Skip to content

Latest commit

 

History

History
87 lines (78 loc) · 3.34 KB

README.md

File metadata and controls

87 lines (78 loc) · 3.34 KB

matomo-single-node-azure

Provisions Azure resources required to run Matomo using a single Web server and PaaS database.

Description

This project deploys the following Azure resources:

  • Virtual Network and its Subnets
  • Network Security Groups
  • Application Gateway and its Public IP
  • Virtual Machine and its OS/Data Disks and Network Card
  • Mysql Database
  • Recovery Service Vault and its Daily Backup Policy and Protected Item (VM backup)
  • Bastion and its Public IP

And installs the following software (up to their latest available patch level for the linux distro) on the virtual machine:

  • Apache 2.4
  • Mysql client 8.0
  • PHP 8.3 modules
    • php8.3-cli
    • php8.3-curl
    • php8.3-gd
    • php8.3-mbstring
    • php8.3-mysql
    • php8.3-xml
  • Ubuntu 24.04 LTS (Minimal)
  • gpg
  • libmaxminddb
  • logrotate
  • Matomo 5.2.1
  • vim

Prerequisites

Tools

  1. An Azure Client (a.k.a. "az cli")
  2. A Git client
  3. A text editor

Azure Ressources

  1. An Azure subscription.
  2. A target resource group.
  3. A Key Vault with a properly signed SSL/TLS Certificate.
  4. A User Assigned Managed Identity (UAMI).

Azure Permissions

  1. Permission to manage (CRUD) resources in the target resource group.
  2. GET permission on the Key Vault Secrets granted to the User Assigned Managed Identity. This will allow the Application Gateway to retrieve the SSL/TLS certificate private key from the Key Vault using the UAMI .

Others

  1. Optional - An SMTP server.
  2. Optional - A custom domain name for the new matomo instance.

Usage

  1. Clone this projet.
  2. Create a new file named armTemplates/azureDeploy.parameters.json based on the armTemplates/azureDeploy.parameters.example.json file.
  3. Edit the new azureDeploy.parameters.json file to your liking.
  4. Authenticate your Azure Client to your Azure subscription by running the az login command and following the instructions.
  5. Adapt and run the following commands (on linux):
deploymentName="MoodleManualDeployment"
resourceGroupName="[Your resource Group name]"
templateFile="armTemplate/azureDeploy.json"
parameterFile="armTemplates/azureDeploy.parameters.json"
az deployment group create --name $deploymentName --resource-group $resourceGroupName --template-file $templateFile --parameter @$parameterFile --verbose

Useful References

; Database SSL Options START
; Turn on or off SSL connection to database, possible values for enable_ssl: 1 or 0
enable_ssl = 1
; Direct path to server CA file, CA bundle supported (required for ssl connection)
ssl_ca =
; Direct path to client cert file (optional)
ssl_cert =
; Direct path to client key file (optional)
ssl_key =
; Direct path to CA cert files directory (optional)
ssl_ca_path = /etc/ssl/certs
; List of one or more ciphers for SSL encryption, in OpenSSL format (optional)
ssl_cipher =
; Whether to skip verification of self signed certificates (optional, only supported
; w/ specific PHP versions, and is mostly for testing purposes)
ssl_no_verify =
; Database SSL Options END

Enjoy!