Install a Matomo (a well-known Free as in freedom web analytic platform) instance in WMCH members server and exposes via a new subdomain matomo.wikimedia.ch.
This will be used for some purposes, for example:
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | None | T277278 Implement OAuth login into Wikimini | |||
| Restricted Task | |||||
| Open | None | T268880 Upgrade production Wikimini from MediaWiki 1.28.0 to at least 1.31 (current Debian GNU/Linux stable) | |||
| Resolved | valerio.bozzolan | T268292 Migrate Wikimini into WMCH infrastructure | |||
| Resolved | valerio.bozzolan | T268331 Install a Matomo instance in WMCH Infrastructure |
Our service provider (Moresi) replied to our ticket CUSTOMER-5288 creating our desired DNS entry.
(Oh God they were so quick! They closed our ticket in 10 minutes!)
This is happening now.
We will install Matomo verifying it with the official PGP keys.
$ mkdir -p /var/www/wikimedia.ch/matomo/tmp $ chown www-data: /var/www/wikimedia.ch/matomo/tmp $ cd /var/www/wikimedia.ch/matomo
$ wget https://builds.matomo.org/matomo-latest.tar.gz $ wget https://builds.matomo.org/matomo-latest.tar.gz.asc $ cat matomo-latest.tar.gz.asc -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEgU40b6AaINuwS2gHtdvVklWQojcFAl9arusACgkQtdvVklWQ ojcPrBAAqeat+V3kXaimcN4zPmCHJAi9hCfzfKHif8o64vEyFYX10pk2q7+QEBoA SzO1BDwkcJVRxSPBymYunoTyiWoYSENC1RnR5iYojhAstQP6m62h8xjE9xgQuEpt Q3urkTaTkppf2QGl5xB+uEPB0kvNtVVGwugbwxa8kvdaTZM6IfxNLtdj7k/lhTrj WUCzUgugyXw4SMxdBAJ5OgsqLKSuGjpJArSo2vhl0VImVAnBjmTC7FrIlWDDPlCf JBcuPe3wXMJXANIFKKa8nSK+QpBANQdqpJYWpuC3DzXsMiMe+1pfOe+2z4RldOKU f/g9ASiBAVK7hR5qQqs2A9xxvkZ2p3lk2AzRL7e8052/360CkAXpHKDRcE/IcAq/ m6eANXVW7P9l/ubykQbgiTiGy1A7j6j/xfcVrPZfbNvoczyjQF4lXB4X2U2KREIc J13eSDLu9EQi9vY5XSu9ezeF84mgm8dY0hbv/zkaLPuGqpxfjCSD5lQUfT/M+bUY UpSCVAD1Hawzrg3xb+egeUEuVS/75MxgZVIZI1XWwMpGngAKuBkB7Iln/2XiRrzE 1y9rH1uacoLlgq9ht3mmboPe/0OI1SDq3TAmgVG7gc0plQDwEvYe9AH0IxAYnbMD hFGL7EjMUaFhKp2pEYzaX+iTNDIohNtK0TWE/MUKuaxigwENX6Q= =Vqqh -----END PGP SIGNATURE----- $ sha1sum matomo-latest.tar.gz d27769ce98d8a8101309cf3e4a0e982df39cf37a matomo-latest.tar.gz $ md5sum matomo-latest.tar.gz 97fe646f8c0949a1ba0e0d61fb5ce365 matomo-latest.tar.gz $ gpg --keyserver keys.gnupg.net --recv-keys 814E346FA01A20DBB04B6807B5DBD5925590A237 gpg: key B5DBD5925590A237: public key "Matthieu Aubry <matt@piwik.org>" imported gpg: Total number processed: 1 gpg: imported: 1 $ gpg --fingerprint 814E346FA01A20DBB04B6807B5DBD5925590A237 pub rsa4096 2013-07-24 [SCA] 814E 346F A01A 20DB B04B 6807 B5DB D592 5590 A237 uid [ unknown] Matthieu Aubry <matt@piwik.org> uid [ unknown] Matthieu Aubry <matthieu.aubry@gmail.com> sub rsa4096 2013-07-24 [E] $ gpg --verify matomo-latest.tar.gz.asc matomo-latest.tar.gz gpg: Signature made Fri Sep 11 00:55:39 2020 CEST gpg: using RSA key 814E346FA01A20DBB04B6807B5DBD5925590A237 gpg: Good signature from "Matthieu Aubry <matt@piwik.org>" [unknown] gpg: aka "Matthieu Aubry <matthieu.aubry@gmail.com>" [unknown] $ tar xzf matomo-latest.tar.gz $ mv matomo www $ rm matomo-latest.tar.gz matomo-latest.tar.gz.asc How*.html
$ ln -s /etc/wmch-infrastructure/servers/members2/projects/matomo/apache.conf /etc/apache2/sites-available/wmch.matomo.conf $ a2ensite wmch.matomo Enabling site wmch.matomo. To activate the new configuration, you need to run: systemctl reload apache2 $ apachectl configtest Syntax OK $ systemctl reload apache2
(The connection was interrupted before issuing the last command. I will continue later.)
Continuing.
In the meanwhile they released Matomo 4:
https://matomo.org/blog/2020/11/announcing-matomo-4/
Upgraded.
Issued a Let's Encrypt certificate:
$ certbot certonly --webroot --webroot-path=/var/www/wikimedia.ch/matomo/www -d matomo.wikimedia.ch Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for matomo.wikimedia.ch Using the webroot path /var/www/wikimedia.ch/matomo/www for all unmatched domains. Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/matomo.wikimedia.ch/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/matomo.wikimedia.ch/privkey.pem Your cert will expire on 2021-02-25. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Installed php-gd to make Matomo happy.
sudo apt install php-gd
Also increased the default max allowed packet.
max_allowed_packet = 64M
Not rebooting MySQL. It will be applied on the next reboot.
To harden the installation a bit we reviewed and disabled the unused plugins:
Now the instance is deployed in production. Mark as resolved.