Provisions Azure resources required to run Matomo using a single Web server and PaaS database.
This project deploys the following Azure resources:
- Virtual Network and its Subnets
- Network Security Groups
- Application Gateway and its Public IP
- Virtual Machine and its OS/Data Disks and Network Card
- Mysql Database
- Recovery Service Vault and its Daily Backup Policy and Protected Item (VM backup)
- Bastion and its Public IP
And installs the following software (up to their latest available patch level for the linux distro) on the virtual machine:
- Apache 2.4
- Mysql client 8.0
- PHP 8.3 modules
- php8.3-cli
- php8.3-curl
- php8.3-gd
- php8.3-mbstring
- php8.3-mysql
- php8.3-xml
- Ubuntu 24.04 LTS (Minimal)
- gpg
- libmaxminddb
- logrotate
- Matomo 5.2.1
- vim
- An Azure Client (a.k.a. "az cli")
- A Git client
- A text editor
- An Azure subscription.
- A target resource group.
- A Key Vault with a properly signed SSL/TLS Certificate.
- A User Assigned Managed Identity (UAMI).
- Permission to manage (CRUD) resources in the target resource group.
- GET permission on the Key Vault Secrets granted to the User Assigned Managed Identity. This will allow the Application Gateway to retrieve the SSL/TLS certificate private key from the Key Vault using the UAMI .
- Optional - An SMTP server.
- Optional - A custom domain name for the new matomo instance.
- Clone this projet.
- Create a new file named armTemplates/azureDeploy.parameters.json based on the armTemplates/azureDeploy.parameters.example.json file.
- Edit the new azureDeploy.parameters.json file to your liking.
- Authenticate your Azure Client to your Azure subscription by running the
az login
command and following the instructions. - Adapt and run the following commands (on linux):
deploymentName="MoodleManualDeployment"
resourceGroupName="[Your resource Group name]"
templateFile="armTemplate/azureDeploy.json"
parameterFile="armTemplates/azureDeploy.parameters.json"
az deployment group create --name $deploymentName --resource-group $resourceGroupName --template-file $templateFile --parameter @$parameterFile --verbose
- The database setup by this project enforces TLS/SSL connections. See HOW DO I SETUP MATOMO TO SECURELY CONNECT TO THE DATABASE USING MYSQL SSL? for details about how to finalize Matomo installation. Once the initial setup is completed, add the following lines to your [matomo installation folder]/config/config.ini.php under the
[database]
section:
; Database SSL Options START
; Turn on or off SSL connection to database, possible values for enable_ssl: 1 or 0
enable_ssl = 1
; Direct path to server CA file, CA bundle supported (required for ssl connection)
ssl_ca =
; Direct path to client cert file (optional)
ssl_cert =
; Direct path to client key file (optional)
ssl_key =
; Direct path to CA cert files directory (optional)
ssl_ca_path = /etc/ssl/certs
; List of one or more ciphers for SSL encryption, in OpenSSL format (optional)
ssl_cipher =
; Whether to skip verification of self signed certificates (optional, only supported
; w/ specific PHP versions, and is mostly for testing purposes)
ssl_no_verify =
; Database SSL Options END
Enjoy!