Installing Piwik for Website Visitor Tracking on Apache



Okay so I have been using Piwik for about a year now and find it to be  flawless so I thought I’d do a write up about it.

From the Piwik website: Piwik is the leading open source web analytics platform that give s you valuable insights into your website’s visitors, your marketing campaigns and much more, so you can optimize your strategy and online experience of your visitors.



This is assuming the following is already configured:

  • A valid public domain
  • The said public domain has A records pointing to a publicly visible Apache web server
  • The said Apache web server has a valid vhost configuration for said domain
  • The said Apache web server has PHP 5.5 or greater installed and working
  • The said Apache server has internet access to download files
  • The said web server has mySQL installed and configured correctly

Configuring Apache

Create a directing for the Piwik install, I will be using as an example domain

mkdir -p /var/www/vhosts/

Download Piwik

cd /var/www/vhosts/

Install Unzip (if not installed)

apt-get install unzip

Unzip the contents of the zip file

unzip -d ../

Change ownership and permissions

chown -R www-data:www-data /var/www/vhosts/
chmod -R 0755 /var/www/vhosts/
chmod -R 0755 /var/www/vhosts/
chmod -R 0755 /var/www/vhosts/
chmod -R 0755 /var/www/vhosts/
chmod -R 0755 /var/www/vhosts/
chmod -R 0755 /var/www/vhosts/

Configuring mySQL

Note1: Do not use the “mysql>” at the beginning of the command, that is just to indicate you are in mysql command prompt.

Note2: mySQL commands require a “;” at the end of the command

Log into mySQL

mysql -u root -p

Create  a new database

mysql> CREATE DATABASE piwik;

Use the database

mysql> USE piwik;

Create a user

mysql> CREATE USER 'piwik'@'localhost' IDENTIFIED BY 'password123';

Grant permissions for the piwik account to the piwik database (don’t use password123)


Finish Install

Browse to the Piwik installation using your browser (I am using Install Step 1


Select “Next”


Make sure everything has green ticks next to them and click “Next”Piwik Install Step 2

Leave the database server as

Type in the username

Type in the password

Type in the database name


Click “Next”

Piwik Install Step 3


Ensure tables are created and click “Next”Piwik Install Step 4

Type in the desired admin login name, password and email address and press “Next”Piwik Install Step 5

Type in the website name, URL, time zone and whether or not it is a ecommerce site or not and then press “Next”

Piwik Install Step 6


Take a copy of the Javascript tracking code and select “Next”Piwik Install Step 7


Click on “Continue to Piwik” to continuePiwik Install Step 8


If prompted, upgrade databasePiwik Install Step 9


I recommend donating using the secure PayPal feature, select “Continue to Piwik”Piwik Install Step 10

Sign in to start using PiwikPiwik_Sign_In

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Apple Mac Native VPN Drops Cisco IPSec VPN Connections


When using the Mac OS X (currently 10.9.4) native VPN client to connect over VPN to a Cisco device you might find it disconnects every 45 to 60 minutes without any warning and no attempt to redial to the VPN server. If you are like me and have a lot of sessions running, reconnecting them all again can be a real pain and that’s not even considering the transfers that also terminate and have to be restarted.

I was surprised to find this has been a “bug” for a while now, there does seem to be a fix but it’s designed for people that know Linux somewhat..

Here is how I solved the problem:

1. Connect to the VPN (this generates a file)

2. Copy the generated conf file to /etc/racoon

sudo cp /var/run/racoon/ /etc/racoon

3. Edit the racoon file (I’m using vi but you could use vim or nano)

sudo vi /etc/racoon/racoon.conf

4. At the end of the file comment out the following line:

include "/var/run/racoon/*.conf";

It should look like this:

# include "/var/run/racoon/*.conf";

5. Add the following line (Change to the IP address of your VPN server)

include "/etc/racoon/";

Save and close

6. Edit the following file /etc/racoon/ (change to the ip address of your VPN server)

sudo vi /etc/racoon/

7. Disable dead peer detection by changing the value to “0”:

dpd_delay 0;

8. Change proposal check from “obey” to “claim”

proposal_check claim;

9. Change the proposed lifetime in each proposal from 3600 to 86400 (24 hours):

lifetime time 86400;

Note: Change them all, not just one!

