1 files changed, 203 insertions, 0 deletions
diff --git a/content/2021-01-25-goaccess.md b/content/2021-01-25-goaccess.md
new file mode 100644
index 0000000..0eb2461
--- /dev/null
+++ b/content/2021-01-25-goaccess.md
@@ -0,0 +1,203 @@
+---
+title: Using GoAccess with Nginx to replace Google Analytics
+url: using-goaccess-with-nginx-to-replace-google-analytics.html
+date: 2021-01-25T12:00:00+02:00
+type: post
+draft: false
+---
+## Introduction
+I know! You cannot simply replace Google Analytics with parsing access logs and
+displaying a couple of charts. But to be honest, I actually never used Google
+Analytics to the fullest extent and was usually interested in seeing page hits
+and which pages were visited most often.
+I recently moved my blog from Firebase to a VPS and also decided to remove
+Google Analytics tracking code from the site since its quite malicious and
+tracks users across other pages also and is creating a profile of a user, and
+I've had it. But I also need some insight of what is happening on a server and
+which content is being read the most etc.
+I have looked at many existing solutions like:
+- [Umami](https://umami.is/)
+- [Freshlytics](https://github.com/sheshbabu/freshlytics)
+- [Matomo](https://matomo.org/)
+But the more I looked at them the more I noticed that I am replacing one evil
+with another one. Don't get me wrong. Some of these solutions are absolutely
+fantastic but would require installation of databases and something like PHP or
+Node. And I was not ready to put those things on my fresh server. Also having
+Docker installed is out of the question.
+## Opting for log parsing
+So, I defaulted to parsing already existing logs and generating HTML reports
+from this data.
+I found this amazing software [GoAccess](https://goaccess.io/) which provides
+all the functionalities I need, and it's a single binary. Written in Go.
+GoAccess can be used in two different modes.
+![GoAccess Terminal](/assets/goaccess/goaccess-dash-term.png)
+<center><i>Running in a terminal</i></center>
+![GoAccess HTML](/assets/goaccess/goaccess-dash-html.png)
+<center><i>Running in a browser</i></center>
+I, however, need this to run in a browser. So, the second option is the way to
+go. The Idea is to periodically run cronjob and export this report into a folder
+that gets then server by Nginx behind a Basic authentication.
+## Getting Nginx ready
+I choose Ubuntu on [DigitalOcean](https://www.digitalocean.com/). First I
+installed [Nginx](https://nginx.org/en/), and
+[Letsencrypt](https://letsencrypt.org/getting-started/) certbot and all the
+necessary dependencies.
+```sh
+# log in as root user
+sudo su -
+# first let's update the system
+apt update && apt upgrade -y
+# let's install
+apt install nginx certbot python3-certbot-nginx apache2-utils
+```
+After all this is installed we can create a new configuration for a statistics. 
+Stats will be available at `stats.domain.com`.
+```sh
+# creates directory where html will be hosted
+mkdir -p /var/www/html/stats.domain.com
+cp /etc/nginx/sites-available/default /etc/nginx/sites-available/stats.domain.com
+nano /etc/nginx/sites-available/stats.domain.com
+```
+```nginx
+server {
+  root /var/www/html/stats.domain.com;
+  server_name stats.domain.com;
+  index index.html;
+  location / {
+    try_files $uri $uri/ =404;
+  }
+}
+```
+Now we check if the configuration is ok. We can do this with `nginx -t`. If all
+is ok, we can restart Nginx with `service nginx restart`.
+After all that you should add A record for this domain that points to IP of a
+droplet.
+Before enabling SSL you should test if DNS records have propagated with `curl
+stats.domain.com`.
+Now, it's time to provision TLS certificate. To achieve this, you execute
+command `certbot --nginx`. Follow the wizard and when you are asked about
+redirection always choose 2 (always redirect to HTTPS).
+When this is done you can visit https://stats.domain.com and you should get 404
+not found error which is correct.
+## Getting GoAccess ready
+If you are using Debian like system GoAccess should be available in repository.
+Otherwise refer to the official website.
+```sh
+apt install goaccess
+```
+To enable Geo location we also need one additiona thing.
+```sh
+cd /var/www/html/stats.stats.com
+wget https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-City.mmdb
+```
+Now we create a shell script that will be executed every 10 minutes.
+```sh
+nano /var/www/html/stats.domain.com/generate-stats.sh
+```
+Contents of this file should look like this.
+```sh
+#!/bin/sh
+zcat -f /var/log/nginx/access.log* > /var/log/nginx/access-all.log
+goaccess \
+  --log-file=/var/log/nginx/access-all.log \
+  --log-format=COMBINED \
+  --exclude-ip=0.0.0.0 \
+  --geoip-database=/var/www/html/stats.domain.com/GeoLite2-City.mmdb \
+  --ignore-crawlers \
+  --real-os \
+  --output=/var/www/html/stats.domain.com/index.html
+rm /var/log/nginx/access-all.log
+```
+Because after a while nginx creates multiple files with access logs we use
+[`zcat`](https://linux.die.net/man/1/zcat) to extract Gziped contents and create
+a file that has all the access logs. After this file is used we delete it.
