diff --git a/matomo/Dockerfile b/matomo/Dockerfile
new file mode 100644
index 0000000..717f0b7
--- /dev/null
+++ b/matomo/Dockerfile
@@ -0,0 +1,57 @@
+FROM hoellen/nginx-php:7.1
+
+ARG VERSION=3.3.0
+ARG GPG_matthieu="814E 346F A01A 20DB B04B  6807 B5DB D592 5590 A237"
+
+ENV UID=991 GID=991 \
+    UPLOAD_MAX_SIZE=10M \
+    MEMORY_LIMIT=256M \
+    OPCACHE_MEM_SIZE=128M
+
+RUN BUILD_DEPS=" \
+    git \
+    tar \
+    build-base \
+    autoconf \
+    geoip-dev \
+    libressl \
+    ca-certificates \
+    gnupg" \
+ && apk -U upgrade && apk add \
+    ${BUILD_DEPS} \
+    geoip \
+    tzdata \
+ && pecl install geoip-1.1.1 \
+ && echo 'extension=geoip.so' >> /php/conf.d/geoip.ini \
+ && mkdir /matomo && cd /tmp \
+ && MATOMO_TARBALL="piwik-${VERSION}.tar.gz" \
+ && wget -q https://builds.matomo.org/${MATOMO_TARBALL} \
+ && wget -q https://builds.matomo.org/${MATOMO_TARBALL}.asc \
+ && wget -q https://builds.matomo.org/signature.asc \
+ && echo "Verifying authenticity of ${MATOMO_TARBALL}..." \
+ && gpg --import signature.asc \
+ && FINGERPRINT="$(LANG=C gpg --verify ${MATOMO_TARBALL}.asc ${MATOMO_TARBALL} 2>&1 \
+  | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
+ && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \
+ && if [ "${FINGERPRINT}" != "${GPG_matthieu}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
+ && echo "All seems good, now unpacking ${MATOMO_TARBALL}..." \
+ && tar xzf ${MATOMO_TARBALL} --strip 1 -C /matomo \
+ && wget -q https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz -P /usr/share/GeoIP/ \
+ && gzip -d /usr/share/GeoIP/GeoLiteCity.dat.gz \
+ && mv /usr/share/GeoIP/GeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat \
+ && apk del ${BUILD_DEPS} php7-dev php7-pear \
+ && rm -rf /var/cache/apk/* /tmp/* /root/.gnupg
+
+COPY rootfs /
+
+RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
+
+VOLUME /config
+
+EXPOSE 8888
+
+LABEL description "Open web analytics platform" \
+      matomo "Matomo v${VERSION}" \
+      maintainer="hoellen <indo@hoellen.eu>"
+
+CMD ["run.sh"]
diff --git a/matomo/README.md b/matomo/README.md
new file mode 100644
index 0000000..736ce39
--- /dev/null
+++ b/matomo/README.md
@@ -0,0 +1,69 @@
+## hoellen/matomo
+
+![](https://i.goopics.net/m3.png)
+
+#### What is this?
+It is a web analytics platform. Matomo respects your privacy and gives you full control over your data.
+
+#### Features
+- Based on wonderfall/dockerfiles (Thanks!)
+- Based on Alpine Linux.
+- Latest Matomo stable.
+- nginx stable + PHP7.
+- mysql drivers (server not built-in).
+- Latest GeoLite City Database from maxmind.com.
+
+#### Build-time variables
+- **VERSION** : version of Matomo
+- **GPG_matthieu** : fingerprint of signing key
+
+#### Environment variables
+- **GID** : matomo group id *(default : 991)*
+- **UID** : matomo user id *(default : 991)*
+
+#### Volumes
+- **/config** : configuration files
+
+#### Update
+Matomo can update itself. It works well. I'm also maintaing this Dockerfile, so if you don't want to do upgrades directly from Matomo, you can recreate the container as well whenever I push an update.
+
+#### Configuration
+According to Matomo, everything should be fine running this image. You shoudn't have any difficulties to setup your own instance of Matomo. Your `/config/config.ini.php` overwrites the one (in `/matomo/config`)used by Matomo each time the container is started. Moreover, the old config.ini.php is saved as `/config/config.ini.php.bkp` if you want to revert last changes. This should also guarantee transparency through Matomo's updates.
+
+If you're running Matomo behind a reverse proxy (most likely you do), add this to your `config.ini.php` :
+
+```
+[General]
+#assume_secure_protocol = 1 #uncomment if you use https
+proxy_client_headers[] = HTTP_X_FORWARDED_FOR
+proxy_client_headers[] = HTTP_X_REAL_IP
+proxy_host_headers[] = HTTP_X_FORWARDED_HOST
+```
+
+#### Reverse proxy
+Use port **8888**.
+https://github.com/Wonderfall/dockerfiles/tree/master/reverse
+https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration
+
+#### Docker Compose (example)
+```
+matomo:
+  image: hoellen/matomo
+  links:
+    - db_matomo:db_matomo
+  volumes:
+    - /mnt/docker/matomo/config:/config
+  environment:
+    - GID=1000
+    - UID=1000
+
+db_matomo:
+  image: mariadb:10
+  volumes:
+    - /mnt/docker/matomo/db:/var/lib/mysql
+  environment:
+    - MYSQL_ROOT_PASSWORD=asupersecretpassword
+    - MYSQL_DATABASE=matomo
+    - MYSQL_USER=matomo
+    - MYSQL_PASSWORD=asupersecretpassword
+```
diff --git a/matomo/rootfs/nginx/sites-enabled/nginx.conf b/matomo/rootfs/nginx/sites-enabled/nginx.conf
new file mode 100644
index 0000000..140c30c
--- /dev/null
+++ b/matomo/rootfs/nginx/sites-enabled/nginx.conf
@@ -0,0 +1,46 @@
+server {
+        listen 8888;
+        root /matomo;
+        index index.php index.html;
+
+        location ~* \.(?:bat|git|ini|sh|svn[^.]*|txt|tpl|xml)$ {
+            return 404;
+        }
+
+        location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
+            expires 30d;
+            access_log off;
+	}
+
+        location = /favicon.ico {
+            try_files /favicon.ico =204;
+        }
+
+        location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ {
+            return 404;
+        }
+
+        location ~ ^/(vendor|config|tmp|libs|misc) {
+            deny all;
+            return 404;
+        }
+
+        location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
+            deny all;
+        }
+
+        location ~ /\. {
+            deny all;
+        }
+
+        location / {
+            try_files $uri /index.php;
+        }
+
+	location ~ \.php$ {
+            fastcgi_index index.php;
+            fastcgi_pass unix:/php/run/php-fpm.sock;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include /nginx/conf/fastcgi_params;
+	}
+}
diff --git a/matomo/rootfs/php/conf.d/opcache.ini b/matomo/rootfs/php/conf.d/opcache.ini
new file mode 100644
index 0000000..d77112b
--- /dev/null
+++ b/matomo/rootfs/php/conf.d/opcache.ini
@@ -0,0 +1,8 @@
+zend_extension=opcache.so
+opcache.enable=1
+opcache.enable_cli=1
+opcache.fast_shutdown=1
+opcache.memory_consumption=<OPCACHE_MEM_SIZE>
+opcache.interned_strings_buffer=16
+opcache.max_accelerated_files=10000
+opcache.revalidate_freq=60
diff --git a/matomo/rootfs/usr/local/bin/run.sh b/matomo/rootfs/usr/local/bin/run.sh
new file mode 100644
index 0000000..c49e1f6
--- /dev/null
+++ b/matomo/rootfs/usr/local/bin/run.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+sed -i -e "s/<UPLOAD_MAX_SIZE>/$UPLOAD_MAX_SIZE/g" /nginx/conf/nginx.conf /php/etc/php-fpm.conf \
+       -e "s/<MEMORY_LIMIT>/$MEMORY_LIMIT/g" /php/etc/php-fpm.conf \
+       -e "s/<OPCACHE_MEM_SIZE>/$OPCACHE_MEM_SIZE/g" /php/conf.d/opcache.ini
+
+if [ ! -f /config/config.ini.php ]; then
+  cp /matomo/config/config.ini.php /config/config.ini.php
+fi
+
+ln -s /config/config.ini.php /matomo/config/config.ini.php
+mv matomo fix && mv fix matomo # fix strange bug
+chown -R $UID:$GID /matomo /config /var/log /php /nginx /tmp /usr/share/GeoIP /etc/s6.d
+exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d