Install Matomo with FrankenPHP and MariaDB on Debian Linux

Requirements

apt install mariadb-server gpg

Download

Create /var/www directory if not exist:

mkdir -p /var/www

Download the latest Matomo release:

wget -q https://builds.matomo.org/matomo-latest.tar.gz

Verify the downloaded archive:

wget -q https://builds.matomo.org/matomo-latest.tar.gz.asc

gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F529A27008477483777FC23D63BB30D0E5D2C749

gpg --verify matomo-latest.tar.gz.asc

Should see the Good signature... in the output:

gpg: assuming signed data in 'matomo-latest.tar.gz'
gpg: Signature made Fri 08 Mar 2024 12:36:28 AM CET
gpg:                using RSA key F529A27008477483777FC23D63BB30D0E5D2C749
gpg: Good signature from "Matomo <hello@matomo.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: F529 A270 0847 7483 777F  C23D 63BB 30D0 E5D2 C749

Extract the tar.gz archive:

tar -xf matomo-latest.tar.gz -C /var/www "matomo/"

MariaDB

Setup MariaDB:

mysql_secure_installation

Create the database and the user:

mysql --execute="CREATE DATABASE matomo; GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost' IDENTIFIED BY 'MATOMO_DB_PASSWORD' WITH GRANT OPTION; FLUSH PRIVILEGES;"

FrankenPHP

Install FrankenPHP:

wget -q -O- 'https://gorbe.io/assets/docs/frankenphp/install/frankenphp-install.sh' | bash -x -

Change the owner and the group of the PHP files:

chown -R frankenphp:frankenphp /var/www/matomo/

Configure the Caddyfile :

nano /etc/frankenphp/Caddyfile

{
	frankenphp
	order php_server before file_server

	servers matomo.example.com {
		trusted_proxies static 1.2.3.4
	}
}

matomo.example.com {

	@private-dirs {
		path /config/*
		path /tmp/*
		path /lang/*
	}

	respond @private-dirs 403 {
		close
	}

	root * /var/www/matomo
	php_server
}

systemctl restart frankenphp