πŸ‘ˆπŸΌ πŸ•ΈπŸ’ πŸ‘‰πŸΌ
Skip to main content

Arne Govaerts

Running Known with Matomo and Caddy #1

4 min read

In this short series I will talk about my current setup, and my experience setting up Caddy in front of Known and Matomo. (tldr; it has been great so far). I will do this in a more tutorial like form, mostly in order to properly document everything.

For the current setup I use Hetzner Cloud. For now it only runs Caddy, MariaDB, PHP-FPM (for Known and Matomo). SSL certificates are provided by Let's Encrypt (via Caddy). I assume that you have PHP, MariaDB and PHP-FPM installed already (should be 7.2 or higher).

In case you haven't, you can install the latest version with:

sudo apt install -y php7.4 php7.4-fpm php7.4-curl php7.4-gd php7.4-cli php7.4-mysql php-xml php7.4-mbstring
sudo apt install -y mariadb-server
sudo mysql_secure_installation

If you got everything up and running, your Caddyfile will look something like this (replace phpx.x with your PHP version):

www.example.com {
    redir https://example.com{uri}
}

example.com {
    root * /var/www/example.com

    encode zstd gzip

    @deny_access_to_files path_regexp deny_access_to_files ^/.*(\.ht|\.xml|\.ini|\.json|\.lock|\.bak|\.git)(|hub)$
    respond @deny_access_to_files "Access Denied" 403
    @deny_access_to_config path_regexp deny_access_to_config ^/configuration/*
    respond @deny_access_to_config "Access Denied" 403

    @css path_regexp css ^/csss/[0-9]+/(.*)$
    rewrite @css /css/{re.css.1}
    @js path_regexp js ^/csss/[0-9]+/(.*)$
    rewrite @js /js/{re.js.1}

    php_fastcgi unix//run/php/phpx.x-fpm.sock
    file_server

    try_files {path} /index.php?{query}
}

matomo.example.com {
    root * /var/www/matomo.example.com

    encode zstd gzip

    php_fastcgi unix//run/php/phpx.x-fpm.sock
    file_server

    try_files {path} /index.php?{query}
}

But first things first: Install Caddy

# Install Caddy to /usr/local/bin/caddy
curl https://getcaddy.com | bash -s personal hook.service

# Setup a document root for your site
sudo mkdir -p /var/www/example.com
sudo chown -R www-data:www-data /var/www/example.com

# Add a Caddyfile
sudo mkdir -p /etc/caddy
sudo chown -R www-data:www-data /etc/caddy

For now, something like this is fine:

example.com {
    root * /var/ww/example.com
}

Now we only need to start caddy as a sysemd service:

sudo caddy -service install
sudo systemctl start caddy
sudo systemctl status caddy # most say active

If everything works fine, you can start installing Known. The easiest way to do this, is using a combination of Git and Composer:

cd /var/www/example.com
git clone https://github.com/idno/known.git
composer install

And replace your Caddyfile with:

www.example.com {
    redir https://example.com{uri}
}

example.com {
    root * /var/www/example.com

    encode zstd gzip

    @deny_access_to_files path_regexp deny_access_to_files ^/.*(\.ht|\.xml|\.ini|\.json|\.lock|\.bak|\.git)(|hub)$
    respond @deny_access_to_files "Access Denied" 403
    @deny_access_to_config path_regexp deny_access_to_config ^/configuration/*
    respond @deny_access_to_config "Access Denied" 403

    @css path_regexp css ^/csss/[0-9]+/(.*)$
    rewrite @css /css/{re.css.1}
    @js path_regexp js ^/csss/[0-9]+/(.*)$
    rewrite @js /js/{re.js.1}

    php_fastcgi unix//run/php/phpx.x-fpm.sock
    file_server

    try_files {path} /index.php?{query}
}

And restart the Caddy service and make a new database (this will be the same for Matomo):

sudo systemctl restart caddy
sudo systemctl status caddy
mysql -u root -p
CREATE DATABASE new_database;
grant all privileges on new_database.* TO 'new_user'@'localhost' identified by 'new_password';
flush privileges;
exit

Now you can continue installing Known in the browser.