mod_proxy Form security failed


I’ve a domain with a valid ssl certificate (only for this domain, no subdomains).
Piwik is running under
To avoid warnings when a user requests my site by https (because connection is https, but piwik domain only http) I’ve configured apache with proxy so that I can access piwik by

        RewriteRule   ^/piwik$  /piwik/   [R=301]

        ProxyPass        /piwik/
        ProxyPassReverse /piwik/

But when I try to login on i get:

Form security failed. Please reload the form and check that your cookies are enabled. If you use a proxy server, you must configure Piwik to accept the proxy header that forwards the Host header. Also, check that your Referer header is sent correctly.

I already tried setting: Installation - Analytics Platform - Matomo

; This doesn't work, Images don't load
; assume_secure_protocol = 1

; This is the correct header for mod_proxy
proxy_client_headers[] = X-Forwarded-For

I’ve debugged and found out that piwik fails with the referer url because this is:

This is a local url and piwik don’t like local urls as referer when logging in.

If I call the referer gets the same:

So referer is set to request url.

How can i configure Piwik correctly?

Thanks a lot!!


Found the error:

proxy_client_headers[] = "HTTP_X_FORWARDED_FOR"
proxy_host_headers[] = "HTTP_X_FORWARDED_HOST"

Seems correct