From 91a1cb8e8d836676c0e98dadf66e2db2acf13636 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sat, 18 Nov 2023 20:02:55 +0100 Subject: [PATCH] implemented cross-domain matomo tracking on nginx level --- README.md | 27 ++++--------- group_vars/all | 7 +++- playbook.yml | 8 ++-- roles/docker-akaunting/meta/main.yml | 2 +- roles/docker-akaunting/tasks/main.yml | 2 +- roles/docker-attendize/meta/main.yml | 2 +- roles/docker-attendize/tasks/main.yml | 4 +- roles/docker-baserow/meta/main.yml | 2 +- roles/docker-baserow/tasks/main.yml | 2 +- roles/docker-bigbluebutton/meta/main.yml | 2 +- roles/docker-elk/meta/main.yml | 2 +- roles/docker-elk/tasks/main.yml | 2 +- roles/docker-funkwhale/meta/main.yml | 2 +- roles/docker-funkwhale/tasks/main.yml | 2 +- roles/docker-gitea/meta/main.yml | 2 +- roles/docker-gitea/tasks/main.yml | 2 +- roles/docker-jenkins/meta/main.yml | 2 +- roles/docker-jenkins/tasks/main.yml | 2 +- roles/docker-joomla/meta/main.yml | 2 +- roles/docker-joomla/tasks/main.yml | 2 +- roles/docker-mailu/meta/main.yml | 2 +- roles/docker-mailu/tasks/main.yml | 2 +- roles/docker-mastodon/meta/main.yml | 2 +- .../templates/mastodon.conf.j2 | 7 +++- roles/docker-matomo/README.md | 2 +- roles/docker-matomo/meta/main.yml | 2 +- roles/docker-matomo/tasks/main.yml | 2 +- roles/docker-mediawiki/meta/main.yml | 2 +- roles/docker-mediawiki/tasks/main.yml | 2 +- roles/docker-mybb/meta/main.yml | 2 +- roles/docker-mybb/tasks/main.yml | 2 +- roles/docker-nextcloud/meta/main.yml | 2 +- .../templates/nextcloud.conf.j2 | 6 ++- roles/docker-peertube/meta/main.yml | 2 +- .../templates/peertube.conf.j2 | 5 +++ roles/docker-pixelfed/meta/main.yml | 2 +- roles/docker-pixelfed/tasks/main.yml | 2 +- roles/docker-roulette-wheel/meta/main.yml | 2 +- roles/docker-roulette-wheel/tasks/main.yml | 2 +- roles/docker-wordpress/meta/main.yml | 2 +- roles/docker-wordpress/tasks/main.yml | 2 +- roles/docker-yourls/meta/main.yml | 2 +- roles/docker-yourls/tasks/main.yml | 2 +- .../README.md | 2 +- .../meta/main.yml | 0 .../templates/domain.conf.j2 | 5 +++ .../templates/proxy_pass.conf.j2 | 0 .../templates/homepage.nginx.conf.j2 | 4 ++ roles/nginx-matomo-tracking/Readme.md | 35 +++++++++++++++++ roles/nginx-matomo-tracking/tasks/main.yml | 38 +++++++++++++++++++ .../templates/matomo-tracking.conf.j2 | 5 +++ .../templates/matomo-tracking.js.j2 | 14 +++++++ roles/nginx-matomo-tracking/vars/main.yml | 2 + roles/nginx/tasks/main.yml | 5 +++ 54 files changed, 182 insertions(+), 64 deletions(-) rename roles/{docker-reverse-proxy => nginx-docker-reverse-proxy}/README.md (96%) rename roles/{docker-reverse-proxy => nginx-docker-reverse-proxy}/meta/main.yml (100%) rename roles/{docker-reverse-proxy => nginx-docker-reverse-proxy}/templates/domain.conf.j2 (61%) rename roles/{docker-reverse-proxy => nginx-docker-reverse-proxy}/templates/proxy_pass.conf.j2 (100%) create mode 100644 roles/nginx-matomo-tracking/Readme.md create mode 100644 roles/nginx-matomo-tracking/tasks/main.yml create mode 100644 roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2 create mode 100644 roles/nginx-matomo-tracking/templates/matomo-tracking.js.j2 create mode 100644 roles/nginx-matomo-tracking/vars/main.yml diff --git a/README.md b/README.md index 5f42e8d7..27f336e3 100644 --- a/README.md +++ b/README.md @@ -33,29 +33,11 @@ This software shipts the following tools which are natively setup on the server: - [Backups Cleanup](./roles/cleanup-backups-timer/README.md) - Cleans up old backups - [Btrfs Health Check](./roles/health-btrfs/README.md) - Checks the health of Btrfs file systems - [Docker Health Check](./roles/health-docker-container/) - Checks the health of docker containers -- [Docker Reverse Proxy](./roles/docker-reverse-proxy/README.md) - Docker Reverse Proxy Solution +- [Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy/README.md) - Docker Reverse Proxy Solution - [Docker Volume Backup](./roles/backup-docker-to-local/) - Backup Solution for Docker Volumes - [Pull Primary Backups](./roles/backup-remote-to-local/README.md) - Pulls