+If you want to exclude your home IP's result look at the `--exclude-ip` option
+in script and instead of `0.0.0.0` add your own home IP address. You can find
+your home IP by executing `curl ifconfig.me` from your local machine and NOT
+from the droplet.
+Test the script by executing `sh
+/var/www/html/stats.domain.com/generate-stats.sh` and then checking
+`https://stats.domain.com`. If you can see stats instead of 404 than you are
+set.
+It's time to add this script to cron with `cron -e`.
+```go
+*/10 * * * * sh /var/www/html/stats.domain.com/generate-stats.sh
+```
+## Securing with Basic authentication
+You probably don't want stats to be publicly available, so we should create a
+user and a password for Basic authentication.
+First we create a password for a user `stats` with `htpasswd -c /etc/nginx/.htpasswd stats`.
+Now we update config file with `nano
+/etc/nginx/sites-available/stats.domain.com`.  You probably noticed that the
+file looks a bit different from before. This is because `certbot` added
+additional rules for SSL.
+Your location portion the config file should now look like. You should add
+`auth_basic` and `auth_basic_user_file` lines to the file.
+```nginx
+location / {
+  try_files $uri $uri/ =404;
+  auth_basic "Private Property";
+  auth_basic_user_file /etc/nginx/.htpasswd;
+}
+```
+Test if config is still ok with `nginx -t` and if it is you can restart Nginx
+with `service nginx restart`.
+If you now visit `https://stats.domain.com` you should be prompted for username
+and password. If not, try reopening your browser.
+That is all. You now have analytics for your server that gets refreshed every 10
+minutes.

diff --git a/content/2021-01-25-goaccess.md b/content/2021-01-25-goaccess.md new file mode 100644 index 0000000..0eb2461 --- /dev/null +++ b/content/2021-01-25-goaccess.md
@@ -0,0 +1,203 @@
	1	---
	2	title: Using GoAccess with Nginx to replace Google Analytics
	3	url: using-goaccess-with-nginx-to-replace-google-analytics.html
	4	date: 2021-01-25T12:00:00+02:00
	5	type: post
	6	draft: false
	7	---
	8
	9	## Introduction
	10
	11	I know! You cannot simply replace Google Analytics with parsing access logs and
	12	displaying a couple of charts. But to be honest, I actually never used Google
	13	Analytics to the fullest extent and was usually interested in seeing page hits
	14	and which pages were visited most often.
	15
	16	I recently moved my blog from Firebase to a VPS and also decided to remove
	17	Google Analytics tracking code from the site since its quite malicious and
	18	tracks users across other pages also and is creating a profile of a user, and
	19	I've had it. But I also need some insight of what is happening on a server and
	20	which content is being read the most etc.
	21
	22	I have looked at many existing solutions like:
	23
	24	- [Umami](https://umami.is/)
	25	- [Freshlytics](https://github.com/sheshbabu/freshlytics)
	26	- [Matomo](https://matomo.org/)
	27
	28	But the more I looked at them the more I noticed that I am replacing one evil
	29	with another one. Don't get me wrong. Some of these solutions are absolutely
	30	fantastic but would require installation of databases and something like PHP or
	31	Node. And I was not ready to put those things on my fresh server. Also having
	32	Docker installed is out of the question.
	33
	34	## Opting for log parsing
	35
	36	So, I defaulted to parsing already existing logs and generating HTML reports
	37	from this data.
	38
	39	I found this amazing software [GoAccess](https://goaccess.io/) which provides
	40	all the functionalities I need, and it's a single binary. Written in Go.
	41
	42	GoAccess can be used in two different modes.
	43
	44	![GoAccess Terminal](/assets/goaccess/goaccess-dash-term.png)
	45	<center><i>Running in a terminal</i></center>
	46
	47	![GoAccess HTML](/assets/goaccess/goaccess-dash-html.png)
	48	<center><i>Running in a browser</i></center>
	49
	50	I, however, need this to run in a browser. So, the second option is the way to
	51	go. The Idea is to periodically run cronjob and export this report into a folder
	52	that gets then server by Nginx behind a Basic authentication.
	53
	54	## Getting Nginx ready
	55
	56	I choose Ubuntu on [DigitalOcean](https://www.digitalocean.com/). First I
	57	installed [Nginx](https://nginx.org/en/), and
	58	[Letsencrypt](https://letsencrypt.org/getting-started/) certbot and all the
	59	necessary dependencies.
