Self-Host Umami with Greffon
Most analytics tools pay for themselves by selling what they learn about your visitors. Umami does not collect that in the first place, and self-hosting keeps the data on a box you own.
Web analytics has a quiet cost: the tool that measures your traffic usually keeps a copy of it, and often pairs your visitors with cookies and a profile they carry across the web. Umami takes the other path. It is cookie-free, it does not build cross-site profiles, and when you host it yourself the numbers sit on a machine you own rather than an account you rent. Greffon takes the fiddly parts of standing it up off your plate.
Why own your analytics
Umami is a lightweight, privacy-focused alternative to Google Analytics. It counts page views, referrers, countries, and devices without setting cookies and without the consent-banner overhead that follows tools which do. The dashboard is clean and fast, and the data behind it never leaves your greffer.
That is the real shift in self-hosting it. With a hosted analytics service, your visitors' activity is data the provider holds too. Grafting Umami onto a greffer means the visit logs, the dashboards, and the database all live on your hardware, under your control, and they are not anyone else's to mine.
Graft it from the catalog
On a greffer you do not hand-write a compose file, provision a database, or wire a reverse proxy. Pick Umami from the catalog and graft it onto your greffer. The app ships with its database alongside it, and Greffon issues the certificate and routes the app, so it comes up reachable over HTTPS from the first start. The signing secret Umami uses for session tokens is generated by the platform when you create the instance, so there is nothing to paste in by hand.
Change the default login
Umami ships with a fixed default account so you can get in on the first load. That convenience is also the first thing you must close off.
admin and password umami. These are the same on every Umami install, so anyone who can reach your dashboard knows them. Log in once, go to settings, and change the password before you point a real site at it.Add the tracking script
Once you are in, add a website in the Umami dashboard and it gives you a small tracking snippet, a single <script> tag. Drop that into the pages you want to measure and views start showing up. The script is light and loads from your own greffer, so the sites you track are not calling out to a third-party analytics host.
Because the script is served from your greffer, the site you are tracking needs to be able to reach it. If your greffer is on your home network and the site lives on the public internet, see the next section on reaching it from anywhere.
Reaching it, and your data
Umami is an HTTP app, so reaching it from outside your network is straightforward. The simplest option is tunnel mode: a greffer connects outbound to the manager's tunnel and serves its apps without opening a single inbound port, which is the answer for a box behind NAT or CGNAT with no public IP. If you would rather expose the greffer directly, port forwarding plus dynamic DNS still works. Either way the dashboard and the tracking script stay reachable over HTTPS.
The data itself is the part worth a plan. Your analytics history lives in Umami's database on the greffer, and unlike a hosted service there is no provider keeping a copy for you. Greffon handles TLS and routing today, and native one-click backups are coming in M2. Until then, bring your own backup tool (restic or borgbackup are the usual choices), back up the database volume on a schedule, and store a copy off the greffer.
Keep it always-on
Analytics only counts what it is up to see. If the greffer is asleep when a visitor arrives, that visit is gone, there is no catching up later. Run Umami on an always-on greffer such as a small VPS, a mini-PC, or a free Oracle Cloud box, rather than a laptop that sleeps at night. The Oracle walkthrough is a good place to get a greffer running before you graft Umami onto it.