the backups from another server and stores them - [Wireguard](./roles/wireguard/README.md) - Integrates the server in an wireguard vpn -### Server Administration - -#### Cleanup docker -``bash -docker stop $(docker ps -aq); docker rm $(docker ps -aq); docker volume rm $(docker volume ls -q); -`` - -#### Restart - -To mercifull restart the server and to prevent data lost type in: - -``bash -docker stop $(docker ps -a -q) && systemctl stop docker && shutdown -r +2 "The system will shutdown in 2 minutes" -`` - -May it's neccessary to restart some of the the docker containers manual afterwards. - - ## Personal Computers This playbooks offers the setup of Manjaro GNOME clients. @@ -84,6 +66,13 @@ Run: ansible-galaxy collection install -r requirements.yml ``` +## Addidional Parameters + +- activate_all_timers (bool): Activates matomo tracking on all html pages +- nginx_matomo_tracking_active (bool): Activates matomo tracking on all html pages + +The role specific parameters are descriped in the readme.md of the roles + ## Author Kevin Veen-Birkenbach diff --git a/group_vars/all b/group_vars/all index 27f0135b..b6cad69d 100644 --- a/group_vars/all +++ b/group_vars/all @@ -29,4 +29,9 @@ size_percent_cleanup_disc_space: 90 path_administrator_home: "/home/administrator/" path_administrator_scripts: "{{path_administrator_home}}scripts/" path_docker_volumes: "{{path_administrator_home}}volumes/docker/" -path_docker_compose_files: "{{path_administrator_home}}docker-compose/" \ No newline at end of file +path_docker_compose_files: "{{path_administrator_home}}docker-compose/" + +# Runtime Variables +activate_all_timers (bool): false # Activates all timers, independend if the handlers had been triggered +nginx_matomo_tracking_active: false # Activates matomo tracking on all html pages +execute_updates: true # Executes updates \ No newline at end of file diff --git a/playbook.yml b/playbook.yml index c4203ca5..1cd6660f 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,9 +1,11 @@ --- -- name: general setup +- name: general setup hosts: all become: true + tasks: roles: - - update + - role: update + when: execute_updates is true - name: servers host setup hosts: servers @@ -36,7 +38,7 @@ # Native Webserver Roles - name: setup nginx-homepages - hosts: nginx-homepage + hosts: homepage become: true roles: - role: nginx-homepage diff --git a/roles/docker-akaunting/meta/main.yml b/roles/docker-akaunting/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-akaunting/meta/main.yml +++ b/roles/docker-akaunting/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-akaunting/tasks/main.yml b/roles/docker-akaunting/tasks/main.yml index 7881fc9f..4537a21a 100644 --- a/roles/docker-akaunting/tasks/main.yml +++ b/roles/docker-akaunting/tasks/main.yml @@ -3,7 +3,7 @@ command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} - name: configure {{domain}}.conf - template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx - name: register directory diff --git a/roles/docker-attendize/meta/main.yml b/roles/docker-attendize/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-attendize/meta/main.yml +++ b/roles/docker-attendize/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-attendize/tasks/main.yml b/roles/docker-attendize/tasks/main.yml index 7b00cfa0..a2fe7b7c 100644 --- a/roles/docker-attendize/tasks/main.yml +++ b/roles/docker-attendize/tasks/main.yml @@ -7,13 +7,13 @@ - name: configure {{domain}}.conf template: - src: roles/docker-reverse-proxy/templates/domain.conf.j2 + src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest: /etc/nginx/conf.d/{{domain}}.conf notify: restart nginx #- name: configure {{ mail_interface_domain }}.conf # template: -# src: roles/docker-reverse-proxy/templates/domain.conf.j2 +# src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 # dest: /etc/nginx/conf.d/{{ mail_interface_domain }}.conf # vars: # http_port: "{{ mail_interface_http_port }}" diff --git a/roles/docker-baserow/meta/main.yml b/roles/docker-baserow/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-baserow/meta/main.yml +++ b/roles/docker-baserow/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-baserow/tasks/main.yml b/roles/docker-baserow/tasks/main.yml index 01b6d889..728f93f8 100644 --- a/roles/docker-baserow/tasks/main.yml +++ b/roles/docker-baserow/tasks/main.yml @@ -3,7 +3,7 @@ command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} - name: configure {{domain}}.conf - template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx - name: "create {{docker_compose_path}}" diff --git a/roles/docker-bigbluebutton/meta/main.yml b/roles/docker-bigbluebutton/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-bigbluebutton/meta/main.yml +++ b/roles/docker-bigbluebutton/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-elk/meta/main.yml b/roles/docker-elk/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-elk/meta/main.yml +++ b/roles/docker-elk/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-elk/tasks/main.yml b/roles/docker-elk/tasks/main.yml index c965fbd5..d38de01d 100644 --- a/roles/docker-elk/tasks/main.yml +++ b/roles/docker-elk/tasks/main.yml @@ -4,7 +4,7 @@ command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} - name: configure {{domain}}.conf - template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx - name: create elasticsearch-sysctl.conf diff --git a/roles/docker-funkwhale/meta/main.yml b/roles/docker-funkwhale/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-funkwhale/meta/main.yml +++ b/roles/docker-funkwhale/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-funkwhale/tasks/main.yml b/roles/docker-funkwhale/tasks/main.yml index fbc08e90..b9303812 100644 --- a/roles/docker-funkwhale/tasks/main.yml +++ b/roles/docker-funkwhale/tasks/main.yml @@ -3,7 +3,7 @@ command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} - name: configure {{domain}}.conf - template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx - name: "create {{docker_compose_path}}" diff --git a/roles/docker-gitea/meta/main.yml b/roles/docker-gitea/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-gitea/meta/main.yml +++ b/roles/docker-gitea/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-gitea/tasks/main.yml b/roles/docker-gitea/tasks/main.yml index 71d1210b..84048467 100644 --- a/roles/docker-gitea/tasks/main.yml +++ b/roles/docker-gitea/tasks/main.yml @@ -3,7 +3,7 @@ command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} - name: configure {{domain}} https - template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx - name: "create {{path_docker_compose_folder}}" diff --git a/roles/docker-jenkins/meta/main.yml b/roles/docker-jenkins/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-jenkins/meta/main.yml +++ b/roles/docker-jenkins/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-jenkins/tasks/main.yml b/roles/docker-jenkins/tasks/main.yml index bcc2435c..2f99b428 100644 --- a/roles/docker-jenkins/tasks/main.yml +++ b/roles/docker-jenkins/tasks/main.yml @@ -2,7 +2,7 @@ command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} - name: configure {{domain}}.conf - template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx - name: "docker jenkins" diff --git a/roles/docker-joomla/meta/main.yml b/roles/docker-joomla/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-joomla/meta/main.yml +++ b/roles/docker-joomla/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-joomla/tasks/main.yml b/roles/docker-joomla/tasks/main.yml index c77cc4a7..8dc18a6e 100644 --- a/roles/docker-joomla/tasks/main.yml +++ b/roles/docker-joomla/tasks/main.yml @@ -3,7 +3,7 @@ command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} - name: configure {{domain}}.conf - template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx - name: "create {{path_docker_compose_folder}}" diff --git a/roles/docker-mailu/meta/main.yml b/roles/docker-mailu/meta/main.yml index c9901d26..05516281 100644 --- a/roles/docker-mailu/meta/main.yml +++ b/roles/docker-mailu/meta/main.yml @@ -1,3 +1,3 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy - systemd_notifier diff --git a/roles/docker-mailu/tasks/main.yml b/roles/docker-mailu/tasks/main.yml index 6d72f031..bd8dca4c 100644 --- a/roles/docker-mailu/tasks/main.yml +++ b/roles/docker-mailu/tasks/main.yml @@ -6,7 +6,7 @@ - name: configure {{domain}}.conf vars: client_max_body_size: "31M" - template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx - name: "create {{path_docker_compose_files}}mailu" diff --git a/roles/docker-mastodon/meta/main.yml b/roles/docker-mastodon/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-mastodon/meta/main.yml +++ b/roles/docker-mastodon/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-mastodon/templates/mastodon.conf.j2 b/roles/docker-mastodon/templates/mastodon.conf.j2 index 6e688bb6..ae5aa6ad 100644 --- a/roles/docker-mastodon/templates/mastodon.conf.j2 +++ b/roles/docker-mastodon/templates/mastodon.conf.j2 @@ -8,6 +8,11 @@ server { {% include 'roles/letsencrypt/templates/ssl_header.j2' %} + {% if nginx_matomo_tracking_active | default(False) %} + {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} + {% endif %} + + keepalive_timeout 70; sendfile on; client_max_body_size 80m; @@ -23,7 +28,7 @@ server { add_header Strict-Transport-Security "max-age=31536000"; - {% include 'roles/docker-reverse-proxy/templates/proxy_pass.conf.j2' %} + {% include 'roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2' %} location /api/v1/streaming { proxy_set_header Host $host; diff --git a/roles/docker-matomo/README.md b/roles/docker-matomo/README.md index 261df2b4..6c25ebfb 100644 --- a/roles/docker-matomo/README.md +++ b/roles/docker-matomo/README.md @@ -18,7 +18,7 @@ This Ansible role deploys a Matomo analytics platform instance using Docker. ## Dependencies -- `docker-reverse-proxy`: An Ansible role for configuring the reverse proxy. +- `nginx-docker-reverse-proxy`: An Ansible role for configuring the reverse proxy. ## Example Playbook diff --git a/roles/docker-matomo/meta/main.yml b/roles/docker-matomo/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-matomo/meta/main.yml +++ b/roles/docker-matomo/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-matomo/tasks/main.yml b/roles/docker-matomo/tasks/main.yml index a9a5080c..706ff445 100644 --- a/roles/docker-matomo/tasks/main.yml +++ b/roles/docker-matomo/tasks/main.yml @@ -4,7 +4,7 @@ - name: configure {{domain}}.conf template: - src: "roles/docker-reverse-proxy/templates/domain.conf.j2" + src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" dest: "/etc/nginx/conf.d/{{domain}}.conf" notify: restart nginx diff --git a/roles/docker-mediawiki/meta/main.yml b/roles/docker-mediawiki/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-mediawiki/meta/main.yml +++ b/roles/docker-mediawiki/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-mediawiki/tasks/main.yml b/roles/docker-mediawiki/tasks/main.yml index 77397243..409f8358 100644 --- a/roles/docker-mediawiki/tasks/main.yml +++ b/roles/docker-mediawiki/tasks/main.yml @@ -2,7 +2,7 @@ command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} - name: configure {{domain}}.conf - template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx - name: "docker mediawiki" diff --git a/roles/docker-mybb/meta/main.yml b/roles/docker-mybb/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-mybb/meta/main.yml +++ b/roles/docker-mybb/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-mybb/tasks/main.yml b/roles/docker-mybb/tasks/main.yml index 42a72d2b..83957dde 100644 --- a/roles/docker-mybb/tasks/main.yml +++ b/roles/docker-mybb/tasks/main.yml @@ -3,7 +3,7 @@ command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} - name: configure {{domain}}.conf - template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx - name: create data folder diff --git a/roles/docker-nextcloud/meta/main.yml b/roles/docker-nextcloud/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-nextcloud/meta/main.yml +++ b/roles/docker-nextcloud/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-nextcloud/templates/nextcloud.conf.j2 