	60
	61	```sh
	62	# log in as root user
	63	sudo su -
	64
	65	# first let's update the system
	66	apt update && apt upgrade -y
	67
	68	# let's install
	69	apt install nginx certbot python3-certbot-nginx apache2-utils
	70	```
	71
	72	After all this is installed we can create a new configuration for a statistics.
	73	Stats will be available at `stats.domain.com`.
	74
	75	```sh
	76	# creates directory where html will be hosted
	77	mkdir -p /var/www/html/stats.domain.com
	78
	79	cp /etc/nginx/sites-available/default /etc/nginx/sites-available/stats.domain.com
	80	nano /etc/nginx/sites-available/stats.domain.com
	81	```
	82
	83	```nginx
	84	server {
	85	root /var/www/html/stats.domain.com;
	86	server_name stats.domain.com;
	87
	88	index index.html;
	89	location / {
	90	try_files $uri $uri/ =404;
	91	}
	92	}
	93	```
	94
	95	Now we check if the configuration is ok. We can do this with `nginx -t`. If all
	96	is ok, we can restart Nginx with `service nginx restart`.
	97
	98	After all that you should add A record for this domain that points to IP of a
	99	droplet.
	100
	101	Before enabling SSL you should test if DNS records have propagated with `curl
	102	stats.domain.com`.
	103
	104	Now, it's time to provision TLS certificate. To achieve this, you execute
	105	command `certbot --nginx`. Follow the wizard and when you are asked about
	106	redirection always choose 2 (always redirect to HTTPS).
	107
	108	When this is done you can visit https://stats.domain.com and you should get 404
	109	not found error which is correct.
	110
	111	## Getting GoAccess ready
	112
	113	If you are using Debian like system GoAccess should be available in repository.
	114	Otherwise refer to the official website.
	115
	116	```sh
	117	apt install goaccess
	118	```
	119
	120	To enable Geo location we also need one additiona thing.
	121
	122	```sh
	123	cd /var/www/html/stats.stats.com
	124	wget https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-City.mmdb
	125	```
	126
	127	Now we create a shell script that will be executed every 10 minutes.
	128
	129	```sh
	130	nano /var/www/html/stats.domain.com/generate-stats.sh
	131	```
	132
	133	Contents of this file should look like this.
	134
	135	```sh
	136	#!/bin/sh
	137
	138	zcat -f /var/log/nginx/access.log* > /var/log/nginx/access-all.log
	139
	140	goaccess \
	141	--log-file=/var/log/nginx/access-all.log \
	142	--log-format=COMBINED \
	143	--exclude-ip=0.0.0.0 \
	144	--geoip-database=/var/www/html/stats.domain.com/GeoLite2-City.mmdb \
	145	--ignore-crawlers \
	146	--real-os \
	147	--output=/var/www/html/stats.domain.com/index.html
	148
	149	rm /var/log/nginx/access-all.log
	150	```
	151
	152	Because after a while nginx creates multiple files with access logs we use
	153	[`zcat`](https://linux.die.net/man/1/zcat) to extract Gziped contents and create
	154	a file that has all the access logs. After this file is used we delete it.
	155
	156	If you want to exclude your home IP's result look at the `--exclude-ip` option
	157	in script and instead of `0.0.0.0` add your own home IP address. You can find
	158	your home IP by executing `curl ifconfig.me` from your local machine and NOT
	159	from the droplet.
	160
	161	Test the script by executing `sh
	162	/var/www/html/stats.domain.com/generate-stats.sh` and then checking
	163	`https://stats.domain.com`. If you can see stats instead of 404 than you are
	164	set.
	165
	166	It's time to add this script to cron with `cron -e`.
	167
	168	```go
	169	/10 * * * sh /var/www/html/stats.domain.com/generate-stats.sh
	170	```
	171
	172	## Securing with Basic authentication
	173
	174	You probably don't want stats to be publicly available, so we should create a
	175	user and a password for Basic authentication.
	176
	177	First we create a password for a user `stats` with `htpasswd -c /etc/nginx/.htpasswd stats`.
	178
	179	Now we update config file with `nano
	180	/etc/nginx/sites-available/stats.domain.com`. You probably noticed that the
	181	file looks a bit different from before. This is because `certbot` added
	182	additional rules for SSL.
	183
	184	Your location portion the config file should now look like. You should add
	185	`auth_basic` and `auth_basic_user_file` lines to the file.
	186
	187	```nginx
	188	location / {
	189	try_files $uri $uri/ =404;
	190	auth_basic "Private Property";
	191	auth_basic_user_file /etc/nginx/.htpasswd;
	192	}
	193	```
	194
	195	Test if config is still ok with `nginx -t` and if it is you can restart Nginx
	196	with `service nginx restart`.
	197
	198	If you now visit `https://stats.domain.com` you should be prompted for username
	199	and password. If not, try reopening your browser.
	200
	201	That is all. You now have analytics for your server that gets refreshed every 10
	202	minutes.
	203