diff --git a/matomo-README.SUSE b/matomo-README.SUSE index 813fa80..3d4676f 100644 --- a/matomo-README.SUSE +++ b/matomo-README.SUSE @@ -13,9 +13,18 @@ In /etc/apache2/conf.d/matomo.conf you must insert your domain. Apache22: Allow from .mydomain.de Apache24: Require host mydomain.de +Enable needed modules: +~# for module in php7 headers setenvif ; do +~# /usr/sbin/a2enmod $module +~# done + +If you also want to enable compression, just enable the following modules as well: +~# /usr/sbin/a2enmod deflate +~# /usr/sbin/a2enmod filter + And then restart or reload apache - systemctl restart apache2 +~# /usr/bin/systemctl restart apache2 c) installer Go to http://www.mydomain.de/matomo/ @@ -47,4 +56,6 @@ f) auto archiving For autoarchiving you have two options. With cron or with systemd.timer. For cron you must uncomment the line in /etc/cron.d/matomo-archive -For systemd.timer you must start and enable matomo-archive.timer +For systemd.timer you must start and enable matomo-archive.timer: +~# /usr/bin/systemctl enable --now matomo-archive.timer + diff --git a/matomo-archive.cron b/matomo-archive.cron index eecf39f..ac64307 100644 --- a/matomo-archive.cron +++ b/matomo-archive.cron @@ -3,7 +3,7 @@ # # without CLI -#5 * * * * wwwrun /usr/bin/php @ap_serverroot@/matomo/misc/cron/archive.php --url=http://localhost/matomo/ > /var/log/matomo/matomo-archive.log +#-5 * * * * wwwrun /usr/bin/php @ap_serverroot@/matomo/misc/cron/archive.php --url=http://localhost/matomo/ > /var/log/matomo/matomo-archive.log # with CLI -5 * * * * wwwrun /usr/bin/php @ap_serverroot@/matomo/console core:archive --url=http://localhost/matomo/ > /var/log/matomo/matomo-archive.log +-5 * * * * wwwrun /usr/bin/php @ap_serverroot@/matomo/console core:archive --url=http://localhost/matomo/ > /var/log/matomo/matomo-archive.log diff --git a/matomo.changes b/matomo.changes index 091f7d3..4cccc5e 100644 --- a/matomo.changes +++ b/matomo.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Thu Dec 12 11:22:26 UTC 2019 - Lars Vogdt + +- moved the update message in post to the right position +- disable some (unused) php functions +- use open basedir +- add newly required php modules: + php-ctype, php-dom, php-iconv, php-tokenizer, php-xmlreader, + php-xmlwriter, php-zlibm +- define locations of web-, log- and config directories dynamically +- allow to enable compression +- enhanced README.SUSE + ------------------------------------------------------------------- Thu Dec 12 07:42:22 UTC 2019 - Mathias Homann diff --git a/matomo.conf b/matomo.conf index 11badd2..afa986c 100644 --- a/matomo.conf +++ b/matomo.conf @@ -1,6 +1,6 @@ -Alias /matomo "/srv/www/matomo" +Alias /matomo "__matomo_web__" - + AllowOverride All Options FollowSymLinks @@ -59,10 +59,37 @@ Alias /matomo "/srv/www/matomo" + + AddType application/x-javascript .js + AddType text/css .css + + + AddOutputFilterByType DEFLATE text/css application/x-javascript text/x-component text/html text/plain text/xml application/javascript + + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4.0[678] no-gzip + BrowserMatch bMSIE !no-gzip !gzip-only-text/html + + + Header append Vary User-Agent env=!dont-vary + + + # improved security + php_admin_value open_basedir "__matomo_web__:__matomo_conf__:__matomo_log__:/tmp:/usr/bin" + php_admin_flag display_startup_errors Off + php_admin_flag display_errors Off + php_admin_flag file_uploads Off + php_admin_flag allow_url_fopen Off + php_admin_value disable_functions "posix_setpgid,exec,ftp_login,mysql_pconnect,apache_setenv,popen,posix_getpwuid,posix_setsid,passthru,escapeshellcmd,ini_alter,ftp_raw,ftp_nb_fput,ini_restore,shell_exec,ftp_get,proc_get_status,highlight_file,proc_close,proc_terminate,syslog,ftp_connect,posix_uname,ini_get_all,proc_open,posix_kill,escapeshellarg,ftp_rawlist,posix_setuid,openlog,php_uname,system,ftp_exec,posix_mkfifo,proc_nice,ftp_put" + php_admin_value memory_limit "1024M" + php_admin_value max_execution_time 120 + + + - + # Apache 2.4 Require all denied diff --git a/matomo.rpmlintrc b/matomo.rpmlintrc index 5947a27..8aaeee9 100644 --- a/matomo.rpmlintrc +++ b/matomo.rpmlintrc @@ -7,3 +7,4 @@ addFilter("pem-certificate") addFilter("non-conffile-in-etc /etc/matomo/environment/dev.php") addFilter("non-conffile-in-etc /etc/matomo/environment/test.php") addFilter("non-conffile-in-etc /etc/matomo/environment/ui-test.php") +addFilter("explicit-lib-dependency php-zlib") diff --git a/matomo.spec b/matomo.spec index b4d2cea..8da4711 100644 --- a/matomo.spec +++ b/matomo.spec @@ -1,7 +1,7 @@ # # spec file for package matomo # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -58,9 +58,6 @@ BuildRequires: cron BuildRequires: fdupes BuildRequires: logrotate BuildRequires: mariadb -#BuildRequires: php-json -#BuildRequires: php-mbstring -#BuildRequires: php-pdo BuildRequires: systemd BuildRequires: unzip Requires: apache2 @@ -68,12 +65,21 @@ Requires: cron Requires: logrotate Requires: mariadb Requires: mod_php_any >= 5.5.9 +Requires: php-ctype Requires: php-curl +Requires: php-dom Requires: php-gd +Requires: php-iconv Requires: php-json Requires: php-mbstring Requires: php-mysql +#Requires: php-openssl Requires: php-pdo +#Requires: php-sqlite +Requires: php-tokenizer +Requires: php-xmlreader +Requires: php-xmlwriter +Requires: php-zlib %{?systemd_requires} Recommends: php-geoip Recommends: apache2-mod_geoip @@ -86,10 +92,10 @@ insights into a website's visitors and marketing campaigns, so the strategy and online experience of visitors may be optimized. %prep -%setup -q -n matomo +%setup -q -n %{name} install -m644 %{SOURCE4} README.SUSE # remove unwanted files -find . -type f "(" -name .htaccess -o -name .travis.sh ")" -delete +find . -type f "(" -name .htaccess -o -name .travis.sh -o -name .gitkeep ")" -delete #find . -name ".git*" -exec rm -Rf "{}" "+" find . -type f "(" -name "*.c" -o -name "*.h" -o -name "*.js.orig" ")" -delete # env-script-interpreter @@ -133,7 +139,11 @@ mv "misc/How to install Matomo.html" %{buildroot}/%{_defaultdocdir}/%{name} mv *md %{buildroot}/%{_defaultdocdir}/%{name} cp -dR * %{buildroot}/%{ap_serverroot}/%{name} # install matomo.conf to apache conf.d -install -D -m0640 %{SOURCE2} %{buildroot}/%{ap_sysconfdir}/conf.d/%{name}.conf +mkdir -p %{buildroot}/%{ap_sysconfdir}/conf.d +sed -e 's|__matomo_web__|%{ap_serverroot}/%{name}|g' \ + -e 's|__matomo_conf__|%{_sysconfdir}/%{name}|g' \ + -e 's|__matomo_log__|/var/log/%{name}|g' \ + %{SOURCE2} > %{buildroot}/%{ap_sysconfdir}/conf.d/%{name}.conf # install logrotate install -D -m0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/logrotate.d/%{name} # move config to etc/matomo and make symlink @@ -162,9 +172,9 @@ install -D -m0644 %{SOURCE13} %{buildroot}/%{_sysconfdir}/my.cnf.d/%{name}.my.cn # BSC#1154324 # # # chown -R %{ap_usr}:%{ap_grp} %{ap_serverroot}/%{name} %service_add_post matomo-archive.timer matomo-archive.service apache2.service -# Update matomo if this is an upgrade $1 == 2 -echo "matomo: Update matomo:core..." if [ $1 -gt 1 ]; then + # Update matomo if this is an upgrade $1 == 2 + echo "matomo: Update matomo:core..." su wwwrun -s /bin/sh -c "%{_bindir}/php %{ap_serverroot}/%{name}/console config:set 'Tracker.record_statistics="0"'" || : su wwwrun -s /bin/sh -c "%{_bindir}/php %{ap_serverroot}/%{name}/console config:set 'General.maintenance_mode="1"'" || : su wwwrun -s /bin/sh -c "%{_bindir}/php %{ap_serverroot}/%{name}/console core:update --yes" || : @@ -208,15 +218,16 @@ fi %attr(0644,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/js/piwik.min.js %attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/console %attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc/cron/archive.sh -%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc/log-analytics/import_logs.py +#%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc/log-analytics/import_logs.py %attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc/composer/clean-xhprof.sh %attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc/composer/build-xhprof.sh -%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/leafo/lessphp/package.sh -%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/leafo/lessphp/lessify -%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/leafo/lessphp/plessc -%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/pear/archive_tar/sync-php4 -%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/szymach/c-pchart/coverage.sh -%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/tecnickcom/tcpdf/tools/tcpdf_addfont.php +#%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/plugins/TestRunner/scripts/on_instance_launch.sh +#%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/leafo/lessphp/package.sh +#%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/leafo/lessphp/lessify +#%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/leafo/lessphp/plessc +#%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/pear/archive_tar/sync-php4 +#%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/szymach/c-pchart/coverage.sh +#%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/vendor/tecnickcom/tcpdf/tools/tcpdf_addfont.php %{ap_serverroot}/%{name}/* %changelog