10. Disconnect and reconnect

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Set up Apache as a reverse proxy using mod_proxy


Okay so I love Apache and at every chance I will use it over Microsoft IIS or any other web serving service, unless a specific application is only written for Microsoft IIS – such as (Citrix Web Interface) !!

So in the case of only having one public IP and Citrix Web Interface behind it but wanting to host on Apache, I had to set up an Apache box to proxy all traffic for a certain domain name to the IIS box. Did I explain that well, probably not, … lets draw a picture!

Apache mod_proxy


Apache mod_proxy

mod_proxy is the Apache module for redirecting web pages, it isn’t just one module but rather a collection of them:

  • mod_proxy
  • modproxyhttp
  • modproxyftp
  • modproxyconnect
  • modproxyajp
  • modproxywstunnel
  • modproxywstunnel
  • modproxybalancer
  • mod_cache
  • mod_headers
  • mod_deflate

Installing Apache mod_proxy

This assumes you have Apache installed and running, if not just run the following to install:

apt-get update && apt-get upgrade
apt-get install apache2

Install Essential Build Tools

The package is required to install from source code

apt-get install -y build-essential

Install Module and Dependancies

apt-get install -y libapache2-mod-proxy-html libxml2-dev

Activating the Modules

We need to enable the necessary modules before configuring Apache, to check to see what modules are available, run the following:


Input the following modules to load:

proxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_htmla2enmod


Restart Apache

service apache2 restart

Configuring Apache vHosts for mod_proxy

In this example I will be using “” to a webserver at as a domain and IP to get mod_proxy to redirect to, you will need to change this to suit your needs.

Create a vhost

vi /etc/apache2/sites-available/

Copy and paste the following into the conf file

<VirtualHost *:80>
 ProxyPreserveHost On
 ProxyPass /

Save and quit (:wq)

Enable Site

Enable the site by running the following:


Restart Apache

Finally, restart Apache web server

service apache2 reload

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Using a Cisco router with Telstra FTTH Velocity Service


I recently got fibre to the home (FTTH) or as some other people like to call fibre to the premise (FTTP) thanks to Telstra and their Velocity service. Now is is quite straight forward, someone comes out and connect activates the ONT unit. In my case the fibre is terminated at the ONT unit and then patched to the lounge courtesy of CAT5E running into every room in the apartment. From there I was able to patch from the lounge straight to bedroom 1 (b1) and from there to the router (it sounds complicated but its not). Now from my learnings there are two ways to connect, both requiring PPPOE authentication, you can either set up a new connection on a Windows 7 machine (or other flavours of Windows) and create a PPPOE dialer or you can connect a PPPOE capable router and pass credentials that way.

Telstra Fibre Router

Why am I writing this post you ask…. well it has to do with the learnings I stumbled upon while connecting my Cisco 1801 series router and wish to share my experiences, even if they are not the same as yours you might find this useful in troubleshooting your own connection.

I’m not sure about the Australian National Broadband Network (NBN) connection but could have some relevancy to this >>

Telstra OTP

Turn on terminal monitor

term mon

Turn on ppp debugging (this will show you when the dialer is trying to auth)

debug ppp authentication

First off, you don’t need the ATM interface if you have a config already set up for DSL so first thing is to disable the ATM interface

conf t
int atm0

You will need a dialer interface, I have mine set up as “Dialer0” with the following (using CHAP)

interface Dialer0
 description Velocity
 ip address negotiated
 no ip redirects
 no ip proxy-arp
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname [email protected]
 ppp chap password pa55w0rd

Note “dialer-group 1”

Now we have to assign the Dialer0 to the interface, depending on your Cisco product and IOS version is dependant on what you do here but for me I had to create a vlan and assign the vlan to the layer 2 interface (FastEthernet8) in my case.

conf t
int fa8
switchport access vlan 999

If you don’t have the vlan 999 created, it will create it for you (it doesn’t need to be vlan 999 but any number you aren’t using).

