From 3319e287d4ff138df1fa0c2062f88f1cf5316437 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 27 Dec 2022 14:34:52 -0500 Subject: [PATCH 1/7] Disable trusted host check for Matomo Per 2022-12-27 IIAB community minutes 3b. --- roles/matomo/tasks/install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index a85577936..e58cac922 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -211,6 +211,11 @@ owner: "{{ apache_user }}" group: "{{ apache_user }}" +- name: Don't Check for Trusted Host + ansible.builtin.lineinfile: + path: "{{ matomo_path }}/matomo/config/config.ini.php" + line: enable_trusted_host_check=0 + insertafter: "[General]" # RECORD Matomo AS INSTALLED From 34463b800fb5cc57c221e96321b68b038882bb26 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 27 Dec 2022 15:02:38 -0500 Subject: [PATCH 2/7] Fix regex for lineinfile --- roles/matomo/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index e58cac922..76e5010c7 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -214,8 +214,8 @@ - name: Don't Check for Trusted Host ansible.builtin.lineinfile: path: "{{ matomo_path }}/matomo/config/config.ini.php" - line: enable_trusted_host_check=0 - insertafter: "[General]" + line: "enable_trusted_host_check=0" + insertafter: "^\[General\]$" # RECORD Matomo AS INSTALLED From 7fb4bdde881bcd530070aca36165ead1755163a7 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 27 Dec 2022 15:20:22 -0500 Subject: [PATCH 3/7] Escape equals for skip trusted host check --- roles/matomo/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 76e5010c7..0ad386d86 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -214,7 +214,7 @@ - name: Don't Check for Trusted Host ansible.builtin.lineinfile: path: "{{ matomo_path }}/matomo/config/config.ini.php" - line: "enable_trusted_host_check=0" + line: "enable_trusted_host_check\=0" insertafter: "^\[General\]$" # RECORD Matomo AS INSTALLED From 424f15c4d255e51404d6356c1e9e35e85dee63c1 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Tue, 27 Dec 2022 15:56:14 -0500 Subject: [PATCH 4/7] Switch from lineinfile to ini_file lineinfile was really struggling to handle a k/v value with "=" in it. ini_file is built for precisely this file format and handles the issue effortlessly. --- roles/matomo/tasks/install.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 0ad386d86..49dc98dc7 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -212,10 +212,11 @@ group: "{{ apache_user }}" - name: Don't Check for Trusted Host - ansible.builtin.lineinfile: + ini_file: path: "{{ matomo_path }}/matomo/config/config.ini.php" - line: "enable_trusted_host_check\=0" - insertafter: "^\[General\]$" + section: General + option: enable_trusted_host_check + value: 0 # RECORD Matomo AS INSTALLED From e635b25d7af0ecd1f01f8778bc3b24ff935f1ab2 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Thu, 29 Dec 2022 05:15:05 -0500 Subject: [PATCH 5/7] Don't make slash required in Matomo URL --- roles/matomo/templates/matomo-nginx.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matomo/templates/matomo-nginx.conf.j2 b/roles/matomo/templates/matomo-nginx.conf.j2 index 21ae9ddfa..0a7b91609 100644 --- a/roles/matomo/templates/matomo-nginx.conf.j2 +++ b/roles/matomo/templates/matomo-nginx.conf.j2 @@ -12,6 +12,6 @@ location ~ ^/matomo(.*)\.php(.*)$ { fastcgi_param PATH_INFO $2; } -location ~ ^/matomo/ { +location ~ ^/matomo(/)? { root /library/www; } From 27b0c5b843537b8990b229e33179a1dd524d3c4c Mon Sep 17 00:00:00 2001 From: cwivagg Date: Thu, 29 Dec 2022 06:20:53 -0500 Subject: [PATCH 6/7] Add required PHP extensions --- roles/matomo/tasks/install.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml index 49dc98dc7..40d9c539d 100644 --- a/roles/matomo/tasks/install.yml +++ b/roles/matomo/tasks/install.yml @@ -10,6 +10,17 @@ # TASK [matomo : HTTP Get Welcome] *************************************************************************************************************************************** # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} +# https://matomo.org/faq/on-premise/matomo-requirements/ +- name: Install Matomo's recommended PHP extensions + package: + name: + - php{{ php_version }}-curl + - php{{ php_version }}-gd + - php{{ php_version }}-cli + - php{{ php_version }}-mysql + - php{{ php_version }}-xml + - php{{ php_version }}-mbstring + - name: Start MariaDB #action: service name=mysql state=started systemd: From 74c680cc6d833058cc41bf2e658e0c6e33fb3383 Mon Sep 17 00:00:00 2001 From: cwivagg Date: Thu, 29 Dec 2022 10:21:34 -0500 Subject: [PATCH 7/7] Update README Remove notes about trusted website check to reflect this patch, and add note about time zone. --- roles/matomo/README.adoc | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc index 0abedbbfa..7bef1f07e 100644 --- a/roles/matomo/README.adoc +++ b/roles/matomo/README.adoc @@ -41,13 +41,6 @@ Log in to your IIAB's full Matomo URL, e.g. http://box.lan/matomo, as arranged a Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/ -WARNING: If your IIAB URL is *not* http://box.lan, you may run into a big orange warning from Matomo that it has been configured to run from a different address. Here are the steps to fix this problem. - -1. Copy the IP address listed in the box below "How do I fix this problem and how do I log in again?" For example, I see `trusted_hosts[] = "192.168.64.10"`, so I copy `"192.168.64.10"`. -2. Run `sudo nano /library/www/matomo/config/config.ini.php` to edit Matomo's config file. -3. Paste or type the IP address from Step 1 to replace `"box.lan"` in the `trusted_hosts` line, which should be about line 13. When I'm done, my line 13 says `trusted_hosts[] = "192.168.64.10"` instead of `trusted_hosts[] = "box.lan"`. -4. Refresh the Matomo homepage and the warning should be gone. -5. Optionally, see the https://forum.matomo.org/t/trusted-hostname/11963[advanced tips] in https://forum.matomo.org/[Matomo's Forum]. WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (which are the events that trigger the log scraper!) @@ -65,6 +58,9 @@ Below the *Visitors* button is a second button, *Behavior*. Click on the *Pages* 2. One thing Matomo can't track correctly is navigation within KA Lite (Khan Academy) pages. If your users are spending a lot of time here, it won't be visible in the Matomo statistics. +3. Time Zones: The Matomo installer's default behavior in "Configure Matomo to track IIAB" is to pick up the system time zone when none is supplied. If this doesn't work, you can set the time zone to whatever you prefer from the Matomo home page. In testing, Matomo picked up the system time zone on a regular Multipass Ubuntu instance. However, it was unable to do so on a VirtualBox Ubuntu instance. Thus, we provide a fallback behavior "Fallback Configure Matomo to track IIAB" that picks an arbitrary time zone. The fallback fires only when the form with an empty time zone is submitted and returns a 200 status code instead of 302, indicating that form submission failed. + + == Credits Carl Wivagg