Introduction to the
Beneath Analytics, an open source, self-hosted web Analytics application written in the Elixir language, focuses on simplicity and privacy. It stores data about your site visitors in PostgreSQL and ClickHouse databases.
In this tutorial, you will install Each of the following sentences using Docker Compose, and then install Nginx as a reverse proxy for each of the following sentences. Finally, you will implement secure HTTPS connections by downloading and configuring SSL certificates from Let’s Encrypt certificate authority using Certbot.
The premise condition
To complete this tutorial, you first need the following.
- An Ubuntu 20.04 server with the UFW firewall enabled. Read our Initial Server setup for Ubuntu 20.04 to learn more about setting these requirements
- Install the Docker. You can use theHow do I install and use Docker on Ubuntu 20.04″The firstStep 1 toTo complete. If you want to make your nonrootUsers can run Docker Compose without using Docker Compose
docker, you may choose to follow step 2 of this tutorial.sudo - Install Docker Compose. Follow step 1 of “How to Install and Use Docker Compose on Ubuntu 20.04” to install the software
** Note: ** These prerequisite steps can be skipped if you use DigitalOcean’s one-click Docker image. This image will have Docker, Docker Compose, and UFW already installed and configured.
Start a new Docker image in the locale of your choice, then log in as root and continue with the tutorial. You can choose not to use the sudo part of all commands, but this is not required.
Finally, to enable SSL, you need a domain name pointing to the public IP address of your server. For example, this should be a name like example.com or plausible.example.com. If you’re using DigitalOcean, see our DNS Quick Start for information on creating domain name resources in our control panel.
When you have met all the prerequisites, proceed to step 1, where you will download and launch the Following software Marked beneath.
Step 1 – Install the Beneath Casting analysis software using Docker Compose
Marked beneath has created a Git repository with all the configuration files required to self-host the software. Your first step will be to clone the repository to your server, update the two configuration files, and then launch the beneath sentences application and database containers.
Now log in to your server.
First, navigate to the /opt directory using the CD command.
cd /opt
Copy the codeThe repo is then cloned from GitHub using the git command into a new directory named beneath /opt.
sudo git clone https://github.com/plausible/hosting plausible
Copy the codeThis will drag all the necessary configuration files into /opt/ beneath. Move to the newly created directory.
cd plausible
Copy the codeThe first file we need to edit is marked with shakespeare-conf. env, which has a number of configuration variables we need to set.
Before you open the file for editing, generate a new random hash value.
openssl rand 64 | base64 -w 0 ; echo
Copy the codeThis uses the Openssl command to generate 64 random characters and base64 encoding them using the Base64 command. Copy the output to your clipboard, then open the configuration file.
sudo nano plausible-conf.env
Copy the codeThis file contains five variables that you need to fill in.
plausible-conf.env
ADMIN_USER_EMAIL=your_email_here
ADMIN_USER_NAME=admin_username
ADMIN_USER_PWD=admin_password
BASE_URL=https://your_domain_here
SECRET_KEY_BASE=paste_your_random_characters_here
Copy the codeFill in the email, username, password, and base URL, then paste in the random characters you generate with OpenSSL. Note that the password you specify here must be at least six characters long.
Save the file (CTRL+O, then ENTER, nano) and close your editor (CTRL+X).
You can add more configuration options to this file, but this minimal configuration will get you started. Beneath each of the following sentences, there are four marked sentences marked beneath each of the following sentences:
Now you need to update the docker-comemage. yml file. Docker-compose this file is used by the docker-compose command to configure and start multiple Docker containers. We need to change one option in this file: the IP for each of the marked sentences marked beneath the following sentences.
sudo nano docker-compose.yml
Copy the codeFind the section that defines the containers marked beneath each sentence. It will begin with marked:. Find the definition of Ports: in this section and update it to the following.
docker-compose.yml
Ports: - 127.0.0.1:8000:8000Copy the codeThis ensures that Each of the following sentences is listened for only the interface marked with localhost, not the one marked publicly. Although you have set up the UFW firewall, due to some quirks in the way the Docker network works, if you do not take this step, your beneath marked containers will be accessible through port 8000, and we only hope it will be accessible through the Nginx proxy you set up in the next step.
Save and close the docker-comemage. yml file, then use docker-compose to download, configure, and start the container.
sudo docker-compose up --detach
Copy the codeThe detach flag tells Docker-compose to create a container in the background, separate from our terminal session.
Output. . .