Now you have to enable pppoe and assign the dialer pool number in the vlan (note my dialer pool number is 1) and assign as a outside natting interface.

conf t
int vlan 999
ip nat outside
pppoe enable
pppoe-client dialer-pool-number 1

Check your interfaces to see if it is connected

conf t
sh ip int brief

A more complete configuration example would be the following:

NOTE: This is for a Cisco router that has eight ports, you will need to add/remove depending on physical ethernet ports.

hostname Cisco
ip name-server
ip name-server
interface Dialer0
 description PPPOE-Velocity
 ip address negotiated
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname [email protected]
 ppp chap password pa55w0rd
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
interface FastEthernet5
interface FastEthernet6
interface FastEthernet7
interface FastEthernet8
 description FTTP
 switchport access vlan 999
interface Vlan999
 ip address negotiated
 ip nat outside
 pppoe enable
 pppoe-client dialer-pool-number 1
banner login ^C
* WARNING !!! *
* This device is for the use of *
* authorised users only. *
* Unauthorised access or attempt *
* to gain unauthorised access *
* will be logged and reported to *
* the authorities *
alias exec ct config t
alias exec wr copy running-config startup-config

Change the following for your own circumstances:

  • PPP CHAP username and password
  • Type and amount of Ethernet ports, could be only two or four ports and maybe Gigabit Ethernet instead (GigabitEthernet).

You should be able to add your nats and anything else you require for your inside LAN, I added some alias but you don’t need them.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

How to set up a email server using Postfix, Dovecot and Roundcube on Linux Debian


Domain and Records

Before you start anything, you need a domain. If you don’t have one, purchase one.

Because it takes time to replicate the records, you need to start this processes first.

You will need to create A records for the domain, I created the following:

  • @
  • www
  • mail
  • smtp
  • imap
  • webmail

I have them all pointing to the same IP address but for the purpose of using different addresses for each service makes it

You will also need to point the MX record of the domain to the public facing IP address of the Linux box (and set up any natting if required).

Platform Set Up

I am assuming you already have a working Linux installation, for my set up I am using Linux Debian 7 (Wheezy) kernel version 2.6.32-042 Stable 64bit.

There are various ways you can set this up, for my set up I will be using a single server for handling the mail, presenting the webmail and holding the mySQL database. You can separate these functions out to different servers depending on the load requirements and underlying infrastructure.

Make sure your system is up-to-date by running the following command:

apt-get update
apt-get upgrade


This is how the whole solution hangs together. It makes sense to me, hopefully it will make sense to you at least by the time you finish reading this tutorial.Mail Hosting Design


MBox vs MailDir

The Unix world has two ways of storing mail messages, the traditional mbox format and the newer maildir format. Postfix and Dovecot supports the two mail storage format so you can use any format, but I highly recommend you use the maildir format.

For the purpose of this tutorial I will be setting it up with maildir, for me the main purpose of this was to allow subfolders to be created in the mailbox (mbox doesn’t allow this no matter how much I tried!)

I won’t explain how mbox works but I will explain how Maildir does:

Receiving and storing a mail

  1. Create a unique file in the tmp directory
  2. Write the mail into the newly created file
  3. Move the completely written mail into the new directory

Retrieving a mail

  1. Locate and read the mail
  2. Move the mail from new into the cur directory and append the mail status flag into the filename

Deleting a mail

  1. Delete the file containing the mail

Searching a mail

  1. Search each and every mail file


  • Locating, retrieving and deleting a specific mail is fast
  • Minimal to no file locking is needed
  • Can be used on a network file system
  • Immune to mailbox corruption assuming hardware will not fail


  • Some filesystems may not efficiently handle a large number of small files
  • Searching text is slow due to all mail files to be opened.

SSL Certificate

Don’t get mistaken, if you don’t have a SSL certificate from a certified certificate authority then you can still use a self signed one. For this tutorial we   are going to assume the certificate is saved in /etc/ssl/certs/mailcert.pem and the key is saved in /etc/ssl/private/mail.key. Make sure the key is only readable by the root user!

Create a self signed certificate

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mail.key -out /etc/ssl/certs/mailcert.pem

Fill in the details

Example only:

Generating a 2048 bit RSA private key
writing new private key to 'mail.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]: AU
State or Province Name (full name) [Some-State]: QLD
Locality Name (eg, city) []: Sydney
Organization Name (eg, company) : My Company Name
Organizational Unit Name (eg, section) []: IT Dept
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []: [email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Note that this way you cannot create a certificate valid for more than one domain using the subjectAltName field without some additional work.

Check to see if the certs are created:

ls /etc/ssl/certs/mailcert.pem
ls /etc/ssl/private/mail.key


Remove packages

If you are using Debian there is a default MTA on Debian called exim4, you need to remove this or it will conflict with the port mappings.

apt-get remove exim4

Install Postfix

Install Postfix

apt-get install postfix

Stop Postfix

postfix stop

Postfix manages it’s own daemons so the following commands work to manage Postfix

  • postfix start
  • postfix stop
  • postfix reload

Configuring Postfix

Postfix has two configuration files

  1. /etc/postfix/ = configuration of services Postfix should run on
  2. /etc/postfix/ = configuration options
vi /etc/postfix/

Add the following into the, this will take mail from trusted clients for delivery to broader internet, this restricts unauthorised users.

submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_wrappermode=no
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth

The “-o” options override the settings that are taken from defaults.


It is better to start with a clean slate so make a copy of the first

cp /etc/postfix/ /etc/postfix/


rm /etc/postfix/

Create a new file

vi /etc/postfix/

Copy the following into the file

myhostname =
myorigin = /etc/mailname
mydestination =,, localhost, localhost.localdomain
relayhost =
mynetworks = [::ffff:]/104 [::1]/128
home_mailbox = Maildir/
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

Change the following lines to reflect your domain:

  • myhostname =
  • mydestination =

Check /etc/mailname file and ensure the correct FQDN is there eg:

With mydestination, just change the first two.

Ensure the host name of the service is specified in /etc/mailname; if you have used the same A records then use the “mail” one unless you have specific requirements not to.

The purpose of “mydestination” sets the domains postfix accepts emails for.

Leaving “relayhost” empty disables Postfix from being used as a relaying server.

In the same file ( you need to specify alias maps, enter the following lines:

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

We need to also specify SSL settings, enter the following after alias maps in

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_protocols = !SSLv2, !SSLv3

Furthermore to the file is to add a line to enable Postfix to reject email to users that cannot be found in the table which in this case, is the aliases table.


Aliases are defined in the /etc/aliases file to tell Postfix what email addresses to accept; for example:

SMTP RFC 5321 mandates that any publicly accessible mail server that accepts any mail at all must also accept mail to the following addresses:

  • postmaster
  • hostmaster
  • abuse
  • webmaster

You can set up redirects from those email accounts to a specific user by adding in the aliases file “root: user” (user being the email address of a user).

mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
webmaster: root
abuse: root
root: user1
user1: user1

After updating aliases you must update the aliases database by issuing the following command:



Install Dovecot

apt-get install dovecot-core dovecot-imapd

Configuring Dovecot

Clearing out the configuration file is best for this too

cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig
rm /etc/dovecot/dovecot.conf
vi /etc/dovecot/dovecot.conf

Add the following:

disable_plaintext_auth = no
mail_privileged_group = mail
mail_location = maildir:~/Maildir:LAYOUT=fs
userdb {
  driver = passwd
passdb {
  args = %s
  driver = pam
protocols = " imap"

This enables plaintext authentication (the plain text is tunnelled through TLS) and tells Dovecot to use the “mail” system group for accessing local mailboxes and uses Unix authentication system to autenticate users and enable imap only.

It’s probably best to have Dovecot automatically create the Draft, Junk, Trash, Sent folders so add the following to the dovecot.conf file:

protocol imap {
  mail_plugins = " autocreate"
plugin {
  autocreate = Draft
  autocreate2 = Junk
  autocreate3 = Trash
  autocreate4 = Sent
  autosubscribe = Draft
  autosubscribe2 = Junk
  autosubscribe3 = Trash
  autosubscribe4 = Sent

