SSL proxy redirects to root at login


(Nathaniel) #1

as suggested I added this to the config.ini.php file:

; Uncomment line below if you use a standard proxy
proxy_client_headers[] = HTTP_X_FORWARDED_FOR
proxy_host_headers[] = HTTP_X_FORWARDED_HOST

; Uncomment line below if you use CloudFlare
proxy_client_headers[] = HTTP_CF_CONNECTING_IP

; Uncomment line below if you use another proxy (that sets Client-IP header)
proxy_client_headers[] = HTTP_CLIENT_IP

but now after login from https://www.mysite.com/piwik/ I get redirected to https://www.mysite.com/

How can I fix this?


(Steve Mercer) #2

I don’t know how to fix your problem but that code looks wrong. From the comments you should only uncomment one of those blocks (Not all three).


(Nathaniel) #3

Valdhor - excellent point! Thanks for your note.

The problem still persist if using just this:

proxy_client_headers[] = "HTTP_X_FORWARDED_FOR"
proxy_host_headers[] = "HTTP_X_FORWARDED_HOST"

And if using just this:

proxy_client_headers[] = HTTP_CLIENT_IP

or just:

proxy_client_headers[] = HTTP_CF_CONNECTING_IP

my proxy it not working.


(Steve Mercer) #4

A stab in the dark:

In your config.ini.php file add the following:

login_logout_url = https://www.mysite.com/piwik/


(Nathaniel) #5

Good stab … but it did not work. I tried

login_logout_url = https://www.mydomain.com/piwik/

and

login_logout_url = "https://www.mydomain.com/piwik/"

It really only controls where the redirect of the exit should go.


(Steve Mercer) #6

Annoying. The only thing I can think of is that you must have a redirect in your HTTPS configuration. Do you use Apache? Do you have a separate SSL configuration or is it in the httpd.conf file? Do you have an htaccess policy or file in that directory? If you’re not using Apache I can’t really help any more.


(Nathaniel) #7

Yes I use Apache and IIS, but Apache is in the front. And I use Apache to host Piwik.
Over all it is not such a big deal, I just need to click back on the browser to get logged in passed the Login Screen, and I am inside the Piwik App.

httpd-ssl.conf has the following entry:

<IfModule mod_proxy.c>    
  ProxyRequests Off	
  ...
  ProxyPass         /piwik/   http://192.168.1.104:8080/
  ProxyPassReverse  /piwik/   http://192.168.1.104:8080/
  ...
  RewriteRule ^(.+)$  https://www.myserver.com/$1 [P,L]
</IfModule>

And http://192.168.1.104:8080/ is hosted on the same server using Apache.


(Steve Mercer) #8

Perhaps try turning off the rewrite stuff and see what happens?


(Nathaniel) #9

If I turn off the RewriteRule none of the proxy’s will work. I need this for the proxy to work.


(Steve Mercer) #10

I’m guessing you need a RewriteRule before your current rule to take the case of Piwik and redirect it before the rule you have.


(Nathaniel) #11

Interesting. I tried changing the order, but that did not make a difference.


However, at closer look at my httpd-ssl.conf file I discovered another entry (much lower in the file) for port 8080. This is what it looks like:

<VirtualHost www.myserver.com:443>
    ...
    <IfModule mod_proxy.c>    
        ProxyRequests Off	
        ...
        ProxyPass         /piwik/   http://192.168.1.104:8080/
        ProxyPassReverse  /piwik/   http://192.168.1.104:8080/
        ...
        RewriteRule ^(.+)$  https://www.myserver.com/$1 [P,L]
    </IfModule>
    ...
    <Proxy "http://192.168.1.104:8080">
        ProxyHTMLEnable  on
        ProxyHTMLExtended on
        ProxyHTMLURLMap  http://192.168.1.104:8080 https://www.myserver.com/piwik
    </Proxy>
    ...
</VirtualHost>

For http://192.168.1.104:8080 I have the following:

<VirtualHost _default_:8080>
    ServerName 192.168.1.104:8080
    AddHandler text/html .html
    LogLevel warn	
    # RewriteCond %{REQUEST_URI} analytics
    # RewriteRule .* https://www.myserver.com/piwik/
    <Directory "D:/www/piwik">
        Options Indexes FollowSymLinks Includes ExecCGI
        AllowOverride All
        Require all granted
    </Directory>
    DocumentRoot "D:/www/piwik"
    DirectoryIndex index.php 
</VirtualHost>

As a side note. As it stands, something is not working properly with the setup. Somehow Piwik is not recording visits from different domain names. I don’t know if this would be related. It somehow only records domain name visits from https://www.myserver.com/ and none of the other domain names. I use to have it working not using https but http. This is my VB code:

(I sins found the problem / see correction in bold)

<%
function write_site_number()
	if DotComType = "ch" then
		response.write("2")
	elseif DotComType = "com" then
		response.write("1")
	elseif DotComType = "eu" then
		response.write("3")
	else
		response.write("4")
	end if
end function

%><script type="text/javascript">
  var _paq = _paq || [];
  _paq.push(["setDocumentTitle", document.domain + "/" + document.title]);
  _paq.push(["setCookieDomain", "*.myserver.<%=DotComType %>"]);
  _paq.push(["setDomains", ["*.myserver.<%=DotComType %>"]]);
  <%
  if request.querystring("addCampain") <> "" then %>
    _paq.push(["setCampaignNameKey", "helloName"]);
    _paq.push(["setCampaignKeywordKey", "helloKey"]);
    _paq.push(["setCustomVariable",1,"var","name","visitor"]);<%
  end if 
  %>
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {

this did not track calls from: www.myserver.ch or www.myserver.net

        var u="//www.myserver.com/piwik/";

new - adding the https works:

        var u="https//www.myserver.com/piwik/";
	

	_paq.push(['setTrackerUrl', u+'piwik.php']);
	_paq.push(['setSiteId', '<% call write_site_number() %>']);
	var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
	g.type='text/javascript'; g.defer=true; g.async=true; 
	g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<noscript><p><img src='https://www.myserver.com/piwik/piwik.php?idsite=<% 
     call write_site_number() %>' style="border:0;" alt="" /></p></noscript>

(Steve Mercer) #12

Glad you figured it out.:relaxed:


(Nathaniel) #13

Yes, me too.

The login bug problem that redirects the request from the piwik folder ".../piwik/index.php" to the root folder ".../index.php" during login still remains. I could add a index.php page in the root folder that would in return redirect back to the piwik folder ".../piwik/index.php" but do not think that this is the way so solve it.


#14

Hi there, any solution found for this redirect redirect Problem after login? Having the same Problem.


#15

That redirect redirect bug is still active. Here related post , and here the bug report.