# Class: piwik # =========================== # # Full description of class piwik here. # # Parameters # ---------- # # Document parameters here. # # * `sample parameter` # Explanation of what this parameter affects and what it defaults to. # e.g. "Specify one or more upstream ntp servers as an array." # # Variables # ---------- # # Here you should define a list of variables that this module would require. # # * `sample variable` # Explanation of how this variable affects the function of this class and if # it has a default. e.g. "The parameter enc_ntp_servers must be set by the # External Node Classifier as a comma separated list of hostnames." (Note, # global variables should be avoided in favor of class parameters as # of Puppet 2.6.) # # Examples # -------- # # @example # class { 'piwik': # servers => [ 'pool.ntp.org', 'ntp.local.company.com' ], # } # # Authors # ------- # # Author Name # # Copyright # --------- # # Copyright 2018 Your name here, unless otherwise noted. # class wmdeit_piwik( $source = "https://builds.matomo.org/piwik.zip", $domain, $localnginx = true, $localsql = true, $piwikdbuser = "piwik", $piwikdbname = "piwikdb", $piwikdbpassword = "piwik", $piwikdbhost = "localhost", $ssl = false, $piwiksalt = undef, ) inherits wmdeit_piwik::params { $piwikini = "$wwwdir/piwik/config/config.ini.php" if $localnginx { $fpm_listen = "/tmp/fpm" $fpm_type ="unix:" } service { "$phpfpm_service": ensure => running, require => Package[$packages], subscribe => [Package[$packages],File[$phpfpm_cfg]] } file{"$phpfpm_cfg": ensure => present, content => template ("wmdeit_piwik/php-fpm.conf.erb"), } package { $packages: ensure => installed, require => File["$wwwdir"] } file { "$wwwdir": ensure => directory, } file { "$sourcezip": source => $source, ensure => 'present' } exec {"unzip": command => "$unzipcmd -q $sourcezip && chown -R $wwwuser $wwwdir/piwik", cwd => "$wwwdir", require => [ Package[$packages], File[$sourcezip], File[$wwwdir], ], creates => "$wwwdir/piwik", } -> file{"$piwikini": ensure => file, owner => $wwwuser } -> ini_setting {"$piwikini proxy": ensure => present, section => "General", path => "$piwikini", setting => "browser_archiving_disabled_enforce", value => "1", } if $piwiksalt { ini_setting {"$piwikini salt": ensure => present, section => "General", path => "$piwikini", setting => "salt", value => "\"$piwiksalt\"", require => File["$piwikini"], } } ini_setting {"$piwikini dbhost": ensure => present, section => "database", path => "$piwikini", setting => "host", value => "\"$piwikdbhost\"", require => File["$piwikini"], } ini_setting {"$piwikini dbname": ensure => present, section => "database", path => "$piwikini", setting => "dbname", value => "\"$piwikdbname\"", require => File["$piwikini"], } ini_setting {"$piwikini dbuser": ensure => present, section => "database", path => "$piwikini", setting => "username", value => "\"$piwikdbuser\"", require => File["$piwikini"], } ini_setting {"$piwikini dbpass": ensure => present, section => "database", path => "$piwikini", setting => "password", value => "\"$piwikdbpassword\"", require => File["$piwikini"], } if $ssl { $ssl_redirect = true $ssl_port = 443 $ssl_key = "/etc/ssl/private/wikimedia.de.key" $ssl_cert = "/etc/ssl/certs/wikimedia.de.chained.pem" } if $localnginx { class {"nginx": worker_connections => 4096, multi_accept => 'on', events_use => "$eventmech", server_tokens => 'off', fastcgi_cache_path => "/var/cache/nginx", } # nginx::resource::server { "${domain}_http": # listen_port => 80, # ensure => present, # access_log => "off", # error_log => "off", # server_name => ["$domain"], # server_cfg_append => { # "return" => '301 https://$server_name$request_uri' # } # # } nginx::resource::server { "$domain": ssl_redirect => $ssl, ssl_port => $ssl_port, ssl_key => $ssl_key, ssl_cert => $ssl_cert, server_name => ["$domain"], # listen_port => 443, ensure => present, www_root => "$wwwdir/piwik", access_log => "off", error_log => "off", # ssl => true, server_cfg_append => { "ssl_session_cache" => "shared:SSL:10m", # " ssl_session_timeout" => "10m;" } #include => ["/usr/local/etc/nginx/apps/piwik/piwik.conf"], } file {"$cache_dir": ensure => "directory", owner => "$wwwuser" } nginx::resource::location { "${domain}_x2": ensure => present, server => "$domain", # ssl => true, # ssl_only => true, www_root => "$wwwdir/piwik/", location => '~* ^.+\.(?:css|gif|html?|jpe?g|js|png|swf)$', location_cfg_append=> { open_file_cache => "max=500 inactive=120s", open_file_cache_valid =>"45s", open_file_cache_min_uses => "2", open_file_cache_errors => "off", }, expires => "max", } nginx::resource::location { "${domain}_root": ensure => present, server => "$domain", # ssl => true, # ssl_only => true, www_root => "$wwwdir/piwik/", location => '~ \.php$', index_files => ['index.php', 'index.html', 'index.htm'], proxy => undef, fastcgi => "$fpm_type$fpm_listen", fastcgi_script => undef, # location_cfg_append => { # fastcgi_connect_timeout => '3m', # fastcgi_read_timeout => '3m', # fastcgi_send_timeout => '3m', # fastcgi_cache_valid => "404 1m", # fastcgi_cache_valid => "200 301 5m", # # } } } if $localsql { class {"mysql::server": override_options => { mysqld => { 'innodb_buffer_pool_size' => '2147483648' } } } mysql::db { "$piwikdbname": user => "$piwikdbuser", password => "$piwikdbpassword", host => "$piwikdbhost", grant => ['ALL'], } } cron {"refresh matomo": ensure => present, hour => '*', minute => '*/15', command => "/usr/bin/php $wwwdir/piwik/console core:archive --url https://$domain", user => "$wwwuser" } }