Hello,
I’ve set up my piwik on my VPS cloud on Ubuntu 14.04 as stats..com successfully. It works perfectly and I can see the analytics. The piwik root directory can be found in /var/www/piwik
which is separated from my /var/www/mydomain
.
Now, I would like to setup the https or SSL for my piwik platform only. I got the certificates by typing
./certbot-auto certonly --webroot -w /var/www/piwik/ -d stats.mydomain.com
based on the instruction from Certbot.
For the NGINX setup I read and followed the instruction from DO: How To Secure Nginx with Let's Encrypt on Ubuntu 14.04 | DigitalOcean
After I modify my Nginx config, at the end I have such a config:
server {
listen 443 ssl;
root /var/www/piwik;
server_name stats.mydomain.com;
ssl_certificate /etc/letsencrypt/live/stats.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stats.mydomain.com/privkey.pem;
# use the strong Diffie-Hellman from /etc/ssl/certs/dhparam.pem
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-R$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
access_log /var/log/nginx/statsaccess.log;
error_log /var/log/nginx/stats_error.log;
location / {
index index.php;
}
location /config.ini.php {
root /etc/webapps/nginx;
index config.ini.php;
}
location ~* \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_hide_header X-Powered-By;
fastcgi_param HTTPS $https if_not_empty; # additional config for SSL
}
location ~ /.well-known {
allow all;
}
}
server {
listen 80;
server_name stats.mydomain.com;
return 301 https://$host$request_uri;
}
And then based on How do I force Piwik to use SSL (https) for improved security? - Analytics Platform - Matomo I added force_ssl = 1
the config.php.ini.
But I cannot access my stats.mydomain.com. My browser tries to connect until a connection timeout. I cannot find any log in /var/log/nginx for this connection.
Can someone help me?
Cheers,
Yogi