Commit 16cadbdb authored by PepijnBoers's avatar PepijnBoers
Browse files

Temp backup

parents
**/.DS_Store
\ No newline at end of file
## Matomo behind reverse proxy.
Let's create a reverse proxy with nginx, we're listening to port 80 and 443 and pass request to multiple matomo installations on different (local) ports.
We want to run two matomo servers, one that does respect DNT and one that does not. Since we want to compare their measures, they need to have their own database. Nginx configurations are stored in `nginx/nginx.conf`. Make sure to update the `server_name` and names of `ssl` certificate/key.
### Matomo (no DNT)
name-matomo: app (5001:80 & 5002:443 - ssl not used internally)
name-db: db
### Matomo (DNT)
name-matomo: app-dnt (5011:80 & 5012:443 - ssl not used internally)
name-db: db-dnt
All containers are started using docker-compose, see the `docker-compose.yml`.
## update config/config.ini.php
Because the secure connection is handled by nginx we can assume that the protocol is secure and send to matomo over http. Add these rules to `config/config.ini.php`:
```
[General]
assume_secure_protocol = 1
[General]
proxy_client_headers[] = HTTP_X_FORWARDED_FOR
proxy_host_headers[] = HTTP_X_FORWARDED_HOST
```
In the second installation (behind sub-path) add in `config/config.ini.php`:
```
[General]
; Use the header HTTP_X_FORWARDED_URI to construct the current script name
proxy_uri_header = 1
```
## Start/stop everything using docker-compose
Use docker-compose to automatically restart failed containers:
```
docker-compose up -d
```
To stop everything type:
```
docker-compose stop
```
- to implement: [ngx_http_mirror_module](https://nginx.org/en/docs/http/ngx_http_mirror_module.html)
- [docker-compose 12 min tutorial](https://www.youtube.com/watch?v=Qw9zlE3t8Ko)
- [tutorial repo](https://github.com/jakewright/tutorials/tree/master/docker/02-docker-compose)
- [nginx and docker reverse proxy](https://www.youtube.com/watch?v=hxngRDmHTM0)
\ No newline at end of file
version: "3"
services:
reverse-proxy:
image: nginx:1.17.10
container_name: reverse_proxy_demo
depends_on:
- app
- db
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ${PWD}/matomo/cert-stuff/ssl:/etc/ssl/private
ports:
- 80:80
- 443:443
restart: on-failure
db:
image: mysql:8.0.19
volumes:
- ${PWD}/data/data:/var/lib/mysql:Z
- ${PWD}/data/backup:/var/lib/backup:Z
- ${PWD}/mysql/setup-db.sql:/docker-entrypoint-initdb.d/setup-db.sql:Z
environment:
- MYSQL_ROOT_PASSWORD=admin
env_file:
- ./db.env
restart: on-failure
app:
image: matomo:3.13.6-apache
depends_on:
- db
links:
- db
volumes:
- ${PWD}/data/app:/var/www/html:z
environment:
- MATOMO_DATABASE_HOST=db
env_file:
- ./db.env
ports:
- 5001:80
- 5002:443
restart: on-failure
db-dnt:
image: mysql:8.0.19
volumes:
- ${PWD}/data-dnt/data:/var/lib/mysql:Z
- ${PWD}/data-dnt/backup:/var/lib/backup:Z
- ${PWD}/mysql/setup-db.sql:/docker-entrypoint-initdb.d/setup-db.sql:Z
environment:
- MYSQL_ROOT_PASSWORD=admin
env_file:
- ./db.env
restart: on-failure
app-dnt:
image: matomo:3.13.6-apache
depends_on:
- db-dnt
links:
- db-dnt
volumes:
- ${PWD}/data-dnt/app:/var/www/html:z
environment:
- MATOMO_DATABASE_HOST=db
env_file:
- ./db.env
ports:
- 5011:80
- 5012:443
restart: on-failure
\ No newline at end of file
## Matomo behind reverse proxy.
Let's create a reverse proxy with nginx, were listening to port 80 and 443 and pass request to matomo installations on different (local) ports.
We want to run two matomo servers, one who does respect DNT and one who doesn't. Since we want to compare there measures, they need to have their own database. Nginx configurations are stored in `nginx/nginx.conf`. Make sure to update the `server_name` and names of `ssl` certificate/key.
### Matomo (no DNT)
name-matomo: app (:5001)
name-db: db (:5002)
### Matomo (DNT)
name-matomo: app-dnt (:5011)
name-db: db-dnt (:5012)
All containers are started using docker-compose, see the `docker-compose.yml`.
## update config/config.ini.php
Because the secure connection is handled by nginx we can assume that the protocol is secure and send to matomo over http. Add these rules to `config/config.ini.php`:
```
[General]
assume_secure_protocol = 1
[General]
proxy_client_headers[] = HTTP_X_FORWARDED_FOR
proxy_host_headers[] = HTTP_X_FORWARDED_HOST
```
## Start/stop everything using docker-compose
Use docker-compose to automatically restart failed containers:
```
docker-compose up -d
```
To stop everything type:
```
docker-compose stop
```
- to implement: [ngx_http_mirror_module](https://nginx.org/en/docs/http/ngx_http_mirror_module.html)
- [docker-compose 12 min tutorial](https://www.youtube.com/watch?v=Qw9zlE3t8Ko)
- [tutorial repo](https://github.com/jakewright/tutorials/tree/master/docker/02-docker-compose)
- [nginx and docker reverse proxy](https://www.youtube.com/watch?v=hxngRDmHTM0)
\ No newline at end of file
#user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1000;
}
http {
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
server {
listen 80 default_server;
server_name _;
#server_name matomo.science.ru.nl;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name localhost 127.0.0.1;
#ssl_certificate /etc/ssl/private/matomo.science.ru.nl.crt;
#ssl_certificate_key /etc/ssl/private/matomo.science.ru.nl.key;
ssl_certificate /etc/ssl/private/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
proxy_pass http://app;
}
location /dnt {
# We do not want to send requests to /dnt but to /, so rewrite!
proxy_set_header X-Forwarded-Uri /dnt;
rewrite ^/dnt(.*) /$1 break;
proxy_pass http://app-dnt;
}
}
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment