This post talks about using private web analytics.

This adds a maria db database for matomo.

This adds the matomo service and an nginx service to serve its static files.

This puts it on the analytics sub path here.

I'm configuring matomo to anonymise everything and making the analytics I am recording public.

I end up having to inject this tracking code into the header tag of every page:

<!-- Matomo -->
<script type="text/javascript">
  var _paq = window._paq || [];
  /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
  (function() {
    var u="//";
    _paq.push(['setTrackerUrl', u+'matomo.php']);
    _paq.push(['setSiteId', '1']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
<!-- End Matomo Code -->

I do this using nginx http_sub_module.

For some reason you still have to use ghost code injection to inject matomo into ghost headers.  The nginx sub module isn't working for the root location.

I've set the tracking to be anonomised and given the anonymous user read only access here.