matomo安装
matomo,分析网站流量的利器。
安装matomo需要满足如下条件:
- 安装了nginx或者apache的web服务器。
- mysql5.7+版本
- php7+版本且安装gd、pdo、pdo_mysql模块
安装nginx
首先安装oepnssl、zlib、pcre等依赖包:
sudo yum -y install openssl openssl-devel zlib zlib-devel pcre pcre-devel gcc gcc-c++ wget autoconf automake make
接着下载nginx源码并编译:
wget -c http://nginx.org/download/nginx-1.16.0.tar.gz
tar -zxvf nginx-16.0.tar.gz -C ~/nginx-16.0
cd ~/nginx-16.0
sudo ./configure --user=echoxu --group=echoxu --prefix=/usr/local/nginx-16.0/nginx-1.14.2 \
--with-zlib=/usr/local/nginx-16.0/tools/zlib-1.2.11 \
--with-pcre=/usr/local/nginx-16.0/tools/pcre-8.42 \
--with-http_stub_status_module --with-http_gzip_static_module \
--with-http_realip_module --with-http_ssl_module \
--with-openssl=/usr/local/nginx-16.0/tools/openssl-1.0.2p --with-http_mp4_module \
--with-http_v2_module --with-http_secure_link_module \
--with-google_perftools_module --with-threads --with-file-aio
sudo make -j 4
sudo make install
这样nginx就安装完成.
二进制安装mysql
- 初始化mysql
sudo groupadd mysql
sudo useradd -r -g mysql -s /sbin/nologin mysql
wget -c https://cdn.mysql.com//Downloads/MySQL-8.0/mysql-8.0.17-linux-glibc2.12-x86_64.tar.xz
tar -xvJf mysql-8.0.17-linux-glibc2.12-x86_64.tar.xz -C /usr/local/
cd /usr/local/mysql-8.0.17-linux-glibc2.12-x86_64
sudo chown -R mysql.mysql .
sudo bin/mysqld --initialize --basedir=/usr/local/mysql-8.0.17-linux-glibc2.12-x86_64 --datadir=/usr/local/mysql-8.0.17-linux-glibc2.12-x86_64/data #初始化过程中会提供一个随机的登录密码,请记住.
sudo ln -s /usr/local/mysql-8.0.17-linux-glibc2.12-x86_64 mysql
- 配置my.cnf
[mysqld]
datadir=/usr/local/mysql-8.0.17-linux-glibc2.12-x86_64/data
socket=/usr/local/mysql-8.0.17-linux-glibc2.12-x86_64/run/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
#skip_grant_files
[mysqld_safe]
log-error=/usr/local/mysql-8.0.17-linux-glibc2.12-x86_64/logs/mysqlerr.log
pid-file=/usr/local/mysql-8.0.17-linux-glibc2.12-x86_64/run/mysql.pid
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
注意
注意修改上面的datadir等值,最好是从别处拷贝my.cnf并备份覆盖/etc/my.cnf文件.
- 设置开机启动项
sudo cp /usr/local/mysql-8.0.17-linux-glibc2.12-x86_64/support-files/mysql.server /etc/init.d/mysqld
sudo sed -i 's#basedir=#basedir=/usr/local/mysql-8.0.17-linux-glibc2.12-x86_64#' /etc/init.d/mysqld
sudo sed -i 's#datadir=#datadir=/usr/local/mysql-8.0.17-linux-glibc2.12-x86_64/data#' /etc/init.d/mysqld
- 设置环境变量
sudo vim /etc/profile.d/mysql.sh
export PATH=/usr/local/mysql-8.0.17-linux-glibc2.12-x86_64/bin:$PATH
source /etc/profile.d/mysql.sh
- 修改密码
方法一: 修改密码可通过在初始化时提供的随机密码登录,然后执行/usr/local/mysql/bin/mysqladmin -uroot password 'new password'
方法二:
先通过--skip-grant-tables启动mysql,然后不输入密码登录mysql:
sudo -u mysql /usr/local/mysql-8.0.17-linux-glibc2.12-x86_64/bin/mysqld_safe --user=mysql --skip-grant-tables &
/usr/local/mysql-8.0.17-linux-glibc2.12-x86_64/bin/mysql -u root -S /usr/local/mysql-8.0.17-linux-glibc2.12-x86_64/run/mysql.sock
登录mysql后执行:
mysql> flush privileges; #必须先执行此项
mysql> alter user 'root'@'localhost' identified by 'your new passwd';
#上面的命令改为use mysql;update user set password=PASSWORD('yourpasswd') where user='root';flush privileges;也可以
重启Mysql并用新密码登录(使用systemctl启动mysql需要先重启机器使其生效).
