Matomo is a self-hosted free & open source alternative to Google Analytics.
Matomo gives us better control of what is tracked, how long it is stored & what we can do with the data. We would like to collect as little data as possible & share it with the world in safe ways as much as possible. Matomo is an important step in making this possible.
Matomo is a PHP+MySQL application. We use the apache based upstream docker image to run it. We can improve performance in the future if we wish by switching to nginx+fpm.
nginx+fpm
We use Google CloudSQL for MySQL to provision a fully managed, standard mysql database. The sidecar pattern is used to connect Matomo to this database. A service account with appropriate credentials to connect to the database has been provisioned & checked-in to the repo. A MySQL user with name matomo & a MySQL database with name matomo should also be created in the Google Cloud Console.
matomo
Matomo is a PHP application, and this has a number of drawbacks. The initial install `must <https://github.com/matomo-org/matomo/issues/10257>`_ be completed with a manual web interface. Matomo will error if it finds a complete config.ini.php file (which we provide) but no database tables exist.
config.ini.php
The first time you install Matomo, you need to do the following:
kubectl --namespace=<namespace> exec -it <matomo-pod> /bin/bash
rm config/config.ini.php
This is not ideal.
The admin username for Matomo is admin. You can find the password in secret/staging.yaml for staging & secret/prod.yaml for prod.
admin
secret/staging.yaml
secret/prod.yaml
PHP code is notoriously hard to secure. Matomo has had security audits, so it’s not the worst. However, we should treat it with suspicion & wall off as much of it away as possible. Arbitrary code execution vulnerabilities often happen in PHP, so we gotta use that as our security model.
We currently have: