Ansible Role: Matomo

This role sets up Matomo on Debian and Ubuntu servers.

You'll need to do some initial configuration using the web interface.

Known Issues

None.

Requirements

No special requirements; just make sure you have root access. You can run it in a playbook with a global become: yes, or use this method in your playbook:

- hosts: foobar
  roles:
    - role: thorian93.matomo
      become: yes

Role Variables

Here are the available variables along with their default values (check defaults/main.yml):

matomo_version: ''

Set to an explicit version (like 4.2.1). By default, it installs the latest version.

matomo_external_url: "{{ inventory_hostname }}"

The external URL where Matomo will be accessible.

matomo_use_proxy: false

Specify if Matomo needs a proxy for internet access.

matomo_create_self_signed_cert: true
matomo_self_signed_cert_subj: "/C=DE/ST=FOO/L=BAR/O=Org/CN={{ matomo_external_url }}"
matomo_self_signed_certificate_key: "/etc/{{ apache2_http_name }}/ssl/matomo.key"
matomo_self_signed_certificate: "/etc/{{ apache2_http_name }}/ssl/matomo.crt"

Set up self-signed certificates as needed.

matomo_custom_cert: false
matomo_custom_cert_file: /etc/{{ apache2_http_name }}/ssl/custom.crt
matomo_custom_cert_key: /etc/{{ apache2_http_name }}/ssl/custom.key

If you want to use your own certificate, you can define it here.

matomo_certificate_key: "{{ certbot_cert_path }}/privkey.pem"
matomo_certificate: "{{ certbot_cert_path }}/cert.pem"
matomo_certificate_chain: "{{ certbot_cert_path }}/fullchain.pem"

If both matomo_create_self_signed_cert and matomo_custom_cert are set to false, thorian93.certbot will be used to get certificates.

matomo_db_system: "mysql"
matomo_db_name: "matomo"
matomo_db_user: "matomo"
matomo_db_pw: "matomo"

Set your database settings. Currently, only MySQL/MariaDB is supported. Remember to change the default user and password.

matomo_redirect_http_to_https: true

Set whether to automatically redirect all requests to HTTPS.

matomo_backup: false
matomo_backup_dir: "/tmp/matomo"

Configure backups for Matomo.

matomo_log_dir: "/tmp/matomo/logs"

The directory for custom logging, for example, backups.

matomo_web_dir: "/var/www/matomo"

Define the webroot of Matomo.

matomo_scripts_dir: "{{ matomo_web_dir }}/scripts"

The directory for custom scripts, like backups.

matomo_php_options:
  - line: "php_value open_basedir {{ matomo_web_dir }}:/usr/share/php:/usr/share/pear"
    regexp: "^php_value open_basedir"

Set PHP options for Matomo. The defaults provided are essential for Matomo to function correctly.

matomo_mysql_options:
  - line: "max_allowed_packet = 64M"
    regexp: "^max_allowed_packet.*"

Set MySQL options for Matomo. The defaults provided are necessary for Matomo to work properly.

Dependencies

• thorian93.ansible-role-apache2
• thorian93.ansible-role-php
• thorian93.ansible-role-certbot - for when a custom or self-signed certificate is not used
• geerlingguy.mysql

OS Compatibility

This role checks if it's being used with supported operating systems by verifying the right distribution and major version number in a specific variable called <role-name>_stable_os. You can find this variable in the defaults/main.yml file:

role_stable_os:
  - Debian 10
  - Ubuntu 18
  - CentOS 7
  - Fedora 30

If the distribution and version don't match the target system, the role will fail. You can add the distribution and version to make it work, but please test it first!

Thanks to HarryHarcourt for this idea!

Example Playbook

---
- name: "Run role."
  hosts: all
  become: yes
  roles:
    - ansible-role-matomo

Contributing

Feel free to report any bugs, issues, or suggestions for improvement. You can also contact me anytime to ask or discuss anything.

Disclaimer

This role is provided AS IS. I cannot guarantee it will work as intended and won't be responsible for any damage or misconfigurations caused by it. Please review the role carefully before using it.

License

MIT

Author Information

This role was created in 2020 by Thorian93.