方法三:
修改/etc/my.cnf中[client]段中的#password = your_password
或者在当前用户下创建.my.cnf然后添加[mysqld] user = root host = localhost password = yourpasswd
- 登录时取消指定套接字路径
因为在my.cnf中设置了socket路径,现在每次登录mysql都要通过-S来指定套接字路径,但可通过如下方法让登录mysql时不需要指定套接字路径:
sudo ln -s /usr/local/mysql-8.0.17-linux-glibc2.12-x86_64/run/mysql.sock /tmp/mysql.sock
警告
不指定套接字路径会报错ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
- mysql安全设置
安装完mysql后可通过bin/mysql_secure_installation来移除一些不安全的设置,另可将mysql安装目录的权限可设置为700
sudo chmod -R 700 /usr/local/mysql-8.0.17-linux-glibc2.12-x86_64
但是这样一设置mysql环境变量就不起作用了,每次登录都需要指明mysql文件所在的绝对路径.安全与快捷其实更应注重安全.
另外还需设置sudo chmod 700 /etc/init.d/mysql,这样操作下来至少在管理mysql上更安全些.
安装PHP7.3.8
- 首先安装php依赖包:
sudo yum -y install php-gd php-mbstring php-xml php-mysql php-cli curl curl-devel php-pdo libxml2 libxml2-devel libjpeg libjpeg-devel libpng libpng-devel openssl openssl-devel freetype freetype-devel
- 编译安装php7:
sudo ./configure --prefix=/usr/local/php-7.3.8 --with-config-file-path=/etc \
--with-config-file-scan-dir=/etc/php.d --enable-fpm \
--with-fpm-user=nginx --with-fpm-group=nginx --with-pdo-mysql \
--with-mysql-sock=/tmp/mysql.sock --with-libdir=lib64 \
--with-gd --with-zlib --with-openssl --enable-mbstring --with-freetype-dir=/usr/local
详细的编译参数请参考: PHP编译参数列表 PHP_mysql数据库驱动介绍
编译通过后执行如下命令:
sudo make -j 4
sudo make test
sudo make install
- 安装过程中出现的错误:
错误1: configure: error: Cannot find OpenSSL's libraries
解决办法:
sudo find / -name "libssl.so"
sudo ln -s /usr/lib64/libssl.so /usr/libssl.so
错误2: configure: error: png.h not found
解决办法:
sudo yum -y install libjpeg libjpeg-devel libpng libpng-devel
PHP安装相关的详细信息请参考: PHP安装与配置 PHP运行时配置
配置php
- php.ini配置
从php7.3.8源码文件中复制一份php.ini文件到/etc/目录下:
sudo cp ~/php-7.3.8-src/php.ini-production /etc/php.ini
当文件不存在,则阻止Nginx将请求发送到后端的PHP-FPM模块, 以避免遭受恶意脚本注入的攻击。
将php.ini文件中的配置项cgi.fix_pathinfo设置为 0 。
sudo vim /etc/php.ini
定位到 cgi.fix_pathinfo= 并将其修改为如下所示:
cgi.fix_pathinfo=0
详细的php.ini配置请参考: php.ini配置
提示
上述文件也可去php.ini官方下载地址下载.
- php-fpm配置
sudo cp ~/php-7.3.8-src/sapi/fpm/init.d.php-fpm.in /etc/init.d/php-fpm #php-fpm启动项文件
sudo chmod 755 /etc/init.d/php-fpm
sudo chkconfig --add php-fpm
sudo cp /usr/local/php-7.3.8/etc/php-fpm.conf.default /usr/local/php-7.3.8/etc/php-fpm.conf #php-fpm配置文件
sudo cp /usr/local/php-7.3.8/etc/php-fpm.d/www.conf.default /usr/local/php-7.3.8/etc/php-fpm.d/www.conf #自定义配置文件
另外为了使php-fpm发挥更优的性能还需设置如下项:
sudo vim /usr/local/php-7.3.8/etc/php-fpm.d/www.conf
修改如下值为实际值
user = nginx
group = nginx
pm.max_children = 500
pm.start_servers = 10
pm.min_spare_servers = 7
pm.max_spare_servers = 10
pm.max_requests = 1000
接下来修改php-fpm启动项,修改为如下代码,主要是指明php的安装路径.
#prefix=@prefix@
#exec_prefix=@exec_prefix@
#php_fpm_BIN=@sbindir@/php-fpm
#php_fpm_CONF=@sysconfdir@/php-fpm.conf
#php_fpm_PID=@localstatedir@/run/php-fpm.pid
prefix=/usr/local/php-7.3.8
php_fpm_BIN=/usr/local/php-7.3.8/sbin/php-fpm
php_fpm_CONF=/usr/local/php-7.3.8/etc/php-fpm.conf
php_fpm_PID=/usr/local/php-7.3.8/var/run/php-fpm.pid
详细的php-fpm请参考: PHP-FPM安装与配置
注意
上述php-fpm文件也可去PHP-FPM官方下载地址下载
- php-fpm命令:
启动: sudo /usr/local/php-7.3.8/sbin/php-fpm或者sudo /etc/init.d/php-fpm start
关闭: sudo kill -INT pid(php-fpm master进程号)
重启: sudo kill -USR2 pid(php-fpm master进程号)
警告
/etc/init.d/下自定义脚本全部设置权限700
- php-fpm启动报错:
报错信息: NOTICE: PHP message: PHP Warning: PHP Startup: Unable to load dynamic library 'curl.so'
类似的错误大概有18个。
解决办法:
将/etc/php.d/*.ini文件里面的extension=这一行全部注释即可.
然后用sudo /usr/local/php-7.3.8/bin/php -m查看加载的模块.
PHP与Nginx整合
下面是完整的matomo.conf配置文件:
server{
listen 80;
server_name jk.echoxu.cn;
#return 301 https://$server_name$request_uri;
#if ($scheme = 'http') {
#rewrite ^/(.*)$ https://$host/$1 redirect;
}
rewrite ^/(.*)$ https://jk.echoxu.cn/$1 permanent;
}
server{
listen 443 ssl;
server_name jk.echoxu.cn;
ssl on;
ssl_certificate /opt/nginx/ssl/jk.echoxu.cn.pem;
ssl_certificate_key /opt/nginx/ssl/jk.echoxu.cn.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /opt/nginx/logs/jkAccess.log;
error_log /opt/nginx/logs/jkError.log;
location / {
root /opt/nginx/html/matomo;
index index.php index.html index.htm;
#echo "echoxu:$(openssl passwd -1 echoxu)" > /opt/nginx/conf/vhost/matomo.pass生成秘钥
auth_basic "motoma admin login";
auth_basic_user_file /opt/nginx/conf/vhost/matomo.pass;
}
location ~* \.php$ {
root /opt/nginx/html/matomo;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
详细的配置请参考: PHP与Nginx整合
部署matomo
步骤总结: matomo官方安装文档
1: 将下载好的matomo源码文件解压放到nginx/html目录下并设置权限.
sudo chown -R nginx:nginx /opt/nginx-1.14.0/html/matomo
find /opt/nginx-1.14.0/html/matomo -type f -exec chmod 644 {} \;
find /opt/nginx-1.14.0/html/matomo -type d -exec chmod 755 {} \;
2: 配置nginx.conf添加对php的支持,设置一个server指向matomo源码路径.
3: 建立matomo数据库并创建授权账号:
create database matomo;
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH mysql_native_password BY 'YOUR STRONGER PASSWD';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON matomo.* TO 'matomo'@'localhost';
GRANT FILE ON *.* TO 'matomo'@'localhost';
4: 在需要被统计的网站的<head>放置matomo给的一小段js代码.
5: 给matomo后台登录地址设置验证权限,通过nginx_auth_basic设置.
echo "echoxu:$(openssl passwd -1 echoxu)" > /opt/nginx/conf/vhost/matomo.pass #生成秘钥
location / {
root /opt/nginx/html/matomo;
index index.php index.html index.htm;
#echo "echoxu:$(openssl passwd -1 echoxu)" > /opt/nginx/conf/vhost/matomo.pass生成秘钥
auth_basic "motoma admin login";
auth_basic_user_file /opt/nginx/conf/vhost/matomo.pass;
}
6: SSL Connection
sudo vim /opt/nginx/html/matomo/config/config.ini.php
在[General]段中添加force_ssl = 1
7: 安装GeoIP2,请参考GeoIP2安装
8: LOAD DATA INFILE LOAD DATA INFILE
SHOW VARIABLES LIKE "local_infile";
SET GLOBAL local_infile = 'ON';
SHOW VARIABLES LIKE "secure_file_priv";
9: GD > 2.x + Freetype (graphics) 参考地址
解决办法:
通过如下命令查找有没有安装gd和freetype模块:
sudo /usr/local/php-7.3.8/bin/php -i | grep "FreeType"
sudo /usr/local/php-7.3.8/bin/php -i | grep "GD "
如果没显示则安装:
sudo yum -y install php-gd freetype freetype-devel