b/roles/docker-nextcloud/templates/nextcloud.conf.j2 index 75c396e2..29703391 100644 --- a/roles/docker-nextcloud/templates/nextcloud.conf.j2 +++ b/roles/docker-nextcloud/templates/nextcloud.conf.j2 @@ -4,6 +4,10 @@ server {% include 'roles/letsencrypt/templates/ssl_header.j2' %} + {% if nginx_matomo_tracking_active | default(False) %} + {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} + {% endif %} + # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; @@ -15,7 +19,7 @@ server client_body_buffer_size 400M; fastcgi_buffers 64 4K; - {% include 'roles/docker-reverse-proxy/templates/proxy_pass.conf.j2' %} + {% include 'roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2' %} location ^~ /.well-known { rewrite ^/\.well-known/host-meta\.json /public.php?service=host-meta-json last; diff --git a/roles/docker-peertube/meta/main.yml b/roles/docker-peertube/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-peertube/meta/main.yml +++ b/roles/docker-peertube/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-peertube/templates/peertube.conf.j2 b/roles/docker-peertube/templates/peertube.conf.j2 index 7337c947..1fb1156b 100644 --- a/roles/docker-peertube/templates/peertube.conf.j2 +++ b/roles/docker-peertube/templates/peertube.conf.j2 @@ -8,6 +8,11 @@ server { {% include 'roles/letsencrypt/templates/ssl_header.j2' %} + {% if nginx_matomo_tracking_active | default(False) %} + {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} + {% endif %} + + ## # Application ## diff --git a/roles/docker-pixelfed/meta/main.yml b/roles/docker-pixelfed/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-pixelfed/meta/main.yml +++ b/roles/docker-pixelfed/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-pixelfed/tasks/main.yml b/roles/docker-pixelfed/tasks/main.yml index aa238ef3..76a96959 100644 --- a/roles/docker-pixelfed/tasks/main.yml +++ b/roles/docker-pixelfed/tasks/main.yml @@ -3,7 +3,7 @@ command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} - name: configure {{domain}}.conf - template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx - name: "create {{docker_compose_path}}" diff --git a/roles/docker-roulette-wheel/meta/main.yml b/roles/docker-roulette-wheel/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-roulette-wheel/meta/main.yml +++ b/roles/docker-roulette-wheel/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-roulette-wheel/tasks/main.yml b/roles/docker-roulette-wheel/tasks/main.yml index caf118c5..a136b7d6 100644 --- a/roles/docker-roulette-wheel/tasks/main.yml +++ b/roles/docker-roulette-wheel/tasks/main.yml @@ -3,7 +3,7 @@ command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} - name: configure {{domain}}.conf - template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx - name: "create {{docker_compose_path}}" diff --git a/roles/docker-wordpress/meta/main.yml b/roles/docker-wordpress/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-wordpress/meta/main.yml +++ b/roles/docker-wordpress/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-wordpress/tasks/main.yml b/roles/docker-wordpress/tasks/main.yml index 5ca91db2..6eece92d 100644 --- a/roles/docker-wordpress/tasks/main.yml +++ b/roles/docker-wordpress/tasks/main.yml @@ -7,7 +7,7 @@ vars: client_max_body_size: "{{wordpress_max_upload_size}}" domain: "{{item}}" - template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{ item }}.conf + template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{ item }}.conf loop: "{{domains}}" notify: restart nginx diff --git a/roles/docker-yourls/meta/main.yml b/roles/docker-yourls/meta/main.yml index f25ef891..d3606e63 100644 --- a/roles/docker-yourls/meta/main.yml +++ b/roles/docker-yourls/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- docker-reverse-proxy +- nginx-docker-reverse-proxy diff --git a/roles/docker-yourls/tasks/main.yml b/roles/docker-yourls/tasks/main.yml index e14aefe1..aebb66da 100644 --- a/roles/docker-yourls/tasks/main.yml +++ b/roles/docker-yourls/tasks/main.yml @@ -4,7 +4,7 @@ - name: configure {{domain}}.conf