ThorneLabs

Install Mint Web Analytics on Fedora, RHEL, or CentOS with SSL and SELinux

• Updated March 17, 2019


Google Analytics has always been the go-to web analytics tool. It is fairly easy to setup, and it provides the basic and advanced metrics needed to run a website.

However, 95% of the time, all I want to see are the most up-to-date metrics for number of visits, referrers, and pages viewed. This is where I use Mint.

Mint is a self-hosted LAMP stack web application. It costs a one-time fee of $30 per site you want to monitor. The cost may seem steep when Google Analytics is free and more featured, but Mint is simple, elegant, and extensible, and that’s sometimes worth paying for.

In addition, the developer of Mint, Shaun Inman, also created the fantastic self-hosted web based RSS reader Fever. The steps to install and setup Fever are similar to Mint.

Live Demo

Shaun Inman provides a live demo of Mint to ensure it provides the functionality you need before purchasing it.

Server, Domain Name, DNS, and Website

Before you do anything, you will need the following things setup and ready to go:

  • a server to host your website and Mint on
  • a domain name
  • configured DNS records
  • an actual website to monitor

Mint Requirements

Before purchasing Mint, be sure the server you will be hosting it on meets all of the requirements.

Purchase Mint

Next, open a web browser, go to Mint’s website to create an account, and purchase Mint. An Activation Key will be emailed to you which you will use later.

Install Mint

Log in to your server as the root user. The remainder of this post will assume you are the root user.

Repository Packages

Mint is your typical LAMP stack web application, so be sure you have the necessary repository packages installed:

yum install httpd mod_ssl php mysql-server unzip

Enable and Start the Services

Enable the httpd and mysqld services to start on boot and start them now.

On RHEL 6 and CentOS 6:

chkconfig httpd on
chkconfig mysqld on

service httpd start
service mysqld start

On Fedora 17 and newer:

systemctl enable httpd
systemctl enable mysqld

systemctl start httpd
systemctl start mysqld

Configure MySQL

Assuming you accept the defaults, the following mysql command will set the root MySQL password, remove anonymous MySQL users, disallow root login remotely, remove test databases and access to them, and reload the privileges table:

mysql_secure_installation

Log in as the root user to MySQL command line (the password will be whatever you just set while running the mysql_secure_installation command):

mysql -u root -p

Create the mint database:

mysql> CREATE DATABASE mint;

Create the mint user and set permissions (change $PASSWORD to whatever password you want the mint user to have):

mysql> CREATE USER 'mint'@'localhost' IDENTIFIED BY '$PASSWORD';

mysql> GRANT ALL PRIVILEGES ON mint.* to 'mint'@'localhost';

mysql> FLUSH PRIVILEGES;

Apache Configuration

This decision is entirely up to you, but because you will be logging in to Mint with a username and password, you should put the web application behind SSL.

The following Apache VirtualHost file contains everything needed to always redirect to SSL and point to your self-signed SSL certificates (you will create these next).

Create file /etc/httpd/conf.d/mint.example.com.conf with the following contents:

<VirtualHost *:80>
    ServerAdmin user@example.com
    DocumentRoot /var/www/html/mint.example.com
    ServerName mint.example.com
    ErrorLog logs/mint.example.com-error_log
    CustomLog logs/mint.example.com-access_log common

    RewriteEngine On

    RewriteCond %{REQUEST_URI}?%{QUERY_STRING} ![&\?]js$
    RewriteCond %{REQUEST_URI}?%{QUERY_STRING} ![&\?]record&key=
    RewriteRule ^/(.*)$ https://%{SERVER_NAME}:443/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin user@example.com
    DocumentRoot /var/www/html/mint.example.com
    ServerName mint.example.com
    ErrorLog logs/mint.example.com-ssl_error_log
    CustomLog logs/mint.example.com-ssl_access_log common

    SSLEngine On
    SSLCertificateFile "/etc/pki/tls/certs/mint.example.com.crt"
    SSLCertificateKeyFile "/etc/pki/tls/private/mint.example.com.key"

    <Directory /var/www/html/mint.example.com>
        Options None
    </Directory>
</VirtualHost>

Generate a Self-Signed SSL Certificate

Because you will probably be the only person using Mint, a self-signed SSL certificate is more than sufficient. You can create one with the following steps.

Change into root’s home directory:

cd /root

Create the Private Key and Certificate Signing Request:

openssl req -new -newkey rsa:2048 -nodes -keyout mint.example.com.key -out mint.example.com.csr

Create the SSL Certificate and sign it with the Private Key:

openssl x509 -req -days 365 -in mint.example.com.csr -signkey mint.example.com.key -out mint.example.com.crt

With the Private Key and SSL Certificate created, copy them into place:

cp /root/mint.example.com.key /etc/pki/tls/private/

cp /root/mint.example.com.crt /etc/pki/tls/certs/

Make sure each file has the proper permissions:

chmod 600 /etc/pki/tls/private/mint.example.com.key

chmod 644 /etc/pki/tls/certs/mint.example.com.crt

If you are using SELinux, set the proper SELinux Contexts:

restorecon -R /etc/pki/tls/private

restorecon -R /etc/pki/tls/certs

Download and Unzip Mint

You should already have downloaded Mint to your workstation and uploaded it to your server using scp, rsync, or sftp. I am going to assume you uploaded it to /tmp.

Unzip Mint to /tmp:

unzip /tmp/mint_v219.zip -d /tmp

I highly advise you to read the README file located at /tmp/mint_v219/README.

Directory, Permissions, and SELinux Configuration

Create the web serving directory to put Mint:

mkdir -p /var/www/html/mint.example.com

Copy the entire contents of the mint_v219 directory you just unzipped to /var/www/html/mint.example.com:

cp -r /tmp/mint_v219/* /var/www/html/mint.example.com/

Set the owner and group of the mint.example.com directory and its contents to apache:

chown -R apache:apache /var/www/html/mint.example.com

If you are using SELinux, set the proper SELinux Context:

chcon -Rv --type=httpd_sys_rw_content_t /var/www/html/mint.example.com

Also, when using SELinux, to ensure httpd can send mail for the Forgot Password function, set the following SELinux Boolean:

setsebool -P httpd_can_sendmail=1

Configure Mint’s db.php

The last piece of configuration is to set the database connection details in db.php.

Open /var/www/html/mint.example.com/config/db.php and set the proper values for username, password, and database.

Restart httpd

With all of the necessary Apache files in place, the Apache service needs to be restarted.

On RHEL 6 and CentOS 6:

service httpd restart

On Fedora 17 and newer:

systemctl restart httpd

With everything now in place, open a web browser, go to http://mint.example.com, and follow the remaining instructions to finish installing Mint and to get it working with your website.