Reverse proxy trouble - All visitor IP's showing up as the webserver

I’m running Piwik through a reverse proxy using Apache in order to deliver the code securely without SSL on the Piwik server. So the website being tracked “thinks” it’s getting the code locally hosted, but it’s really getting it from another, non-SSL domain. (This obviously doesn’t give the code itself any added security - which it doesn’t need regardless - it just prevents the user’s browser from throwing an insecure-elements warning.)

The problem is that the IP addresses for all my visitors are showing up as the IP address of the webserver where the site is hosted. Funnily enough, they do show up with different country flags in the visitor log, but the locations and providers report shows just the one state and city where the webserver is located. Any ideas for how to approach this would be greatly appreciated. I’m on Piwik 1.5.

Just wanted to follow up here since I found the solution in the docs. All it requires is adding two line to config.ini.php:


[General]
proxy_client_headers[] = HTTP_X_FORWARDED_FOR

Hope this helps somebody else.

Yes, it works. But… for all new sessions (any log in after adding the two lines) will result :

Error: Form security failed. Please reload the form and check that your cookies are enabled. If you use a proxy server, you must configure Piwik to accept the proxy header that forwards the Host header. Also, check that your Referer header is sent correctly.

So, it is either client IP with no one being able to log in, or reverse proxy IP address and can log in.

Have you come across this issue?

I’m on 1.8.4.

** luckily, I can log in via Piwik Mobile, and have access to all functions. **

I actually am not using this setup anymore as I have switched the site in question to a different analytics package. I’m not sure I understand the problem you’re encountering. Are you trying to access the Piwik interface itself through a reverse proxy? If so, I’m afraid I don’t know anything about that as I never had any need to do it. I only used the reverse proxy to serve the code, not to access the interface.