mxmehl
/
mehl.mx
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

more generic setup for matomo

new-gallery
max.mehl 3 years ago
parent
ac0d9506d4
commit
61f1a93e13
Signed by: mxmehl
GPG Key ID: 2704E4AB371E2E92
8 changed files with 408 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      .gitignore
  2. 4
      config.toml
  3. 1
      themes/hugo-sustain/.gitignore
  4. 4
      themes/hugo-sustain/layouts/partials/matomo.html
  5. 41
      themes/hugo-sustain/static/config.php.sample
  6. 0
      themes/hugo-sustain/static/matomo-proxy.php
  7. 0
      themes/hugo-sustain/static/piwik.php
  8. 360
      themes/hugo-sustain/static/proxy.php

1
.gitignore vendored
Unescape View File

@ -1,3 +1,2 @@ @@ -1,3 +1,2 @@
resources/
public/
static/proxy.php

4
config.toml
Unescape View File

@ -35,6 +35,10 @@ extensions = [ "hardLineBreak" ] @@ -35,6 +35,10 @@ extensions = [ "hardLineBreak" ]
Mastodon = "mastodon.social/@mxmehl"
Diaspora = "diasp.eu/u/mxmehl"
[params.matomo]
trackedurl = "//mehl.mx/"
siteid = "9"
[params.mastodoncomments]
# Link to your Mastodon profile. Please use the format https://<instanceURL>/users/<youruser>
user = "https://mastodon.social/users/mxmehl"

1
themes/hugo-sustain/.gitignore vendored
Unescape View File

@ -0,0 +1 @@ @@ -0,0 +1 @@
static/config.php

4
themes/hugo-sustain/layouts/partials/matomo.html
Unescape View File

@ -4,9 +4,9 @@ @@ -4,9 +4,9 @@
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//mehl.mx/";
var u={{ .Site.Params.matomo.trackedurl }};
_paq.push(["setTrackerUrl", u+"piwik.php"]);
_paq.push(["setSiteId", "9"]);
_paq.push(["setSiteId", "{{ .Site.Params.matomo.siteid }}"]);
var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0];
g.type="text/javascript"; g.async=true; g.defer=true; g.src=u+"piwik.php"; s.parentNode.insertBefore(g,s);
})();

41
themes/hugo-sustain/static/config.php.sample
Unescape View File

@ -0,0 +1,41 @@ @@ -0,0 +1,41 @@
<?php
// -----
// Important: read the instructions in README.md or at:
// https://github.com/matomo/matomo/tree/master/misc/proxy-hide-matomo-url#matomo-proxy-hide-url
// -----
// Edit the line below, and replace http://your-matomo-domain.example.org/matomo/
// with your Matomo URL ending with a slash.
// This URL will never be revealed to visitors or search engines.
$PIWIK_URL = 'http://your-matomo-domain.example.org/matomo/';
// Edit the line below and replace http://your-tracker-proxy.org/ with the URL to your tracker-proxy
// setup. This URL will be used in Matomo output that contains the Matomo URL, so your Matomo is effectively
// hidden.
$PROXY_URL = 'http://your-tracker-proxy.org/';
// Edit the line below, and replace xyz by the token_auth for the user "UserTrackingAPI"
// which you created when you followed instructions above.
$TOKEN_AUTH = 'xyz';
// Maximum time, in seconds, to wait for the Matomo server to return the 1*1 GIF
$timeout = 5;
// By default, the HTTP User Agent will be set to the user agent of the client requesting piwik.php
// Edit the line below to force the proxy to always use a specific user agent string.
$user_agent = '';
// In some situations the backend takes the sending IP address into account
// which by default is the IP address of the server/service proxy.php is executed from.
// If $http_forward_header is set, the clients IP address is sent over in the
// header field with the given name. An empty string means do not send the header.
// A common header name is 'X-Forwarded-For'.
//
// In order to work, the http server serving the matomo instance, has to be configured
// to honor the additional header.
//
// For apache http see https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
// for nginx see https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/
//
$http_ip_forward_header = '';

0
static/matomo-proxy.php → themes/hugo-sustain/static/matomo-proxy.php
Unescape View File

0
static/piwik.php → themes/hugo-sustain/static/piwik.php
Unescape View File

360
themes/hugo-sustain/static/proxy.php
Unescape View File

@ -0,0 +1,360 @@ @@ -0,0 +1,360 @@
<?php
/**
* Piwik - free/libre analytics platform
* Piwik Proxy Hide URL
*
* @link http://piwik.org/faq/how-to/#faq_132
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*/
if (!defined('MATOMO_PROXY_FROM_ENDPOINT')) {
exit; // this file is not supposed to be accessed directly
}
// if set to true, will print out more information about request errors so said errors can be more easily debugged.
$DEBUG_PROXY = false;
// set to true if the target matomo server has a ssl certificate that will fail verification, like when testing.
$NO_VERIFY_SSL = false;
if (file_exists(dirname(__FILE__) . '/config.php')) {
include dirname(__FILE__) . '/config.php';
}
// -----
// Important: read the instructions in README.md or at:
// https://github.com/piwik/tracker-proxy#piwik-tracker-proxy
// -----
// Edit the line below, and replace http://your-piwik-domain.example.org/piwik/
// with your Piwik URL ending with a slash.
// This URL will never be revealed to visitors or search engines.
if (! isset($PIWIK_URL)) {
$PIWIK_URL = 'http://your-piwik-domain.example.org/piwik/';
}
// Edit the line below, and replace xyz by the token_auth for the user "UserTrackingAPI"
// which you created when you followed instructions above.
if (! isset($TOKEN_AUTH)) {
$TOKEN_AUTH = 'xyz';
}
// Maximum time, in seconds, to wait for the Piwik server to return the 1*1 GIF
if (! isset($timeout)) {
$timeout = 5;
}
// The HTTP User-Agent to set in the request sent to Piwik Tracking API
if (empty($user_agent)) {
$user_agent = arrayValue($_SERVER, 'HTTP_USER_AGENT', '');
}
// -----------------------------
// DO NOT MODIFY BELOW THIS LINE
// -----------------------------
// the HTTP response headers captured via fopen or curl
$httpResponseHeaders = array();
// 1) PIWIK.JS PROXY: No _GET parameter, we serve the JS file; or we serve a requested js file
if ((empty($_GET) && empty($_POST)) || (isset($filerequest) && substr($filerequest, -3) === '.js')) {
$modifiedSince = false;
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
$modifiedSince = $_SERVER['HTTP_IF_MODIFIED_SINCE'];
// strip any trailing data appended to header
if (false !== ($semicolon = strpos($modifiedSince, ';'))) {
$modifiedSince = substr($modifiedSince, 0, $semicolon);
}
$modifiedSince = strtotime($modifiedSince);
}
// Re-download the piwik.js once a day maximum
$lastModified = time() - 86400;
// set HTTP response headers
sendHeader('Vary: Accept-Encoding');
// Returns 304 if not modified since
if (!empty($modifiedSince) && $modifiedSince > $lastModified) {
sendHeader(sprintf("%s 304 Not Modified", $_SERVER['SERVER_PROTOCOL']));
} else {
sendHeader('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
sendHeader('Content-Type: application/javascript; charset=UTF-8');
// Silent fail: hide Warning in 'piwik.js' response
if (empty($_GET) && empty($_POST)) {
list($content, $httpStatus) = getHttpContentAndStatus($PIWIK_URL . 'piwik.js', $timeout, $user_agent);
} else {
list($content, $httpStatus) = getHttpContentAndStatus($PIWIK_URL . $filerequest, $timeout, $user_agent);
}
if ($piwikJs = $content) {
echo $piwikJs;
} else {
echo '/* there was an error loading piwik.js */';
