Install piwik behind reverse proxy


(javalexG) #1

Hi all!

I have installed Piwik behind a reverse proxy and had some problems with the images and javascript on the dashboard. Well, the cause is: with this type of installation the $_SERVER[‘HTTP_HOST’] variable contains something like ‘local.hostname’ and not the real host name, which should be like ‘piwik.my-domain.com’. Well, the solution is:

  1. change lines 115-ff. in core/Url.php as following:
    instead of
        if(isset($_SERVER['HTTP_HOST']))
        {
            $url .= $_SERVER['HTTP_HOST'];
        }
        else
        {
            $url .= 'unknown';
        }

use this one:

        if(isset($_SERVER['HTTP_X_FORWARDED_HOST']))
        {
            $url .= $_SERVER['HTTP_X_FORWARDED_HOST'];
        }
        elseif(isset($_SERVER['HTTP_HOST']))
        {
            $url .= $_SERVER['HTTP_HOST'];
        }
        else
        {
            $url .= 'unknown';
        }
  1. Replace line 181-ff. in plugins/Login/controller.php as following:
    after
                $piwikHost = $_SERVER['HTTP_HOST'];

add

                if(isset($_SERVER['HTTP_X_FORWARDED_HOST']))
                {
                    $piwikHost = $_SERVER['HTTP_X_FORWARDED_HOST'];
                }

That’s all style_emoticons/<#EMO_DIR#>/rolleyes.gif

Regards

Alex


(vipsoft) #2

Please create a ticket in Trac, specify the Piwik version you’re running, and describe your reverse proxy set-up (e.g., Apache or lighttpd or IIS or …, https vs http, etc).


(toastbrot) #3

we use pound as reverseproxy and normally i dont need to know if we were called with ssl or not. but the piwik-backend generates absolute urls (json calls in 0.4) that are wrong (http instead of https) when behind an reverse proxy.

one way to workaround this is by adding this rule to our backend apache on that specific virtualhost:
SetEnv HTTPS on


(vipsoft) #4

As of 0.4, Piwik generates relative URLs, so https->http reverse proxies should be supported.


(toastbrot) #5

i tried it with 0.4 before fixing it via apache hack. sorry no relative urls in described places…