template: - src: "roles/docker-reverse-proxy/templates/domain.conf.j2" + src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" dest: "/etc/nginx/conf.d/{{domain}}.conf" notify: restart nginx diff --git a/roles/docker-reverse-proxy/README.md b/roles/nginx-docker-reverse-proxy/README.md similarity index 96% rename from roles/docker-reverse-proxy/README.md rename to roles/nginx-docker-reverse-proxy/README.md index 04c5659c..c1bd030b 100644 --- a/roles/docker-reverse-proxy/README.md +++ b/roles/nginx-docker-reverse-proxy/README.md @@ -1,4 +1,4 @@ -# role docker-reverse-proxy +# role nginx-docker-reverse-proxy Uses nginx as an [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) for local docker applications. diff --git a/roles/docker-reverse-proxy/meta/main.yml b/roles/nginx-docker-reverse-proxy/meta/main.yml similarity index 100% rename from roles/docker-reverse-proxy/meta/main.yml rename to roles/nginx-docker-reverse-proxy/meta/main.yml diff --git a/roles/docker-reverse-proxy/templates/domain.conf.j2 b/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 similarity index 61% rename from roles/docker-reverse-proxy/templates/domain.conf.j2 rename to roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 index 5362189b..e69f4226 100644 --- a/roles/docker-reverse-proxy/templates/domain.conf.j2 +++ b/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 @@ -2,6 +2,11 @@ server { server_name {{domain}}; + {% if nginx_matomo_tracking_active | default(False) %} + {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} + {% endif %} + + {% if client_max_body_size is defined %} client_max_body_size {{ client_max_body_size }}; {% endif %} diff --git a/roles/docker-reverse-proxy/templates/proxy_pass.conf.j2 b/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 similarity index 100% rename from roles/docker-reverse-proxy/templates/proxy_pass.conf.j2 rename to roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 diff --git a/roles/nginx-homepage/templates/homepage.nginx.conf.j2 b/roles/nginx-homepage/templates/homepage.nginx.conf.j2 index ccd9a399..9529908b 100644 --- a/roles/nginx-homepage/templates/homepage.nginx.conf.j2 +++ b/roles/nginx-homepage/templates/homepage.nginx.conf.j2 @@ -5,6 +5,10 @@ server {% include 'roles/letsencrypt/templates/ssl_header.j2' %} + {% if nginx_matomo_tracking_active | default(False) %} + {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} + {% endif %} + charset utf-8; location / diff --git a/roles/nginx-matomo-tracking/Readme.md b/roles/nginx-matomo-tracking/Readme.md new file mode 100644 index 00000000..da18bc80 --- /dev/null +++ b/roles/nginx-matomo-tracking/Readme.md @@ -0,0 +1,35 @@ +# Nginx Matomo Tracking Role + +This Ansible role automates the integration of Matomo tracking code into Nginx-served websites. It simplifies the process of adding the Matomo analytics tracking script and image tracker to all your web pages served through Nginx. + +## Features +- Automated insertion of Matomo tracking script into the `` tag of HTML pages. +- Integration of a noscript image tracker before the `` tag for tracking users with JavaScript disabled. +- Configuration to apply changes on every request, ensuring that dynamic content and single-page applications are also tracked. + +## Requirements +- Nginx installed on the target server. +- Matomo analytics platform set up and accessible. + +## Role Variables +- `matomo_domain`: The domain of your Matomo installation. +- `base_domain`: The base domain of the website you wish to track. +- `matomo_site_id`: The site ID configured in your Matomo dashboard. + +## Dependencies +- None. This role is designed to be included in Nginx server block configurations. + +## Example Usage +To enable Matomo tracking on your Nginx website, include the role in your playbook and set the required variables. + +```yaml +- hosts: webserver + roles: + - { role: nginx-matomo-tracking, matomo_domain: 'matomo.example.com', base_domain: 'example.com', matomo_site_id: '1' } +``` + +## Customization +You can customize the tracking