diff --git a/manuscript/images/piwik.png b/manuscript/images/piwik.png
new file mode 100644
index 0000000..bee4f8f
Binary files /dev/null and b/manuscript/images/piwik.png differ
diff --git a/manuscript/recipies/gitlab-runner.md b/manuscript/recipies/gitlab-runner.md
index 836a46d..9323cd0 100644
--- a/manuscript/recipies/gitlab-runner.md
+++ b/manuscript/recipies/gitlab-runner.md
@@ -28,6 +28,7 @@ mkdir -p {runners/1,runners/2}
 From your GitLab UI, you can retrieve a "token" necessary to register a new runner. To register the runner, you can either create config.toml in each runner's bind-mounted folder (example below), or just "docker exec" into each runner container and execute ```gitlab-container register``` to interactively generate config.toml.
 
 Sample runner config.toml:
+
 ```
 concurrent = 1
 check_interval = 0
@@ -46,6 +47,7 @@ check_interval = 0
     shm_size = 0
   [runners.cache]
 ```
+
 ## Serving
 
 ### Launch runners
diff --git a/manuscript/recipies/piwik.md b/manuscript/recipies/piwik.md
new file mode 100644
index 0000000..92cced7
--- /dev/null
+++ b/manuscript/recipies/piwik.md
@@ -0,0 +1,90 @@
+# Piwik
+
+[Piwik](http://www.piwik.org) is a rich open-source web analytics platform, which can be coupled with commercial plugins for additional features. It's most simply described as "_self-hosted Google Analytics_".
+
+![Piwik Screenshot](../images/piwik.png)
+
+## Ingredients
+
+1. [Docker swarm cluster](/ha-docker-swarm/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md)
+2. [Traefik](/ha-docker-swarm/traefik) configured per design
+
+
+## Preparation
+
+### Limitation of docker-swarm
+
+The docker-swarm load-balancer is a problem for deploying piwik, since it rewrites the source address of every incoming packet to whichever docker node received the packet into the swarm. Which is a PITA for analytics, since the original source IP of the request is obscured.
+
+The issue is tracked at #[25526](https://github.com/moby/moby/issues/25526), and there is a workaround, but it requires running the piwik "app" container on **every** swarm node...
+
+### Prepare environment
+
+Create piwik.env, and populate with the following variables
+
+```
+MYSQL_ROOT_PASSWORD=set-me-and-use-me-when-setting-up-piwik
+```
+
+### Setup docker swarm
+
+```
+version: '3'
+
+services:
+  db:
+    image: mysql
+    volumes:
+      - /var/data/piwik/mysql/runtime:/var/lib/mysql
+    env_file: /var/data/piwik/piwik.env
+    networks:
+    - internal
+  app:
+    image: piwik:apache
+    volumes:
+      - /var/data/piwik/config:/var/www/html/config
+    networks:
+    - internal
+    - traefik
+    deploy:
+      mode: global
+      labels:
+        - traefik.frontend.rule=Host:piwik.example.com
+        - traefik.docker.network=traefik
+        - traefik.port=80
+  cron:
+    image: piwik:apache
+    volumes:
+      - /var/data/piwik/config:/var/www/html/config
+    entrypoint: |
+      bash -c 'bash -s <<EOF
+      trap "break;exit" SIGHUP SIGINT SIGTERM
+      while /bin/true; do
+        su -s "/bin/bash" -c "/usr/local/bin/php /var/www/html/console core:archive" www-data
+        sleep 3600
+      done
+      EOF'
+    networks:
+    - internal
+
+networks:
+  traefik:
+    external: true
+  internal:
+    driver: overlay
+    ipam:
+      config:
+        - subnet: 172.16.4.0/24
+```
+
+!!! tip
+    Setup unique static subnets for every stack you deploy. This avoids IP/gateway conflicts which can otherwise occur when you're creating/removing stacks a lot. See [my list](/reference/networks/) here.
+
+
+## Serving
+
+Launch the Piwik stack by running ```docker stack deploy piwik -c <path -to-docker-compose.yml>```
+
+Log into your new instance at https://**YOUR-FQDN**, and follow the wizard to complete the setup.
+
+## Chef's Notes
diff --git a/manuscript/reference/networks.md b/manuscript/reference/networks.md
index 1143f98..50cd5f5 100644
--- a/manuscript/reference/networks.md
+++ b/manuscript/reference/networks.md
@@ -4,7 +4,8 @@ In order to avoid IP addressing conflicts as we bring swarm networks up/down, we
 
 Network  | Range
 --|--
-[Traefik](/ha-docker-swarm/traefik/)  | _unspecified_
-[Mail Server](/recipies/mail/)  | 172.16.1.0/24
-[Gitlab](/recipies/gitlab/) | 172.16.2.0/24
-[Wekan](/recipies/wekan/)  |  172.16.3.0/24
+[Traefik](https://geek-cookbook.funkypenguin.co.nz/ha-docker-swarm/traefik/)  | _unspecified_
+[Mail Server](https://geek-cookbook.funkypenguin.co.nz/recipies/mail/)  | 172.16.1.0/24
+[Gitlab](https://geek-cookbook.funkypenguin.co.nz/recipies/gitlab/) | 172.16.2.0/24
+[Wekan](https://geek-cookbook.funkypenguin.co.nz/recipies/wekan/)  |  172.16.3.0/24
+[Piwik](https://geek-cookbook.funkypenguin.co.nz/recipies/piwki/)  |  172.16.4.0/24
diff --git a/manuscript/sections/README.md b/manuscript/sections/README.md
new file mode 100644
index 0000000..c9efe0d
--- /dev/null
+++ b/manuscript/sections/README.md
@@ -0,0 +1 @@
+This directory exists to allow me to pull in markdown docs into the LeanPub book structure, which won't show up in the online version.
diff --git a/mkdocs.yml b/mkdocs.yml
index 14d5343..4f7971b 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -35,6 +35,7 @@ pages:
       - GitLab: recipies/gitlab.md
       - GitLab Runner: recipies/gitlab-runner.md
       - Wekan: recipies/wekan.md
+      - Piwik: recipies/piwik.md
     - Reference:
       - OAuth Proxy: reference/oauth_proxy.md
       - Networks: reference/networks.md
@@ -96,9 +97,8 @@ google_analytics:
   - 'UA-139253-18'
   - 'auto'
 
-# disabled until this is running
-#extra_javascript:
-#  - 'extras/javascript/piwik.js'
+extra_javascript:
+  - 'extras/javascript/piwik.js'
 
 # Extensions
 markdown_extensions: