Install Piwik web analytics tool on Debian
Piwik is a Web access statistics free software willing to be an alternative to Google Analytics. This howto help you to install it on Debian.
This how-to is tested on :
- Debian 6.0 Squeeze
- Debian 7.0 Wheezy
This how-to is tested with these versions of Piwik :
- 1.8
- 1.11.1
Prerequisites
This how-to needs :
- a2tools, a script easing Apache 2 server administration.
- a HTTP server with PHP, as described by Install PHP-FPM on Debian.
- a MySQL server, as described by Install and setup MySQL on Debian.
- mysql-tools, a script easing MySQL server administration on localhost (and MySQL server host, if other).
Parameters
Provide the domain name where the software will be available:
DOMAIN="piwik.domain.com"
Provide the MySQL server host:
MYSQL_HOST="localhost"
If the MySQL server is not local, the mysql-tools script will try to connect with MySQL client, or in case of connection failure, through SSH.
Provide the name of the SSL certificate to use (created by following Create a SSL / TLS certificate on Debian) (optionnal, recommended):
SSL_KEY_NAME="${DOMAIN}"
Installation
Compute the installation path:
INSTALL_PATH="/opt/piwik/${DOMAIN}"
Compute the cache path:
CACHE_PATH="/var/cache/piwik/${DOMAIN}"
Make sure that the parent folder exists :
command mkdir --parent "$(command dirname "${INSTALL_PATH}")"
Environment preparation
Install the needed software :
command apt-get install apg unzip php5-mysql php5-gd php5-cli
Adjust PHP configuration to the application needs :
command php-tools --for="piwik" --set "memory_limit" "128M"
command php-tools --for="piwik" --set "suhosin.request.max_value_length" "2048"
command php-tools --for="piwik" --set "suhosin.get.max_value_length" "2048"
Reload PHP configuration :
test -e '/etc/init.d/php5-fpm' && command service 'php5-fpm' 'restart'
test -e '/etc/init.d/apache2' && command service 'apache2' 'force-reload'
Application installation
Download application latest version :
command wget "http://piwik.org/latest.zip" \ --output-document="/tmp/piwik.zip"
Extract the archive :
command unzip -d "/tmp" "/tmp/piwik.zip" "piwik/*"
Delete the archive :
command rm "/tmp/piwik.zip"
Move the source folder to the install path :
command mv "/tmp/piwik/" "${INSTALL_PATH}"
Allow the application to update its configuration files :
command chown -R www-data:www-data "${INSTALL_PATH}/config"
Setup the HTTP server virtual host :
if [ -n "${SSL_KEY_NAME}" -a -e "/etc/ssl/private/${SSL_KEY_NAME}.key" ]; then
command a2tools --ssl="${SSL_KEY_NAME}" "${DOMAIN}" "${INSTALL_PATH}"
fi
command a2tools "${DOMAIN}" "${INSTALL_PATH}"
The application is now available on the specified domain name with HTTP and HTTPS protocols if possible.
Conformity with LSB
Move cache folders to fit Linux Standard Base :
command mkdir --parent "$(command dirname "${CACHE_PATH}")"
if [ -d "${INSTALL_PATH}/tmp" ]; then command mv "${INSTALL_PATH}/tmp" "${CACHE_PATH}" command chown -R www-data:www-data "${CACHE_PATH}" command ln -s "${CACHE_PATH}" "${INSTALL_PATH}/tmp" fi
Database creation
Create the database :
command mysql-tools --server="${MYSQL_HOST}" --with-ssh \
--auto-hosts --db-prefix="piwik" --create "${DOMAIN}"
Write down the provided informations.
Initial setup
Start the tool initial setup by browsing the URL provided by :
echo "http://${DOMAIN}/"
Setup the application to use the previously created database.
Important : In order to harden security against SQL injection attacks, use a random table prefix such as the one generated by :
echo "Table prefix for Piwik : $(command apg -q -a 0 -n 1 -M NCL)_"
Create a random password for the administration account :
echo "Admin account password : '$(command apg -q -a 0 -n 1 -M NCL)'"
Hardening security
One the application correctly configured, harden the security by restricting write access to config folder :
command chown -R root:root "${INSTALL_PATH}/config"
Advanced setup
Most of the following configurations need the "[General]" section in the configuration file. Make sure it is the case :
if [ -z "$(command grep "[General]" "${INSTALL_PATH}/config/config.ini.php")" ]; then command echo " [General]" >> "${INSTALL_PATH}/config/config.ini.php" fi
Datas auto-archiving
If the watched sites generate lots of traffic, it is best to setup regular data archiving for usage in the tool web user interface.
Setup the auto-archiving script in the cron.hourly folder in order for it to be run each hour :
command touch "/var/log/piwik-archive-${DOMAIN}.log"
command chown www-data:adm "/var/log/piwik-archive-${DOMAIN}.log"
CLEAN_DOMAIN="$(echo "${DOMAIN}" | command tr '.' '-')" echo -e "# Hourly archiving for ${DOMAIN}. 0 * * * * www-data test -f ${INSTALL_PATH}/console -a -x /usr/bin/php5 && /usr/bin/php5 ${INSTALL_PATH}/console core:archive --url='http://${DOMAIN}' > '/var/log/piwik-archive-${DOMAIN}.log'" \ > "/etc/cron.d/${CLEAN_DOMAIN}" command service 'cron' 'reload'
Check that the archiving script is working :
su www-data -c "/bin/sh ${INSTALL_PATH}/misc/cron/archive.sh"
Disabling the Web user interface archiving
If the watched sites generate lots of traffic, it is recommended to disable the data archiving when a user use the Web interface :
command sed -i -e '/\[General\]/a\ time_before_archive_considered_outdated = 3600 \ enable_browser_archiving_triggering = false' \ "${INSTALL_PATH}/config/config.ini.php"
Force HTTPS usage for login
If possible (HTTPS access working), force the use of HTTPS protocol for users login :
command sed -i -e '/\[General\]/a\ force_ssl = 1' \ "${INSTALL_PATH}/config/config.ini.php"
Reverse proxy usage
If you use a reverse proxy, setup the to to fetch the visitors IP address in XForwardedFor HTTP header :
command sed -i -e '/\[General\]/a\ proxy_client_headers[] = "HTTP_X_FORWARDED_FOR"' \ "${INSTALL_PATH}/config/config.ini.php"
An other way to do this is if you use a Apache 2 server is to use the setup described by Get the real IP address of a visitor accessing to a Apache 2 server behind a reverse proxy.
If the reverse proxy has working HTTPS support, tell the application to use it when needed:
command sed -i -e '/\[General\]/a\ assume_secure_protocol = 1' \ "${INSTALL_PATH}/config/config.ini.php"
Backups
Backup the installation with Backup Manager (see Install and setup Backup Manager on Debian) :
command backup-manager-tools add "${INSTALL_PATH}"
Don't forget to backup the database (see Install and setup MySQL on Debian)
Software upgrade
Provide the application domain name :
DOMAIN="piwik.domain.com"
Compute the installation path :
INSTALL_PATH="/opt/piwik/${DOMAIN}"
Clean-up the path :
INSTALL_PATH="$(echo "${INSTALL_PATH}" | sed -e 's|/$||g')"
Download the tool latest version :
command wget 'http://piwik.org/latest.zip' \ --output-document='/tmp/piwik.zip'
Extract the archive :
command unzip -d "/tmp" "/tmp/piwik.zip" "piwik/*"
Get the previous installation data :
command cp -a "${INSTALL_PATH}/config/config.ini.php" "/tmp/piwik/config/" command rm -r "/tmp/piwik/tmp" command cp -a "${INSTALL_PATH}/tmp" "/tmp/piwik/tmp"
Backup the obsolete installation :
command mv "${INSTALL_PATH}" "${INSTALL_PATH}.old"
Install the new version :
command mv "/tmp/piwik" "${INSTALL_PATH}"
Upgrade the database :
if [[ -e "${INSTALL_PATH}/console" ]]; then
command su www-data -c "command php '${INSTALL_PATH}/console' core:update"
else
command su www-data -c "command php '${INSTALL_PATH}/index.php' -- 'module=CoreUpdater'"
fi
The application is no up-to-date. Empty the PHP cache :
test -e '/etc/init.d/php5-fpm' && command service 'php5-fpm' 'restart'
test -e '/etc/init.d/apache2' && command service 'apache2' 'force-reload'
Check that everything work, and delete the downloaded file and the previous installation backup :
command rm "/tmp/piwik.zip" command rm -r "${INSTALL_PATH}.old"
Thanks
- Thanks to Piwik (en) developers.
- Thanks to the author of How to setup auto archiving of your reports every night (en).