We need to open a socket that Postfix can use to piggy-back on Dovecot’s authentication, add the following in dovecot.conf

service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix

Also configure SSL by adding the following into dovecot.conf

ssl_cert =</etc/ssl/certs/mailcert.pem
ssl_key =</etc/ssl/private/mail.key

Start Processes

This should be it, execute the following to start Postfix and Dovecot

postfix start
service dovecot restart


You don’t have to do this but it is good to see it all working, create two users:

adduser user1

Add the users into aliases

vi /etc/aliases
user1: user1

Recreate aliases database


Send an email to user1 and user2

Log into user1

su - user1

Check mail for user1

cat /var/mail/user1

You should be able to connect IMAP clients such as Outlook or Apple iPhone clients. If you created the same A records as mine then you should use the following settings:

incoming mail server: (SSL on port 993)
user: user1
password: what ever password you specified
outgoing mail server: (SSL on port 587)

If this isn’t working out so far, re-read the instructions above, if that fails I have added a troubleshooting section at the end of this post.


Okay, if all is going well at this point, then lets install Roundcube.  If you prefer using a different webmail solution or if you wish not to use one then skip this step.

Roundcube is ajax driven webmail solution that runs on a typical LAMPP stack. There are customisable skins (two pre-installed) that use the latest web standards (XHTML and CSS 2)

If Apache, mySQL and PHP isn’t installed, follow the steps

Install Apache2

apt-get install apache2

Install mySQL

apt-get install mysql-server

You will need to specify a mysql root password, make this secure and save in a password manager – you will need this later

Install PHP 5

apt-get install php5 libapache2-mod-php5 php5-mysql

Restart Apache

/etc/init.d/apache2 restart

An example only:

Change to root folder

cd /root

Extract the archive out (install tar if not already installed)

tar xvf roundcubemail-1.1.1-complete.tar.gz

Install additional packages

apt-get install php5-mcrypt
apt-get install php5-intl

Configure time zone in Apache

vi /etc/php5/apache2/php.ini

Change the following line to a time zone specific to your location

Okay, so that is the base for Roundcube to be installed on, now you have to configure a vhost for Apache which can be followed using this process. I recommending using the A record webmail for your vhost and locating it in the /var/www/vhosts directory.

Create a folder for Roundcube to be installed

mkdir -p /var/www/vhosts/

Copy the Roundcube files to the vhost location (my example is Roundcube version 1.0.2)

mv /root/roundcubemail-1.1.1/* /var/www/vhosts/


You will need to create a new database and grant privileges to it for a local mySQL account using the steps below. If you require further mySQL commands.

Log into mySQL

mysql -u root -p

Use the password you specified earlier when installing mySQL

Create a database


Grant privileges

GRANT ALL PRIVILEGES ON roundcube.* TO [email protected] IDENTIFIED BY 'password';

Change the ‘password’ to something secure

Flush privileges


Exit mySQL command line interface


Launch Roundcube Installer

So, if that is all set up correctly you should have a Apache, PHP and mySQL installed with a database ready to be used.

Go to the following address to run the Roundcube installer

Follow the prompts

If everything works out you should be able to go to your new webmail console at

Roundcube Webmail

Roundcube Plugins

So if you are using the Roundcube webmail you will find a basic web mailing features. If you desire more than that then you can install a multitude of plugins to add certain functionality.

Roundcube Security

Change the encryption key in the file to a new 24 character string

vi /var/www/vhosts/

Find the string:

$config['des_key'] = 'some24bitstring'

Message Attachment Size Limit


By default, Postfix limits the file attachment size to 10 megabytes. You can can this by executing the following:

postconf -e 'message_size_limit = 102400000'

This limits file sizes from 10M to 100M (This is not recommended if you don’t have a good internet connection on the server)


Once you have changed the attachment size in Postfix, you might want to change it in Roundcube

Make a backup of php.ini first

vi /etc/php5/apache2/php.ini

Search for the following two lines:

post_max_size =
upload_max_filesize =

Change the values to your desired size.

Restart Apache for settings to take effect

/etc/init.d/apache2 restart


To see any problems with the setup

tail -f /var/log/syslog


tail -f /var/log/mail.log

To see the mail queue in Postfix


To clear the mail queue

postsuper -d ALL

Location mail is stored:

For root:


For users:


If you cannot see mail in the web mail client, browse to the Maildir directory for the user and see if you see any files in the cur folders

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.