Required Private Directories | Recommended Private Directories

Hi there,
We are using Matomo on-primes on Ubuntu-22.04 LTS with apache2 as webserver. We are getting following warnings on admin side of the Matomo.

Please help me to fix the issue. Thank you so much in advance!
<VirtualHost *:80>
DocumentRoot /var/www/html/matomo
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule !mod_php7.c>

ProxyPass /config !
<FilesMatch “^/(config|tmp|core|lang)$”>
Require all denied

<Directory /var/www/html/matomo>
DirectoryIndex index.php
Options FollowSymLinks
AllowOverride All
Require all granted

RewriteEngine on
RewriteCond %{SERVER_NAME} [OR]
RewriteCond %{SERVER_NAME}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Hi @Naser_Aslam
Can you manage this problem with .htaccess files?
Also have a look at:


Ideally the files should not be in public folder. But the htaccess protection is good enough as a firewall/sandbox.

The root problem is, that my installation didn’t create the htaccess (i guess not enough file permissions to write the file, but didn’t show an error). the htaccess is good enough as a security.

I will test it soon in another server and debug the installation, why the file was not created.

the installer checks a hundred things, but not if the disk is writable.
or check if the .htaccess file is there.

It’s the Murphy’s law case. “that will never happen”. But i managed to trigger the bug.
The rule never to ignore errors, but break on critical errors.

A “defensive programming” could be to have a .htaccess default in the github which will
get replaced, and the default redirects to a error page to tell something is wrong with the
htaccess and needs to be generated.

also one suspicious thing is to use “.zip” file on a unix server. as all the file-permissions get lost. Normally its better to have a .tgz install file. I tried to follow the instructions. Maybe the behaviour is different cloning the github project instead of using the compiled .zip
Also some file permissions might change if you upload files with ftp, or upload the zip and extract it on server via ssh (bash).

1 Like

Hi @Unterberger.Media
Can you add your interesting information in the GitHub ticket? This can help development team to improve the distribution and/or the documentation…

Sure, i can share my findings. First i need to replicate the issue, and fix my installation. It will take a few days. As this is a “theoretical” problem, and not immediate, my priority to fix it it is medium and not highest on my list.

I am lucky to have different projects and servers to test it and figure out if it is a one off and i made mistakes installing it, or if it is a repeatable bug.

And even if i made it wrong, the manual/tutorial installing it, and the install wizard, should make aware of this rare case.

I think it went under the radar, as my matomo installation “works” even without the htaccess, but i got suspicious in terms of security.

Digging deeper in this forum i learned after a while, that the project takes this serious enough (eg. protecting private files with a htaccess) and my installation has an error. Still it hold true that build-tools should not be in the public folders in first place, because things can always break in ways which are out of your control.

Statistically probably a few people of the 100k to 1 Mio users of matomo server also had the bug, but it is probably not often. And the cloud version is safe with a correct installation.

Its good that these topics can be discussed in the forum, which might take a few days, but surfaces interesting information which is hidden when you just browse the manual.

I have another “bug” with “custom dimensions” even when it was still piwik. So i will do some research what i might do wrong. (its a behaviour which worked in google analytics, but porting it to matomo, does not behave in an expected way) . i am not sure if i use it wrong, or if its a bug. I will do some research and open another thread/question.

Hi @Unterberger.Media ,
Actually, It was my mistake or blunder, I was updating the config fine which was redirecting all the traffic to another file i.e. at port 443 SSL file.

I added the following configuration in the config file which is listening port 443 and the error was resolved.

However, thanks for your explanation!

But that is useful information “sharing your mistake”. I think this forum with the open general question is the field of “fuzzy and confusing” things, where one can find the odd and strange rare cases and get ideas how to solve it. 99% is in the manual and doing it right. This forum is for the 1% of odd things. And sometimes its real bugs in strange combination, and sometimes its just doing it wrong, but one gets hints to find the right way to do it.