Can't login after fresh and successfull install behind proxy 3.8.1

frederik-b · March 11, 2019, 6:14pm

Hi,
I instantiated a matomo docker container linked to a mariadb container in kubernetes and the setup works flawlessly.
Using the latest image from here: Docker Hub
flavour: apache, no fpm

Now I’m getting this error all the time when trying to login:

Error: Form security failed. Please reload the form and check that your cookies are enabled. If you use a proxy server, you must configure Matomo to accept the proxy header that forwards the Host header. Also, check that your Referrer header is sent correctly.

I do have a custom reverse proxy in front of the setup, which forwards everything on /matomo
and made sure to provide the relevant headers:
‘x-forwarded-host’, ‘x-forwarded-for’, ‘x-forwarded-uri’: ‘/matomo’

Also I created an alias in the apache virtualhost file:
Alias /matomo "/var/www/html"

the autoconfigured section of the config looks as follows:

[General]
proxy_client_headers[] = "HTTP_X_FORWARDED_FOR"
proxy_host_headers[] = "HTTP_X_FORWARDED_HOST"
salt = "..."
trusted_hosts[] = "matomo" # the internal domain where the loadbalancer redirects to
trusted_hosts[] = "my-domain.de" # the actual domain where the loadbalancer runs

I manually added proxy_uri_header = 1 for no effect

printing all php headers gives the following:

x-forwarded-host: my-domain.de
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
x-forwarded-for: 000.000.000.000, 000.000.000.000, 000.000.000.000
x-forwarded-uri: /matomo
host: matomo
content-length: 103
cache-control: max-age=0
origin: https://my-domain.de
upgrade-insecure-requests: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
referer: https://my-domain.de/matomo/index.php
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,de;q=0.8
x-cloud-trace-context: 00000000000000000000000000000000/00000000000000000000
via: 1.1 google
x-forwarded-proto: https
connection: Keep-Alive

the IPs are correct, I just zeroed them for posting

I triple checked everything from here:
https://matomo.org/faq/how-to-install/faq_98/
and still nothing helps

I’ld really appreciate some help.

frederik-b · March 12, 2019, 10:29am

I assume this is due to nonces not working correctly?
And not at all about the proxy stuff.

Can someone help me to check if it’s a problem with the sessions or maybe cookies?

frederik-b · March 12, 2019, 11:46am

This was a bug with the loadbalancer and the cookies. (No cookies where set)
Error messages could really be more specific.

vitobotta · March 16, 2019, 10:52am

Hi, I am having the same problem with the matomo docker container behind an nginx container. Can you please tell me what config you have changed concerning the cookies?