I’d like to install Piwik so that the admin area is only accessible via https, for security and privacy reasons, while monitoring usage of a site that is accessible via http.
(I have at present at least two (related) websites that I’d like to monitor, and am dithering as to whether I want to install a separate instance of Piwik on each site or use a shared installation (although I am aware that by referring to a different hostname this would make it harder or impossible to record usage by visitors using RequestPolicy/NoScript/etc, although perhaps realistically they may be only a relatively small proportion of visitors and would not affect overall trends much, and also that I should just respect their (implied) request for privacy).)
Am I right in thinking that my Piwik installation should be served via both https (to allow secure access to the admin area) and also http (in order to avoid mixed-content errors were I to attempt to include https tracking code on the http site)?
To prevent malicious access to inappropriate files, I could put in place Apache access restrictions to prevent unauthorised access to the admin area files. Are the only files that would need to be accessed by a ‘client’ website (ie, that should not have access restrictions) the piwik.js and piwik.php files in the Piwik root folder?
Thanks for any advice.