}
}
exit;
}
@ini_set('magic_quotes_runtime', 0);
// 2) PIWIK.PHP PROXY: GET parameters found, this is a tracking request, we redirect it to Piwik
if (strpos($path, '?') === false) {
$path = $path . '?';
}
$extraQueryParams = array();
if (strpos($path, 'piwik.php') === 0) {
$extraQueryParams = array(
'cip' => getVisitIp(),
'token_auth' => $TOKEN_AUTH,
);
}
$url = $PIWIK_URL . $path;
$url .= http_build_query(array_merge($extraQueryParams, $_GET));
if (version_compare(PHP_VERSION, '5.3.0', '<')) {
// PHP 5.2 breaks with the new 204 status code so we force returning the image every time
list($content, $httpStatus) = getHttpContentAndStatus($url . '&send_image=1', $timeout, $user_agent);
$content = sanitizeContent($content);
forwardHeaders($content);
echo $content;
} else {
// PHP 5.3 and above
list($content, $httpStatus) = getHttpContentAndStatus($url, $timeout, $user_agent);
$content = sanitizeContent($content);
forwardHeaders($content);
// Forward the HTTP response code
if (!headers_sent() && !empty($httpStatus)) {
header($httpStatus);
}
echo $content;
}
function sanitizeContent($content)
{
global $TOKEN_AUTH;
global $PIWIK_URL;
global $PROXY_URL;
global $VALID_FILES;
$matomoHost = parse_url($PIWIK_URL, PHP_URL_HOST);
$proxyHost = parse_url($PROXY_URL, PHP_URL_HOST);
$content = str_replace($TOKEN_AUTH, '<token>', $content);
$content = str_replace($PIWIK_URL, $PROXY_URL, $content);
$content = str_replace($matomoHost, $proxyHost, $content);
if(isset($VALID_FILES)) {
foreach($VALID_FILES as $filepath) {
// replace file paths to match the proxy and discard cb
$content = preg_replace('^' . $filepath . '(\?cb\=[a-z0-9]*)?^', $PROXY_URL . 'matomo-proxy.php?file=' . $filepath, $content);
}
}
return $content;
}
function forwardHeaders($content)
{
global $httpResponseHeaders;
$headersToForward = array(
'content-type',
'access-control-allow-origin',
'access-control-allow-methods',
'set-cookie',
);
foreach ($httpResponseHeaders as $header) {
$parts = explode(':', $header);
if (empty($parts[0])) {
continue;
}
$name = trim(strtolower($parts[0]));
if (in_array($name, $headersToForward)) {
sendHeader($header);
}
}
sendHeader('content-length: ' . strlen($content));
}
function getVisitIp()
{
$ipKeys = array(
'HTTP_X_FORWARDED_FOR',
'HTTP_CLIENT_IP',
'HTTP_CF_CONNECTING_IP',
);
foreach($ipKeys as $ipKey) {
if (isset($_SERVER[$ipKey])
&& filter_var($_SERVER[$ipKey], FILTER_VALIDATE_IP) !== false
) {
return $_SERVER[$ipKey];
}
}
return arrayValue($_SERVER, 'REMOTE_ADDR');
}
function transformHeaderLine($headerLine)
{
// if we're not on an https protocol, make sure cookies do not have 'secure;'
if (empty($_SERVER['HTTPS']) && preg_match('/^set-cookie:/i', $headerLine)) {
$headerLine = str_replace('secure;', '', $headerLine);
}
return $headerLine;
}
// captures a header line when using a curl request. would be better to use an anonymous function, but that would break
// PHP 5.2 support.
function handleHeaderLine($curl, $headerLine)
{
global $httpResponseHeaders;
$originalByteCount = strlen($headerLine);
$headerLine = transformHeaderLine($headerLine);
$httpResponseHeaders[] = trim($headerLine);
return $originalByteCount;
}
function getHttpContentAndStatus($url, $timeout, $user_agent)
{
global $httpResponseHeaders;
global $DEBUG_PROXY;
global $NO_VERIFY_SSL;
global $http_ip_forward_header;
$useFopen = @ini_get('allow_url_fopen') == '1';
