mod_proxy Form security failed


#1

Hi,
I’ve a domain https://www.domain.com with a valid ssl certificate (only for this domain, no subdomains).
Piwik is running under http://piwik.domain.com.
To avoid warnings when a user requests my site by https (because connection is https, but piwik domain only http) I’ve configured apache with proxy so that I can access piwik by
https://www.domain.com/piwik:


        RewriteRule   ^/piwik$  /piwik/   [R=301]

        ProxyPass        /piwik/ http://piwik.domain.com/
        ProxyPassReverse /piwik/ http://piwik.domain.com/

But when I try to login on https://www.domain.com/piwik i get:


Form security failed. Please reload the form and check that your cookies are enabled. If you use a proxy server, you must configure Piwik to accept the proxy header that forwards the Host header. Also, check that your Referer header is sent correctly.

I already tried setting: Installation - Analytics Platform - Matomo


[General]
; This doesn't work, Images don't load
; assume_secure_protocol = 1

; This is the correct header for mod_proxy
proxy_client_headers[] = X-Forwarded-For

I’ve debugged and found out that piwik fails with the referer url because this is:


https://www.domain.com/piwik

This is a local url and piwik don’t like local urls as referer when logging in.

If I call https://www.domain.com/piwik/index.php the referer gets the same: https://www.domain.com/piwik/index.php.

So referer is set to request url.

How can i configure Piwik correctly?

Thanks a lot!!


#2

Found the error:


[General]
proxy_client_headers[] = "HTTP_X_FORWARDED_FOR"
proxy_host_headers[] = "HTTP_X_FORWARDED_HOST"

Seems correct