script and the noscript image tracker by editing the `matomo-tracking.js.j2` and `matomo-tracking.conf.j2` templates. + +## Author Information +This role was created in 2023 by Kevin Veen Birkenbach, providing a seamless way to add Matomo analytics to any website served via Nginx. \ No newline at end of file diff --git a/roles/nginx-matomo-tracking/tasks/main.yml b/roles/nginx-matomo-tracking/tasks/main.yml new file mode 100644 index 00000000..885ef335 --- /dev/null +++ b/roles/nginx-matomo-tracking/tasks/main.yml @@ -0,0 +1,38 @@ +- name: Check if site already exists in Matomo + uri: + url: "https://{{matomo_domain}}/index.php?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{base_domain}}&format=json&token_auth={{matomo_auth_token}}" + method: GET + return_content: yes + status_code: 200 + validate_certs: yes + register: site_check + +- name: Set fact for site ID if site already exists + set_fact: + matomo_site_id: "{{ site_check.json[0].idsite }}" + when: "(site_check.json | length) > 0" + +- name: Add site to Matomo and get ID if not exists + uri: + url: "https://{{ matomo_domain }}/index.php" + method: POST + body: "module=API&method=SitesManager.addSite&siteName={{ base_domain }}&urls=https://{{ base_domain }}&token_auth={{ matomo_auth_token }}&format=json" + body_format: form-urlencoded + status_code: 200 + return_content: yes + validate_certs: yes + register: add_site + when: "matomo_site_id is not defined" + +- name: Set fact for site ID if site was added + set_fact: + matomo_site_id: "{{ add_site.json.value }}" + when: "matomo_site_id is not defined" + +- name: Set the Matomo tracking code from a template file + set_fact: + matomo_tracking_code: "{{ lookup('template', 'matomo-tracking.js.j2') }}" + +- name: Set the tracking code as a one-liner + set_fact: + matomo_tracking_code_one_liner: "{{ matomo_tracking_code | regex_replace('\\n', '') | regex_replace('\\s+', ' ') }}" diff --git a/roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2 b/roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2 new file mode 100644 index 00000000..3d051f62 --- /dev/null +++ b/roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2 @@ -0,0 +1,5 @@ +# sub filters to integrate matomo tracking code in nginx websites +sub_filter '' ''; +sub_filter '' ''; +sub_filter_once off; +# sub_filter_types text/html; This is standart \ No newline at end of file diff --git a/roles/nginx-matomo-tracking/templates/matomo-tracking.js.j2 b/roles/nginx-matomo-tracking/templates/matomo-tracking.js.j2 new file mode 100644 index 00000000..52ef57b6 --- /dev/null +++ b/roles/nginx-matomo-tracking/templates/matomo-tracking.js.j2 @@ -0,0 +1,14 @@ +var _paq = window._paq = window._paq || []; +_paq.push(["setCookieDomain", "*.{{base_domain}}"]); +_paq.push(["setDomains", ["*.{{base_domain}}"]]); +_paq.push(["enableCrossDomainLinking"]); +_paq.push(["trackPageView"]); +_paq.push(["trackAllContentImpressions"]); +_paq.push(["enableLinkTracking"]); +(function() { + var u="//{{matomo_domain}}/"; + _paq.push(["setTrackerUrl", u+"matomo.php"]); + _paq.push(["setSiteId", "{{matomo_site_id}}"]); + var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0]; + g.async=true; g.src=u+"matomo.js"; s.parentNode.insertBefore(g,s); +})(); \ No newline at end of file diff --git a/roles/nginx-matomo-tracking/vars/main.yml b/roles/nginx-matomo-tracking/vars/main.yml new file mode 100644 index 00000000..e217202a --- /dev/null +++ b/roles/nginx-matomo-tracking/vars/main.yml @@ -0,0 +1,2 @@ +matomo_domain: "matomo.{{top_domain}}" +base_domain: "{{ domain | regex_replace('^(?:.*\\.)?(.+\\..+)$', '\\1') }}" diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 476d79ad..21e62952 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -9,6 +9,11 @@ state: directory mode: 0755 +- name: Activate NGINX matomo tracking + include_role: + name: nginx-matomo-tracking + when: nginx_matomo_tracking_active and domain is defined + - name: create nginx config file template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf notify: restart nginx