Does anyone know how to configure login_whitelist_ip to work behind a load balancer?
The IP address hitting Matomo is the load balancer’s, so my understanding is there should be some way to tell Matomo to look at the X-Forwarded headers, instead of the actual IP address?
we use the following addition in the “location” tag of our nginx load balancer / reverse proxy configuration to forward the real ip to the matomo instance:
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;
Then we set the realip to the forwarded one in the nginx configuration of the matomo tracking instance:
set_real_ip_from <load_balancer_ip>; real_ip_header X-Forwarded-For; real_ip_recursive on;
login_whitelist_ip works just fine then and it also makes GeoIp work.
Another solution i just found out could be this: How do I configure Piwik when the server is installed behind a proxy? - Analytics Platform - Matomo
Thank you Florian!
I really appreciate your help with that, it certainly points me in the right direction.
We’re using a Bitnami image on EC2, which seems to use an older version of apache, rather than nginx - unfortunately I don’t think I can use either your solution or the one in the link (at least not without learning a lot more and maybe changing/upgrading the web-server software!)
Thanks again, now I know to look for something at the web-server level that tricks Matomo into believing the forwarded IP is the real IP.