wiki-grav/pages/02.linux/goatcounter/default.en.md
RealStickman afd189e47a Add reasoning for self hosting GoatCounter
For posterity and in case anyone ever asked
2023-03-16 13:54:00 +01:00

3.8 KiB

title visible
GoatCounter true

[toc]

GoatCounter is an Open Source Analytics written in Go.

Why self host?

GoatCounter offers a free hosted version for small and hobby websites.
One issue however occurs when users with an adblocker access the website, as access to external websites is often blocked.
By hosting GoatCounter yourself on a different subdomain, most adblockers will allow the request to go through.

GoatCounter most likely does not require a GDPR consent notice.

Installation

GoatCounter is distributed as a statically compiled binary.
Releases can be found on GitHub

As GoatCounter is a separate binary, I'm using the path /usr/local/bin with a new folder called goatcounter as the destination.
The binary file will be moved after downloading, in order to avoid modifying the systemd service after every update.

mkdir /usr/local/bin/goatcounter
cd /usr/local/bin/goatcounter
wget https://github.com/arp242/goatcounter/releases/download/v2.4.1/goatcounter-v2.4.1-linux-amd64.gz
gzip -d goatcounter-v2.4.1-linux-amd64.gz
mv goatcounter-v2.4.1-linux-amd64 goatcounter

The extracted binary needs to be marked as executable.

chmod +x goatcounter

GoatCounter needs write permissions for the directory it is located in to create its SQLite database on startup.
As I will be using a reverse proxy in front of it, I need to add the following two parameters when executing GoatCounter.

-listen :8888: Set listening Port to 8888 for use with a reverse proxy
-tls http: By default GoatCounter tries to generate a certificate using ACME. This option forces unencrypted HTTP

Run GoatCounter once to generate the necessary database files.

./goatcounter serve -listen :8888 -tls http

Create site

To use GoatCounter, a new site needs to be defined.
You will be prompted for the user password.

-vhost: Domain used for GoatCounter
-user.email: Login email address
./goatcounter db create site -vhost {URL} -user.email {EMAIL}

Systemd Service

Create a service file at /etc/systemd/system/goatcounter.service
The WorkingDirectory option can be changed to control where you want to create the SQLite database file.
Do note, that you will have to specify the database location using -db 'sqlite+{PATH TO DB}.sqlite3 when running the binary directly.

[Unit]
Description=GoatCounter Service
After=network.target

[Service]
Type=simple
WorkingDirectory=/usr/local/bin/goatcounter
ExecStart=/usr/local/bin/goatcounter/goatcounter serve -listen :8888 -tls http

[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable --now goatcounter

Nginx config

server {
    server_name goat.exu.li;

    # Security / XSS Mitigation Headers
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

    location / {
        # Proxy main traffic
        proxy_pass http://172.18.50.105:8888;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
    }

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate_key /etc/acme-sh/goat.exu.li/key.pem;
    ssl_certificate /etc/acme-sh/goat.exu.li/cert.pem;
}

server {
    if ($host = goat.exu.li) {
        return 301 https://$host$request_uri;
    }

    listen 80;
    listen [::]:80;
    server_name goat.exu.li;
    return 404;
}