$header = array();
$header[] = sprintf("Accept-Language: %s", str_replace(array("\n", "\t", "\r"), "", arrayValue($_SERVER, 'HTTP_ACCEPT_LANGUAGE', '')));
// NOTE: any changes made to Piwik\Plugins\PrivacyManager\DoNotTrackHeaderChecker must be made here as well
if((isset($_SERVER['HTTP_X_DO_NOT_TRACK']) && $_SERVER['HTTP_X_DO_NOT_TRACK'] === '1')) {
$header[] = "X-Do-Not-Track: 1";
}
if((isset($_SERVER['HTTP_DNT']) && substr($_SERVER['HTTP_DNT'], 0, 1) === '1')) {
$header[] = "DNT: 1";
}
if (isset($_SERVER['HTTP_COOKIE'])) {
$header[] = "Cookie: " . $_SERVER['HTTP_COOKIE'];
}
$stream_options = array(
'http' => array(
'user_agent' => $user_agent,
'header' => $header,
'timeout' => $timeout,
),
);
if ($DEBUG_PROXY) {
$stream_options['http']['ignore_errors'] = true;
}
if ($NO_VERIFY_SSL) {
$stream_options['ssl'] = array(
'verify_peer' => false,
'verify_peer_name' => false,
);
}
// if there's POST data, send our proxy request as a POST
if (!empty($_POST)) {
$postBody = file_get_contents("php://input");
$stream_options['http']['method'] = 'POST';
$stream_options['http']['header'][] = "Content-type: application/x-www-form-urlencoded";
$stream_options['http']['header'][] = "Content-Length: " . strlen($postBody);
$stream_options['http']['content'] = $postBody;
if(!empty($http_ip_forward_header)) {
$visitIp = getVisitIp();
$stream_options['http']['header'][] = "$http_ip_forward_header: $visitIp";
}
}
if($useFopen) {
$ctx = stream_context_create($stream_options);
if ($DEBUG_PROXY) {
$content = file_get_contents($url, 0, $ctx);
} else {
$content = @file_get_contents($url, 0, $ctx);
}
$httpStatus = '';
if (isset($http_response_header[0])) {
$httpStatus = $http_response_header[0];
$httpResponseHeaders = array_slice($http_response_header, 1);
$httpResponseHeaders = array_map('transformHeaderLine', $httpResponseHeaders);
}
} else {
if(!function_exists('curl_init')) {
throw new Exception("You must either set allow_url_fopen=1 in your PHP configuration, or enable the PHP Curl extension.");
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $stream_options['http']['user_agent']);
curl_setopt($ch, CURLOPT_HTTPHEADER, $stream_options['http']['header']);
curl_setopt($ch, CURLOPT_TIMEOUT, $stream_options['http']['timeout']);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $stream_options['http']['timeout']);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'handleHeaderLine');
if (!empty($stream_options['http']['method'])
&& $stream_options['http']['method'] == 'POST'
) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $stream_options['http']['content']);
}
if (isset($stream_options['ssl']['verify_peer']) && $stream_options['ssl']['verify_peer'] == false) {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
}
if (isset($stream_options['ssl']['verify_peer_name']) && $stream_options['ssl']['verify_peer'] == false) {
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
}
$content = curl_exec($ch);
$httpStatus = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if(!empty($httpStatus)) {
$httpStatus = 'HTTP/1.1 ' . $httpStatus;
}
curl_close($ch);
}
return array(
$content,
$httpStatus,
);
}
function sendHeader($header, $replace = true)
{
headers_sent() || header($header, $replace);
}
function arrayValue($array, $key, $value = null)
{
if (!empty($array[$key])) {
$value = $array[$key];
}
return $value;
}
Write Preview
Loading…
Cancel
Save