Installing AWStats on MIAB

Having only static pages available makes it harder to integrate tracking solutions to analyse website visitors. In line with my philosophy to privacy concerns I’ve chosen to implement a simple solution that runs on the server itself that isn’t very intrusive to the users as well: AWStats.

The setup is to generate static html reports on the usage of the websites you host by analysing the logfiles generated by nginx. The static websites are hosted on the same box in a separate directory or a subdomain. Optionally you can restrict access to the statistics, I’ve included a basic authentication configuration to access. Feel free to use it, leave it out or even include a better solution. I’ve not included any Geo-ip tracking which is possible with additional configuration and packages.

As far as I can tell at the moment this setup will not interfere with MAIB configuration for 99%. The only affected area might be the logrotate configuration which could be affected by an update from nginx.

install AWStats

This is the simplest part of the setup, just run: sudo apt install awstats

Configure Nginx

To proces the logfile for each site we need to split them out. MIAB has configured nginx to log everything to a single file which does not work for AWStats. You only need to configure the domains you want to include in your AWStats reporting.

Create an example.com.conf file (where example.com should be replaced by the domain name you would like to include) in the location /home/user-data/www with the following content:

access_log /var/log/nginx/example.com.access.log;

(again, replace example.com with your own domain name). Repeat the previous for all domains you would like to monitor. To check your configuration run the following commands:

/root/mailinabox/tools/web_update
sudo nginx -s reload

This should run without problems if you haven’t made any mistakes. You should see logfiles appear for each configured domain in /var/log/nginx.

Configure AWStats

You need to create a separate configuration file for each domain, like in the nginx configuration. Somehow AWStats uses this file instead of the generic file for the static generation proces therefore we need to include those config options as well.

Create a file named /etc/awstats/awstats.example.com.conf with the following content:

LogFile="/var/log/nginx/example.com.access.log"
SiteDomain="example.com"
DirData="/var/lib/awstats/"
HostAliases="www.example.com"
LogFormat = 1

ShowSummary=UVPHB
ShowMonthStats=UVPHB
ShowDaysOfMonthStats=VPHB
ShowDaysOfWeekStats=PHB
ShowHoursStats=PHB
ShowDomainsStats=PHB
ShowHostsStats=PHBL
ShowRobotsStats=HBL
ShowSessionsStats=1
ShowPagesStats=PBEX
ShowFileTypesStats=HB
ShowOSStats=1
ShowBrowsersStats=1
ShowOriginStats=PH
ShowKeyphrasesStats=1
ShowKeywordsStats=1
ShowMiscStats=a
ShowHTTPErrorsStats=1
ShowFlagLinks=""
ShowLinksOnUrl=1

Repeat this for all the domains you have configured in nginx and want to actively monitor.

Create a location for publication

I’ve chosen to host the stats on a subdomain of my MIAB box. You create the domain stats.example.com (by creating a dummy email user in the MIAB admin page). Next, in the web section of the MIAB admin site change the directory for the static site to: /home/user-data/www/stats.example.com. In the TLS/SSL section provision the certificates for this new domain.

Copy all the images files from the AWStats package using the following commands:

cd /home/user-data/www/stats.example.com
cp -R /usr/share/awstats/icon .

Automation

To generate everything automatically I’ve chosen to use the logrotation moment and added everything to the nginx script. You do this by editing /etc/logrotate/nginx and change it so it looks like to following example.

/var/log/nginx/*.log {
	daily
	missingok
	rotate 14
	compress
	delaycompress
	notifempty
	create 0640 www-data adm
	sharedscripts
	prerotate
		/usr/share/doc/awstats/examples/awstats_updateall.pl now -awstatsprog=/usr/lib/cgi-bin/awstats.pl
		if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
			run-parts /etc/logrotate.d/httpd-prerotate; \
		fi \
	endscript
	postrotate
		invoke-rc.d nginx rotate >/dev/null 2>&1
		/usr/share/awstats/tools/awstats_buildstaticpages.pl -config=example.com -dir=/home/user-data/www/stats.example.com
	endscript
}

You’ll see the changes made in the pre and postrotate script, configure all domains separately in the postrotatescript by copying the line and change the domain name. To test your configuration and setup you can run lograte manually by using the command sudo logrotate -f /etc/logrotate.d/nginx

This should run with lots of output and you should see files appearing in /home/user-data/www/stats.example.com You can point your browser to stats.example.com/awstats.example.com.html and see how it looks.

Please remove the file awstats that might be installed in /etc/cron.d, this runs way to often and doesn’t do it like we prefer.

To make access easier and not to have to remember all the links you could create a simple index.html file located in /home/user-data/www/stats.example.com with in it the linkst to all the configured domains like:

<a href="http://stats.example.com/awstats.example.com.html">Example</a>
<a href="http://stats.example.com/awstats.other.com.html">Other</a>

And point your browser to the http://stats.example.com.conf

Security

If you don’t want to make the information publicly available we can introduce some basic security measure to have a user/password combination for basic authentication. As we don’t have apache or httpd-tools installed I used an online method of generating the hash password information: https://wtools.io/generate-htpasswd-online

Use this site to enter a user and password combination (for instance when using admin/admin something similar to this should appear admin:$apr1$y3uha0wx$EgVwp9d2c24zAJdU5bVK1/ )

Copy the result into a new file: /etc/nginx/htpasswd

To configure nginx create a stats.example.com.conf file (where stats.example.com should be replaced by the domain name you use) in the location /home/user-data/www with the following content:

location / {
    auth_basic           "Administrator’s Area";
    auth_basic_user_file /etc/nginx/htpasswd;
}

To enable this run the following commands:

/root/mailinabox/tools/web_update
sudo nginx -s reload

Next time you go to your statistics page you’ll need to enter the username and password to gain access.