Hello out there,
I tried to make Piwik working that way, that the login page is only available via HTTPS and tracking should still work via HTTP. I thought this would be straight forward, but well, it isn’t.
Piwik is running on Version 3.04 using apache2 2.4.10 on Debian 8.9.
What I’ve done:
- I tried the Piwik Options
force_ssl = 1 and force_ssl_login = 1. Unfortunately those had not the effect I wanted. The login page was still accessible using HTTP, but the login does not work. So people who weren’t aware that they tried to log in using HTTP asked me, why this is not working.
So I tried the following in the apache vhost:
RewriteEngine on
RewriteCond %{REQUEST_URI} !=/piwik.js$ [NC]
RewriteCond %{REQUEST_URI} !=/piwik.php$ [NC]
RewriteRule ^/$ https://url-to-piwik/index.php [L]
I imagined this to let tracking requests through and pass over everything else to HTTPS. Actually this should work:
I see the piwik.php line in the access log. The Log Importer tells me that he successfully imported those lines. After that I called
./console core:archive --force-all-websites --force-all-periods=315576000 --force-date-last-n=1 --url=http://url-to-piwik
but these entries never showed up in the webinterface.
I then tried to change the RewriteRule to ^/index.php$ https://url-to-piwik/index.php and disabled the RewriteCond lines. Unfortunately this blew up the webinterface completely due to too many redirects.
I assume that Piwik itself redirect the traffic, although I disabled force_ssl = 1 and force_ssl_login = 1 when I started using apache redirects.
In addition I’m wondering why the tracking entries are successfully imported from the access log, but never show up in Piwik.
I hope you can give me some hints.
Cheers,
Dennis