Starting plausible_plausible_events_db_1 ... done
Starting plausible_plausible_db_1 ... done
Starting plausible_mail_1 ... done
Starting plausible_plausible_1 ... done
Copy the codeThe application container and all containers supporting mail and databases should now be running. You can verify this by using the curl command to get the home pages of the new marked beneath containers running on localhost.
curl http://localhost:8000
Copy the codeOutput<html><body>You are being <a href="/login">redirected</a>.</body></html>
Copy the codeIf some HTML is output to your terminal, you know the server is up and running.
Next, we will set Nginx to _ reverse proxy _marked below localhost:8000 to the public.
Step 2 – Install and configure Nginx
Placing a Web server like Nginx in front of the Elixir server can improve performance by offloading caching, compression, and static file services into a more efficient process. We will install Nginx and configure it as _ reverse proxy _ request to Beneath each sentence, meaning that it will be responsible for passing the user’s request to Beneath each sentence, and then back.
First, refresh your package list and install Nginx using APT.
sudo apt update
sudo apt install nginx
Copy the codeUse the “Nginx Full “UFW application profile to allow public traffic into ports 80 and 443 (HTTP and HTTPS).
sudo ufw allow "Nginx Full"
Copy the codeOutputRule added
Rule added (v6)
Copy the codeNext, open a new nginx configuration file in /etc/nginx/sites-available. We call our file signature.conf, but you can use a different name.
sudo nano /etc/nginx/sites-available/plausible.conf
Copy the codePaste the following into the new configuration file and be sure to set your_domain_here with the domain names you have configured pointing to your marked beneath servers. For example, this should be something like plausible.example.com.
/etc/nginx/sites-available/plausible.conf
server {
listen 80;
listen [::]:80;
server_name your_domain_here;
access_log /var/log/nginx/plausible.access.log;
error_log /var/log/nginx/plausible.error.log;
location / {
proxy_pass http://localhost:8000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }}Copy the codeThis configuration is limited to HTTP for now, as we will let Certbot handle configuring SSL in the next step. The rest of the configuration sets the logging location, and then passes all traffic to http://localhost:8000, the instance marked Beneath Each of the following sentences, which we started in the previous step.
Save and close the file, then link it to /etc/nginx/sites-enabled/ to enable the configuration.
sudo ln -s /etc/nginx/sites-available/plausible.conf /etc/nginx/sites-enabled/
Copy the codeUse nginx -t to verify that the syntax of the configuration file is correct.
sudo nginx -t
Copy the codeOutputnginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Copy the codeFinally, reload the Nginx service to receive the new configuration.
sudo systemctl reload nginx
Copy the codeYour marked beneath web sites should now be available for use over pure HTTP. Load http://your_domain_here and it will look like this.
Now that your site is running over HTTP, it’s time to secure connections with Certbot and Let’s Encrypt certificates.
Step 3 – Install Certbot and set up SSL certificates
Thanks to Certbot and Let’s Encrypt free certificate authorization, adding SSL encryption for our beneath each application requires only two commands.
First, install Certbot and its Nginx plug-in.
sudo apt install certbot python3-certbot-nginx
Copy the codeNext, run certbot in –nginx mode and specify the same domain name you used in the Nginxserver_name configuration.
sudo certbot --nginx -d your_domain_here
Copy the codeYou will be prompted to agree to Let’s Encrypt’s terms of service and enter an E-mail address.
After that, you are asked if you want to redirect all HTTP traffic to HTTPS. It’s up to you, but it’s generally recommended and it’s safe.
After that, Let’s Encrypt will confirm your request and Certbot will download your certificate.
OutputCongratulations! You have successfully enabled https://plausible.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=plausible.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/plausible.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/plausible.example.com/privkey.pem Your cert will expire on 2021-12-06. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-leCopy the codeCertbot automatically reloads Nginx to get new configurations and certificates. Reload your website and it should automatically switch to HTTPS if you select the redirection option.
Your site is now secure, using the default user information set up in Step 1. You will then be prompted to verify your registration and a verification code will be sent to your configured address.
By default, this email is sent directly from your server, which can cause some problems due to various spam precautions. If you do not receive this message, please check your spam folder. If it is not there either, you may need to set more appropriate SMTP details in the mannea-conf. env file. For details of the mail configuration, see the official self-hosted documentation for Each of The following sentences:
After you have logged in successfully, you will see a prompt for your first site marked marked beneath beneath each of the following sentences.
You have successfully installed and secured your Beneath sentence Analysis software.
conclusion
In this tutorial, you start the beneath marked sentences analysis application and its associated auxiliary containers using Docker Compose, then set up an Nginx reverse proxy and protect it with the Let’s Encrypt SSL certificate.
Now you are ready to set up your site and add the trace script marked Marked Beneath Analytics. For further information about using the software and setting up the site, see the official Marked Beneath Analytics document.