Setup for monitoring http site with admin area accessible via https?


I’d like to install Piwik so that the admin area is only accessible via https, for security and privacy reasons, while monitoring usage of a site that is accessible via http.

(I have at present at least two (related) websites that I’d like to monitor, and am dithering as to whether I want to install a separate instance of Piwik on each site or use a shared installation (although I am aware that by referring to a different hostname this would make it harder or impossible to record usage by visitors using RequestPolicy/NoScript/etc, although perhaps realistically they may be only a relatively small proportion of visitors and would not affect overall trends much, and also that I should just respect their (implied) request for privacy).)

Am I right in thinking that my Piwik installation should be served via both https (to allow secure access to the admin area) and also http (in order to avoid mixed-content errors were I to attempt to include https tracking code on the http site)?

To prevent malicious access to inappropriate files, I could put in place Apache access restrictions to prevent unauthorised access to the admin area files. Are the only files that would need to be accessed by a ‘client’ website (ie, that should not have access restrictions) the piwik.js and piwik.php files in the Piwik root folder?

Thanks for any advice.

Yes piwik.js|php are the only two files required for tracking. If you use the API there is also index.php.

See some tips in: 301 Moved Permanently

if you dont find what you’r elooking for in this post, please reply to it with your solution :slight_smile: