u8sand · February 13, 2023 18:24
diff --git a/!matomo-nginx.md b/!matomo-nginx.md
diff --git a/.env.example b/.env.example
 MYSQL_DATABASE=matomo
 MYSQL_USERNAME=matomo
 MYSQL_PASSWORD=
diff --git a/docker-compose.yaml b/docker-compose.yaml
 version: '3'
 services:
  matomo:
    build: .
    image: maayanlab/matomo:4.13.3
    ports:
      - 8080:80
    environment:
      - MATOMO_DATABASE_ADAPTER=mysql
      - MARIADB_AUTO_UPGRADE=1
      - MATOMO_DATABASE_TABLES_PREFIX=matomo_
      - MATOMO_DATABASE_HOST=mariadb
      - MATOMO_DATABASE_DBNAME=${MYSQL_DATABASE}
      - MATOMO_DATABASE_USERNAME=${MYSQL_USERNAME}
      - MATOMO_DATABASE_PASSWORD=${MYSQL_PASSWORD}
      - PHP_MEMORY_LIMIT=2048M
    volumes:
      - ./data/matomo:/var/www/html
  mariadb:
    image: mariadb
    environment:
      - MARIADB_DATABASE=${MYSQL_DATABASE}
      - MARIADB_USER=${MYSQL_USERNAME}
      - MARIADB_PASSWORD=${MYSQL_PASSWORD}
      - MARIADB_RANDOM_ROOT_PASSWORD=true
    volumes:
      - ./data/mariadb:/var/lib/mysql
diff --git a/Dockerfile b/Dockerfile
 FROM matomo:4.13.3-fpm-alpine

 RUN apk add --no-cache nginx supervisor
 ADD matomo.nginx.conf /etc/nginx/http.d/default.conf
 ADD supervisord.conf /etc/supervisord.conf
 VOLUME ["/var/www/html"]
 EXPOSE 80

 CMD ["supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/matomo.nginx.conf b/matomo.nginx.conf
 upstream php-handler {
 	server 127.0.0.1:9000;
 }

 server {
 	listen 80;

 	add_header Referrer-Policy origin; # make sure outgoing links don't show the URL to the Matomo instance
 	root /var/www/html; # replace with path to your matomo instance
 	index index.php;
 	try_files $uri $uri/ =404;

 	## only allow accessing the following php files
 	location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs).php {
 		# regex to split $uri to $fastcgi_script_name and $fastcgi_path
 		fastcgi_split_path_info ^(.+\.php)(/.+)$;

 		# Check that the PHP script exists before passing it
 		try_files $fastcgi_script_name =404;

 		include fastcgi_params;
 		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 		fastcgi_param PATH_INFO $fastcgi_path_info;
 		fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
 		fastcgi_pass php-handler;
 	}

 	## deny access to all other .php files
 	location ~* ^.+\.php$ {
 		deny all;
 		return 403;
 	}

 	## disable all access to the following directories
 	location ~ /(config|tmp|core|lang) {
 		deny all;
 		return 403; # replace with 404 to not show these directories exist
 	}
 	location ~ /\.ht {
 		deny all;
 		return 403;
 	}

 	location ~ js/container_.*_preview\.js$ {
 		expires off;
 		add_header Cache-Control 'private, no-cache, no-store';
 	}

 	location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
 		allow all;
 		## Cache images,CSS,JS and webfonts for an hour
 		## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
 		expires 1h;
 		add_header Pragma public;
 		add_header Cache-Control "public";
 	}

 	location ~ /(libs|vendor|plugins|misc/user) {
 		deny all;
 		return 403;
 	}

 	## properly display textfiles in root directory
 	location ~/(.*\.md|LEGALNOTICE|LICENSE) {
 		default_type text/plain;
 	}
 }
diff --git a/supervisord.conf b/supervisord.conf
 [supervisord]
 user = root
 pidfile = /tmp/supervisord.pid
 logfile = /dev/stderr
 logfile_maxbytes=0

 [program:nginx]
 process_name=%(program_name)s_%(process_num)d
 numprocs=1
 startsecs=1
 startretries=3
 autostart=true
 command=/usr/sbin/nginx -g 'daemon off;'
 autorestart=true
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0

 [program:php-fpm]
 process_name=%(program_name)s_%(process_num)d
 numprocs=1
 numprocs_start=1
 startsecs=1
 startretries=3
 autostart=true
 autorestart=true
 command=/usr/local/sbin/php-fpm -F
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0

 [eventlistener:quit_on_failure]
 command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
 events=PROCESS_STATE_FATAL
	version: '3'
	services:
	matomo:
	build: .
	image: maayanlab/matomo:4.13.3
	ports:
	- 8080:80
	environment:
	- MATOMO_DATABASE_ADAPTER=mysql
	- MARIADB_AUTO_UPGRADE=1
	- MATOMO_DATABASE_TABLES_PREFIX=matomo_
	- MATOMO_DATABASE_HOST=mariadb
	- MATOMO_DATABASE_DBNAME=${MYSQL_DATABASE}
	- MATOMO_DATABASE_USERNAME=${MYSQL_USERNAME}
	- MATOMO_DATABASE_PASSWORD=${MYSQL_PASSWORD}
	- PHP_MEMORY_LIMIT=2048M
	volumes:
	- ./data/matomo:/var/www/html
	mariadb:
	image: mariadb
	environment:
	- MARIADB_DATABASE=${MYSQL_DATABASE}
	- MARIADB_USER=${MYSQL_USERNAME}
	- MARIADB_PASSWORD=${MYSQL_PASSWORD}
	- MARIADB_RANDOM_ROOT_PASSWORD=true
	volumes:
	- ./data/mariadb:/var/lib/mysql
	FROM matomo:4.13.3-fpm-alpine

	RUN apk add --no-cache nginx supervisor
	ADD matomo.nginx.conf /etc/nginx/http.d/default.conf
	ADD supervisord.conf /etc/supervisord.conf
	VOLUME ["/var/www/html"]
	EXPOSE 80

	CMD ["supervisord", "-n", "-c", "/etc/supervisord.conf"]
	upstream php-handler {
	server 127.0.0.1:9000;
	}

	server {
	listen 80;

	add_header Referrer-Policy origin; # make sure outgoing links don't show the URL to the Matomo instance
	root /var/www/html; # replace with path to your matomo instance
	index index.php;
	try_files $uri $uri/ =404;

	## only allow accessing the following php files
	location ~ ^/(index\|matomo\|piwik\|js/index\|plugins/HeatmapSessionRecording/configs).php {
	# regex to split $uri to $fastcgi_script_name and $fastcgi_path
	fastcgi_split_path_info ^(.+\.php)(/.+)$;

	# Check that the PHP script exists before passing it
	try_files $fastcgi_script_name =404;

	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param PATH_INFO $fastcgi_path_info;
	fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
	fastcgi_pass php-handler;
	}

	## deny access to all other .php files
	location ~* ^.+\.php$ {
	deny all;
	return 403;
	}

	## disable all access to the following directories
	location ~ /(config\|tmp\|core\|lang) {
	deny all;
	return 403; # replace with 404 to not show these directories exist
	}
	location ~ /\.ht {
	deny all;
	return 403;
	}

	location ~ js/container_.*_preview\.js$ {
	expires off;
	add_header Cache-Control 'private, no-cache, no-store';
	}

	location ~ \.(gif\|ico\|jpg\|png\|svg\|js\|css\|htm\|html\|mp3\|mp4\|wav\|ogg\|avi\|ttf\|eot\|woff\|woff2\|json)$ {
	allow all;
	## Cache images,CSS,JS and webfonts for an hour
	## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
	expires 1h;
	add_header Pragma public;
	add_header Cache-Control "public";
	}

	location ~ /(libs\|vendor\|plugins\|misc/user) {
	deny all;
	return 403;
	}

	## properly display textfiles in root directory
	location ~/(.*\.md\|LEGALNOTICE\|LICENSE) {
	default_type text/plain;
	}
	}
	[supervisord]
	user = root
	pidfile = /tmp/supervisord.pid
	logfile = /dev/stderr
	logfile_maxbytes=0

	[program:nginx]
	process_name=%(program_name)s_%(process_num)d
	numprocs=1
	startsecs=1
	startretries=3
	autostart=true
	command=/usr/sbin/nginx -g 'daemon off;'
	autorestart=true
	stderr_logfile=/dev/stderr
	stderr_logfile_maxbytes=0
	stdout_logfile=/dev/stdout
	stdout_logfile_maxbytes=0

	[program:php-fpm]
	process_name=%(program_name)s_%(process_num)d
	numprocs=1
	numprocs_start=1
	startsecs=1
	startretries=3
	autostart=true
	autorestart=true
	command=/usr/local/sbin/php-fpm -F
	stderr_logfile=/dev/stderr
	stderr_logfile_maxbytes=0
	stdout_logfile=/dev/stdout
	stdout_logfile_maxbytes=0

	[eventlistener:quit_on_failure]
	command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
	events=PROCESS_STATE_FATAL