Help with nginx & certbot set up

General questions
1

Hi everyone.

My set up is this:

  • Serving 3 low traffic ghost blogs from a VPS
  • I would like to run Matomo on the same VPS
  • The ghost blogs were set up using ghost-cli install which handles nginx configs, generating certificates etc.

I now need to manually generate certificates for my matomo domain (matomo.newdomain.com), creating nginx conf file(s) and a data directory at /etc/

This is what I think I need to do:

  1. Make a data directory for matomo at var/www/matomo
  2. Generate nginx config files for matomo at /etc/nginx/sites-enabled/matomo.newdomain.com.conf and /etc/nginx/sites-enabled/matomo.newdomain.com-ssl.conf

I’m a little confused at what I need to do exactly - especially when it comes to generating certificates using certbot or something else. I plan to follow the “getting started” instructions (here)[https://github.com/matomo-org/matomo-nginx]:

  • clone this repostitory then move its content to /etc/nginx/ (or wherever you store your nginx-config)
  • read through the sites-available/matomo.conf and modify the settings to fit your use case:
    • set server_name to the domain(s) of your Matomo instance
    • set the path to your SSL certificate (I really recommend you to make sure your Matomo instance is only reachable via HTTPS. If you don’t have an SSL certificate for your domain yet, check out Let’s Encrypt)
    • do you want to support old browsers? Then you’ll need to modify ssl.conf according to your need.
    • replace /var/www/matomo/ with the path to your Matomo instance
  • configure PHP (this depends on your OS and PHP setup)
    • if you are using fastcgi (which is probably the case) set fastcgi_pass to the path of your PHP socket file
    • you can also specify a TCP port
  • go to the sites-enabled folder of your nginx config directory
  • enable the Matomo config by creating a symlink: sudo ln -s ../sites-available/matomo.conf
  • test if there is a syntax error in your config: sudo nginx -t
  • restart nginx: sudo systemctl restart nginx

But my questions are:

  1. Is this the correct procedure to follow in my situation?
  2. What are the steps to generate a certificate to put in the nginx conf?
  3. For Matomo’s database set up, can I just copy the sql host (“localhost”) from my ghost config file and create a new db user and database for matomo?

Thank you :slight_smile: