DevLog 250804 Stealth IP Tracking via Matomo

> Log Date: 2025-08-04

I’ve successfully deployed a tracking system using Matomo on my 24/7 Docker-based server, integrated it with Netlify, and exposed it securely under track.arynwood.com. This lays the foundation for deeper monitoring, analytics, and future cybersecurity insight within the Aryncore MCP.


Context & Purpose

My goal was to set up an independent, self-hosted analytics platform that could track IP visits to my website without relying on third-party services. I needed stealth (cookie-less, local, HTTPS-secured), persistence (Docker), and customization for future automation and system alerts. This experiment also serves as my gateway into hands-on network monitoring and deeper cybersecurity learning.


Installation Workflow

Docker Compose Setup

mkdir -p ~/tools/matomo
cd ~/tools/matomo
nano docker-compose.yml

Used the official Matomo + MariaDB images:

services:
  matomo:
    image: matomo
    ports:
      - "8080:80"
    depends_on:
      - db
  db:
    image: mariadb
    environment:
      MYSQL_ROOT_PASSWORD: matomo_root
      MYSQL_DATABASE: matomo
      MYSQL_USER: matomo
      MYSQL_PASSWORD: matomo_pass

Initial Web Setup

Accessed the container at http://162.248.7.248:8080, configured the superuser, and created the tracking profile for my Netlify site. Connection issues were solved by using db as the hostname and ensuring the password matched the Docker env vars.

Subdomain & SSL Setup

  1. Created DNS A record: track.arynwood.com → 162.248.7.248
  2. Installed NGINX and Certbot on the server
  3. Reverse proxied HTTPS traffic to local port 8080
  4. Configured Let's Encrypt via certbot --nginx -d track.arynwood.com

Trusted Host Fix

Added this to ~/tools/matomo/matomo/config/config.ini.php:

[General]
trusted_hosts[] = "track.arynwood.com"

Embedding the Tracker

I placed the Matomo tracking script inside my Astro layout’s <head> block. For now, I’ve manually added it to my top 10 blog posts and devlog template. Future blogs will inherit the tracker once I standardize on a global layout.

<script>
  var _paq = window._paq = window._paq || [];
  _paq.push(["setDocumentTitle", document.domain + "/" + document.title]);
  _paq.push(["setCookieDomain", "*.www.arynwood.com"]);
  _paq.push(["setDoNotTrack", true]);
  _paq.push(["disableCookies"]);
  _paq.push(["trackPageView"]);
  _paq.push(["enableLinkTracking"]);
  (function() {
    var u="https://track.arynwood.com/";
    _paq.push(["setTrackerUrl", u + "matomo.php"]);
    _paq.push(["setSiteId", "1"]);
    var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0];
    g.async=true; g.src=u+"matomo.js"; s.parentNode.insertBefore(g,s);
  })();
</script>

Reflection & Next Steps

Now that tracking is operational, I plan to learn Matomo as a full analytics and monitoring dashboard. I'll explore its role in security observability, request mapping, and how it fits within the larger picture of MCP-based surveillance, alerts, and behavioral logging. Matomo gives me a bridge between web analytics and deeper cybersecurity practices including user fingerprinting, endpoint analysis, and request origin visibility.

I anticipate more refinement: tweaking the domain configs, segmenting traffic, and integrating Matomo events into n8n workflows. But for now, this is a huge milestone. I have a working, stealth-capable IP tracking layer under my full control.

Signed, Lorelei Noble
Back to DevLogs