How To Install Matomo on Debian 11

In this tutorial, we will show you how to install Matomo on Debian 11. For those of you who didn’t know, Matomo (formerly Piwik) is an open-source analytics platform, an open alternative to Google Analytics. It provides users with detailed reports of their websites, search engines and keywords used by the visitors, their language and geographical location, pages they visit, and many more. Matomo provides a lot of features such as Google AdWords, Facebook Ads, Yahoo, Search Marketing, Tracking and Reporting API, and Cost Per Click (CPC).

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Matomo open-source analytics platform on a Debian 11 (Bullseye).

Prerequisites

• A server running one of the following operating systems: Debian 10 or Debian 11.
• It’s recommended that you use a fresh OS install to prevent any potential issues.
• SSH access to the server (or just open Terminal if you’re on a desktop).
• A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Matomo on Debian 11 Bullseye

Step 1. Before we install any software, it’s important to make sure your system is up to date by running the following apt commands in the terminal:

sudo apt update
sudo apt upgrade

Step 2. Installing the LAMP stack.

A Debian 11 LAMP server is required. If you do not have LAMP installed, Please read our previous tutorial to install LAMP Server on Debian 11.

Step 3. Installing Matomo on Debian 11.

By default, Matomo is not available on Debian 11 base repository. So, now we download the latest stable version of Matomo from the official page:

sudo mkdir -p /var/www/matomo
wget http://builds.matomo.org/matomo-latest.zip

Next, unzip the downloaded file and move the extracted files:

sudo unzip matomo-latest.zip
sudo mv matomo/* /var/www/matomo

We will need to change some folders permissions:

sudo chown -R www-data:www-data /var/www/matomo
sudo chmod -R 755 /var/www/matomo

Step 4. Configuring MariaDB.

By default, MariaDB is not hardened. You can secure MariaDB using the mysql_secure_installation script. You should read and below each step carefully which will set the root password, remove anonymous users, disallow remote root login, and remove the test database and access to secure MariaDB:

mysql_secure_installation

Configure it like this:

- Set root password? [Y/n] y
- Remove anonymous users? [Y/n] y
- Disallow root login remotely? [Y/n] y
- Remove test database and access to it? [Y/n] y
- Reload privilege tables now? [Y/n] y

Next, we will need to log in to the MariaDB console and create a database for Matomo. Run the following command:

mysql -u root -p

This will prompt you for a password, so enter your MariaDB root password and hit Enter. Once you are logged in to your database server, you need to create a database for Matomo installation:

MariaDB [(none)]> CREATE DATABASE matomo_db;
MariaDB [(none)]> CREATE USER 'matomo_user'@'localhost' IDENTIFIED BY 'your-strong-password';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON matomo_db.* to matomo_user@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit

Step 5. Configure Apache.

Now create an Apache virtual host configuration file to serve Matomo. You can create it with the following command below:

sudo nano /etc/apache2/sites-available/matomo.conf

Add the following file:

<VirtualHost *:80>

ServerAdmin admin@your-domain.com
ServerName your-domain.com
DocumentRoot /var/www/matomo/

<Directory /var/www/matomo>
DirectoryIndex index.php
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>

<Files "console">
Options None
Require all denied
</Files>

<Directory /var/www/matomo/misc/user>
Options None
Require all granted
</Directory>

<Directory /var/www/matomo/misc>
Options None
Require all denied
</Directory>

<Directory /var/www/matomo/vendor>
Options None
Require all denied
</Directory>

ErrorLog ${APACHE_LOG_DIR}/matomo_error.log
CustomLog ${APACHE_LOG_DIR}/matomo_access.log combined

</VirtualHost>

Save and close the file, then restart the Apache webserver so that the changes take place:

sudo a2ensite matomo.conf
sudo a2enmod rewrite ssl
sudo systemctl restart apache2

Step 6. Installing the Let’s Encrypt Certificates.

First, install Certbot to your Debian system using the following command below:

sudo apt install certbot python3-certbot-apache

Then, generate the certificates, with the following command:

sudo certbot --apache -d [your-domain.com]

You will then be prompted to enter an email address for the certificate. After you have entered that you must agree to the T&C’s and decide if you want to share your email address with the Electronic Frontier Foundation. This last step is optional. Once successfully, Reload Apache again to load all the new configurations.

Step 7. Configure Firewall.

By default, the UFW firewall is enabled on Debian. Depending on your Apache virtual host configuration file, open ports 80 and 443 to allow HTTP and HTTPS traffic:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw reload

Step 8. Accessing Matomo Web Interface.

Once successfully installed, open your web browser and access the Matomo using the URL https://your-domian.com. You will be redirected to the Matomo interface page:

Congratulations! You have successfully installed Matomo. Thanks for using this tutorial for installing the latest version of the Matomo open-source analytics platform on Debian 11 Bullseye. For additional help or useful information, we recommend you check the official Matomo website.