Skip to content

Commit

Permalink
No longer use volume for Matomo install (#143)
Browse files Browse the repository at this point in the history 
* No longer use volume for Matomo install

Having the code base in a volume makes upgrades and migrations a pain,
additionaly the file copies on initial startup can be really slow on NFS
drives.

Having a volume allows for the dynamic installation of plugins, but then
that is specific to that instance, if you were to run a several stage
environment dev/stage/prod then one would need to manually check that
the plugins exist is each environment. Better would be to extend the
image and pack the plugins in with the installation.

@see matomo-org/docker#57
@see matomo-org/docker#161

* Matomo: create a per-site administrator in addition to the super administrator for all sites.
  • Loading branch information
@nigelgbanks
nigelgbanks committed May 12, 2022
1 parent c85af8b commit 624cbf8
Show file tree
Hide file tree
Showing 5 changed files with 67 additions and 32 deletions.
2 changes: 1 addition & 1 deletion matomo/Dockerfile
View file
Expand Up @@ -36,7 +36,7 @@ ENV \
MATOMO_USER_NAME=admin \
MATOMO_USER_PASS='$2y$10$S38e7HPM9LI3aOIvcnRsfuMCm4ipNP572QsvbCK60upoHVJ61hMrS'

COPY --from=download --chown=nginx:nginx /opt/matomo /opt/matomo
COPY --from=download --chown=nginx:nginx /opt/matomo /var/www/matomo

COPY rootfs /

Expand Down
42 changes: 23 additions & 19 deletions matomo/README.md
View file
Expand Up @@ -23,20 +23,20 @@ metrics for.

### Confd Settings

| Environment Variable | Confd Key | Default | Description |
| :---------------------------- | :----------------------------- | :----------------------------------------------------------- | :------------------------------------------------------------ |
| MATOMO_ASSUME_SECURE_PROTOCOL | /matomo/assume/secure/protocol | 1 | <https://matomo.org/faq/how-to-install/faq_98/> |
| MATOMO_DEFAULT_HOST | /matomo/default/host | islandora.traefik.me | The URL of the default site for which to gather metrics for |
| MATOMO_DEFAULT_NAME | /matomo/default/name | Islandora | The name of the default site |
| MATOMO_DEFAULT_TIMEZONE | /matomo/default/timezone | America/Halifax | The timezone where the default site is hosted |
| MATOMO_FORCE_SSL | /matomo/force/ssl | 1 | <https://matomo.org/faq/how-to/faq_91/> |
| MATOMO_PROXY_CLIENT_HEADERS | /matomo/proxy/client/headers | HTTP_X_FORWARDED_FOR | <https://matomo.org/faq/how-to-install/faq_98/> |
| MATOMO_PROXY_HOST_HEADERS | /matomo/proxy/host/headers | HTTP_X_FORWARDED_HOST | <https://matomo.org/faq/how-to-install/faq_98/> |
| MATOMO_PROXY_URI_HEADER | /matomo/proxy/uri/header | 1 | <https://matomo.org/faq/how-to-install/faq_98/> |
| MATOMO_SALT | /matomo/salt | 5a472390550bd59e4428a41aa472137b | Used to generate hashes. |
| MATOMO_USER_EMAIL | /matomo/user/email | admin@example.org | The site administrator email |
| MATOMO_USER_NAME | /matomo/user/name | admin | The site administrator user |
| MATOMO_USER_PASS | /matomo/user/pass | $2y$10$S38e7HPM9LI3aOIvcnRsfuMCm4ipNP572QsvbCK60upoHVJ61hMrS | The site administrator's password (See how to generate below) |
| Environment Variable | Confd Key | Default | Description |
| :---------------------------- | :----------------------------- | :----------------------------------------------------------- | :-------------------------------------------------------------- |
| MATOMO_ASSUME_SECURE_PROTOCOL | /matomo/assume/secure/protocol | 1 | <https://matomo.org/faq/how-to-install/faq_98/> |
| MATOMO_DEFAULT_HOST | /matomo/default/host | islandora.traefik.me | The URL of the default site for which to gather metrics for |
| MATOMO_DEFAULT_NAME | /matomo/default/name | Islandora | The name of the default site |
| MATOMO_DEFAULT_TIMEZONE | /matomo/default/timezone | America/Halifax | The timezone where the default site is hosted |
| MATOMO_FORCE_SSL | /matomo/force/ssl | 1 | <https://matomo.org/faq/how-to/faq_91/> |
| MATOMO_PROXY_CLIENT_HEADERS | /matomo/proxy/client/headers | HTTP_X_FORWARDED_FOR | <https://matomo.org/faq/how-to-install/faq_98/> |
| MATOMO_PROXY_HOST_HEADERS | /matomo/proxy/host/headers | HTTP_X_FORWARDED_HOST | <https://matomo.org/faq/how-to-install/faq_98/> |
| MATOMO_PROXY_URI_HEADER | /matomo/proxy/uri/header | 1 | <https://matomo.org/faq/how-to-install/faq_98/> |
| MATOMO_SALT | /matomo/salt | 5a472390550bd59e4428a41aa472137b | Used to generate hashes. |
| MATOMO_USER_EMAIL | /matomo/user/email | admin@example.org | The matomo administrator email |
| MATOMO_USER_NAME | /matomo/user/name | admin | The matomo administrator user |
| MATOMO_USER_PASS | /matomo/user/pass | $2y$10$S38e7HPM9LI3aOIvcnRsfuMCm4ipNP572QsvbCK60upoHVJ61hMrS | The matomo administrator's password (See how to generate below) |

