo.
  --include-host INCLUDE_HOST
                        Only import logs from the specified host(s).
  --exclude-host EXCLUDE_HOST
                        Only import logs that are not from the specified
                        host(s).
  --exclude-older-than EXCLUDE_OLDER_THAN
                        Ignore logs older than the specified date. Exclusive.
                        Date format must be YYYY-MM-DD hh:mm:ss +/-0000. The
                        timezone offset is required.
  --exclude-newer-than EXCLUDE_NEWER_THAN
                        Ignore logs newer than the specified date. Exclusive.
                        Date format must be YYYY-MM-DD hh:mm:ss +/-0000. The
                        timezone offset is required.
  --add-to-date SECONDS_TO_ADD_TO_DATE
                        A number of seconds to add to each date value in the
                        log file.
  --request-suffix REQUEST_SUFFIX
                        Extra parameters to append to tracker and API
                        requests.
  --accept-invalid-ssl-certificate
                        Do not verify the SSL / TLS certificate when
                        contacting the Matomo server.
  --php-binary PHP_BINARY
                        Specify the PHP binary to use.

About Matomo Server Log Analytics: https://matomo.org/log-analytics/ Found a
bug? Please create a ticket in https://github.com/matomo-org/matomo-log-
analytics/ Please send your suggestions or successful user story to
hello@matomo.org

Quelle: https://github.com/matomo-org/matomo-log-analytics/#readme

Matomo Console Cheat Sheet

cd /var/www/html/matomo

./console list

./console cache:clear-caches

./console core:archive
./console core:archive --url=https://analytics.example.com > /var/log/piwik-archive.log  1> /dev/null
./console core:convert-to-utf8mb4 --show
./console core:run-scheduled-tasks
./console core:update

# You'll find the names of all sections in /var/www/html/matomo/config/global.ini.php

./console config:get --section=APISettings
./console config:get --section=ArrayCache
./console config:get --section=Cache
./console config:get --section=ChainedCache
./console config:get --section=CoreUpdater
./console config:get --section=Debug
./console config:get --section=Deletelogs
./console config:get --section=Deletereports
./console config:get --section=Development
./console config:get --section=FileCache
./console config:get --section=General
./console config:get --section=GeoIp2
./console config:get --section=Languages
./console config:get --section=Live
./console config:get --section=log
./console config:get --section=Login
./console config:get --section=LoginOIDC
./console config:get --section=mail
./console config:get --section=Plugins
./console config:get --section=PluginsInstalled
./console config:get --section=PrivacyManager
./console config:get --section=proxy
./console config:get --section=RedisCache
./console config:get --section=Segments
./console config:get --section=Tracker
./console config:get --section=TwoFactorAuth

./console config:set --section database --key=host --value=127.0.0.1

./console database:optimize-archive-tables 2016-0{1..9} 2016-1{0..2} 2017-0{1..9} 2017-1{0..2}

./console diagnostics:run

Daten aufräumen

Rohdaten für einen bestimmten Tag löschen:

  • Zunächst Rohdaten per Matomo > Administration > Privacy > GDPR Tools löschen, beispielsweise auf Basis „Time in UTC“ „Starts with“ „2020-12-09“. Muss evtl. mehrfach wiederholt werden, da die Seite die Ergebnisliste begrenzt.

  • Dann historische Daten entfernen: ./console core:invalidate-report-data --periods=all --cascade --dates=2020-12-09,2020-12-10 --sites=2

Update/Upgrade

Eine bestehende Matomo-Installation wird wie folgt per Kommandozeile aktualisiert:

Dateibasis aktualisieren:

INSTALL_DIR=/var/www/html/matomo

rm -f /tmp/latest.zip*
rm -rf /tmp/matomo*

wget http://builds.matomo.org/latest.zip --output-document=/tmp/latest.zip
unzip -o /tmp/latest.zip -d /tmp

mkdir -p $INSTALL_DIR
\cp -r /tmp/matomo/* $INSTALL_DIR/

rm -rf /tmp/matomo

chmod +w $INSTALL_DIR/matomo.js
chmod +w $INSTALL_DIR/config/config.ini.php
chown -R apache:apache $INSTALL_DIR
restorecon -Fvr $INSTALL_DIR

systemctl restart php-fpm.service

Das eigentliche Upgrade:

php $INSTALL_DIR/console --matomo-domain=analytics.example.com core:update
php $INSTALL_DIR/console --matomo-domain=analytics.example.com core:clear-caches
php $INSTALL_DIR/console --matomo-domain=analytics.example.com core:run-scheduled-tasks

php $INSTALL_DIR/console diagnostics:run

GeoIP

Im Web-GUI unter System > Geolocation nachsehen, wie eine GeoIP-Datenbank (Maxmind empfohlen) aufzusetzen ist.

Troubleshooting

Probleme?
php /var/www/html/matomo/console diagnostics:run
Probleme nach dem Update? z.B. PHP Fatal error:  Cannot override final method Piwik\Plugin\ConsoleCommand::execute() in /var/www/html/matomo/plugins/CoreConsole/Commands/GenerateAngularComponent.php on line 27 beim Aufruf von console

Der oben beschriebene (und von Matomo empfohlene) Update-Vorgang aktualisiert nur bestehende und neue Files auf dem Server, löscht aber niemals alte Files. Das kann zu Problemen führen, wenn es Files in einer neueren Version von Matomo nicht mehr geben sollte. Um dies zu beheben müssen die überflüssigen Files entfernen werden, am besten indem die Files auf dem Server mit den Files in der ZIP-Datei vergleicht werden. Bei der obigen Fehlermeldung hilft folgendes (siehe https://github.com/matomo-org/matomo/issues/21718):

\rm -f /var/www/html/matomo/plugins/CoreConsole/Commands/GenerateAngularComponent.php
\rm -f /var/www/html/matomo/plugins/CoreConsole/Commands/GenerateAngularConstructBase.php
\rm -f /var/www/html/matomo/plugins/CoreConsole/Commands/GenerateAngularDirective.php

php /var/www/html/matomo/console diagnostics:run
Unable to write in the cache directory (var/www/html/matomo/tmp/templates_c/8a).
php /var/www/html/matomo/console core:clear-caches
Unable to execute check for https://analytics.example.com/tmp/: curl_exec: Connection timed out after 2000 milliseconds. Hostname requested was: analytics.example.com

Matomo rennt bei lokalem Aufruf von curl https://analytics.example.com in einen Timeout. Könnte an fehlenden /etc/hosts-Einträgen auf dem Matomo-Host liegen.

Built on 2024-02-28