To regenerate a the `MATOMO_USER_PASS` you must use the following snippet of
[PHP](https://matomo.org/faq/how-to/faq_191/).
Expand Down Expand Up @@ -73,11 +73,15 @@ Additional multi-sites can be defined by adding more environment variables,
following the above conventions, only the `MATOMO_SITE_{SITE}_HOST` is required
to create an additional site:

| Environment Variable | Confd Key | Default | Description |
| :-------------------------- | :--------------------------- | :-------------- | :-------------------------------------------------- |
| MATOMO_SITE_{SITE}_HOST | /matomo/site/{SITE}/host | | The URL of the site for which to gather metrics for |
| MATOMO_SITE_{SITE}_NAME | /matomo/site/{SITE}/name | {SITE} | The name of the site |
| MATOMO_SITE_{SITE}_TIMEZONE | /matomo/site/{SITE}/timezone | America/Halifax | The timezone the site is hosted in |
| Environment Variable | Confd Key | Default | Description |
| :---------------------------- | :----------------------------- | :----------------------------------------------------------- | :------------------------------------------------------------ |
| MATOMO_SITE_{SITE}_HOST | /matomo/site/{SITE}/host | | The URL of the site for which to gather metrics for |
| MATOMO_SITE_{SITE}_NAME | /matomo/site/{SITE}/name | {SITE} | The name of the site |
| MATOMO_SITE_{SITE}_TIMEZONE | /matomo/site/{SITE}/timezone | America/Halifax | The timezone the site is hosted in |
| MATOMO_SITE_{SITE}_TIMEZONE | /matomo/site/{SITE}/timezone | America/Halifax | The timezone the site is hosted in |
| MATOMO_SITE_{SITE}_USER_EMAIL | /matomo/site/{SITE}/user/email | admin@example.org | The site administrator email |
| MATOMO_SITE_{SITE}_USER_NAME | /matomo/site/{SITE}/user/name | {SITE}_admin | The site administrator user |
| MATOMO_SITE_{SITE}_USER_PASS | /matomo/site/{SITE}/user/pass | $2y$10$S38e7HPM9LI3aOIvcnRsfuMCm4ipNP572QsvbCK60upoHVJ61hMrS | The site administrator's password (See how to generate above) |

[base image]: ../base/README.md
[Matomo Documentation]: https://matomo.org/docs/
Expand Down
18 changes: 18 additions & 0 deletions matomo/rootfs/etc/cont-init.d/00-container-environment-01-set-subsite-defaults.sh
View file
Expand Up @@ -39,5 +39,23 @@ MATOMO_SUBSITES=$(</var/run/s6/container_environment/MATOMO_SUBSITES)
;;
esac
done
for FILE in /var/run/s6/container_environment/MATOMO_USER_*
do
DEFAULT_VAR=$(basename "${FILE}")
SUFFIX=${DEFAULT_VAR##MATOMO_}
VAR=MATOMO_SITE_${MATOMO_SITE}_${SUFFIX}
SITE=$(echo "${MATOMO_SITE}" | tr '[:upper:]' '[:lower:]')
KEY=$(echo "${VAR}" | tr '[:upper:]' '[:lower:]' | tr '_' '/')
# Some defaults are derived from the site name all others
# can just use the same default values as the 'default' site.
case ${SUFFIX} in
USER_NAME)
echo "${VAR}=\"{{ getv \"/${KEY}\" \"${SITE}_admin\" }}\""
;;
*) # Use same default value as the 'default' site.
echo "${VAR}=\"{{ getv \"/${KEY}\" (getenv \"${DEFAULT_VAR}\") }}\""
;;
esac
done
done
} | /usr/local/bin/confd-import-environment.sh
11 changes: 0 additions & 11 deletions matomo/rootfs/etc/cont-init.d/00-matomo-deploy.sh
View file

This file was deleted.

26 changes: 25 additions & 1 deletion matomo/rootfs/etc/cont-init.d/03-matomo-setup.sh
View file
Expand Up @@ -85,13 +85,21 @@ function update_site {
local name=$(matomo_site_env "${site}" "NAME")
local host=$(matomo_site_env "${site}" "HOST")
local timezone=$(matomo_site_env "${site}" "TIMEZONE")
local user=$(matomo_site_env "${site}" "USER_NAME")
local password=$(matomo_site_env "${site}" "USER_PASS")
local email=$(matomo_site_env "${site}" "USER_EMAIL")
local token=$(echo "${user}-$(date +%s)" | md5sum | cut -f1 -d' ') # token must be an unique MD5.
cat <<- EOF | execute-sql-file.sh
USE ${MATOMO_DB_NAME};
SET @site = '${site}',
@name = '${name}',
@host = '${host}',
@timezone = '${timezone}';
@timezone = '${timezone}',
@user = '${user}',
@password = '${password}',
@email = '${email}',
@token = '${token}';
-- Update or create row if 'site' already exists.
-- Default values come from 'create-matomo-database.sql.tmpl'.
Expand All @@ -101,6 +109,22 @@ ON DUPLICATE KEY UPDATE
name = @name,
main_url = @host,
timezone = @timezone;
-- Update or create row if 'user' already exists.
INSERT INTO matomo_user (login, password, alias, email, twofactor_secret, token_auth, superuser_access, date_registered, ts_password_modified)
VALUES (@user, @password, @user, @email, '', @token, 0, NOW(), NOW())
ON DUPLICATE KEY UPDATE
password = @password,
email = @email,
ts_password_modified = NOW();
-- Update or create row for the admin user to 'access' the site.
INSERT INTO matomo_access (login, idsite, access)
SELECT @user, idsite, 'admin'
FROM matomo_site
WHERE name = @name
ON DUPLICATE KEY UPDATE
idsite = matomo_site.idsite;
EOF
}

Expand Down

0 comments on commit 624cbf8

Please sign in to comment.