Tracker-proxy, SSL and Cloudflare = Tracking stop working


I´ve turned everywhere, so I try to turn here too for support on this issue.

I am currently using the tracker-proxy (GitHub - matomo-org/tracker-proxy: HTTP proxy for Piwik's tracker API. This script allows to track websites with Piwik without revealing to your visitors the secret Piwik server URL.) on a server with DNS on Cloudflare, everything works great! But then I wanted to track also https, so I activated SSL on cloudflare (SSL Flexible). At the same moment I activated SSL all tracking on my Piwik installation stops working. The proxy script cant deliver piwik.js (file_get_contents) and gives the error message *Cant fetch piwik.js or something like that. If I deactivate SSL it starts working again immediately.

So I tried adding two pull requests (*Added User Agent in JS request, then *Use cURL if fopen is not available). But adding those doesnt seem to help. I have allow_url_fopen = On, the server is PHP/5.4.39-0+deb7u1. It just seems as though as soon as I turn on SSL, the script cant execute file_get_contents with an absolute path (eg $Piwik_URL + piwik.js). A relative path (eg piwik.js since its in the same folder) works but that doesnt get the tracking going. Neither does cURL even though its enabled and should work. If I put the tracker-proxy on another server with SSL the tracking works, it just doesnt seem to work with Cloudflare, which I need it to do.

So do you guys know any thinkable solutions to this? Could it be the SSL-type is incompatible? Is it Cloudflare or is it a server setting (eg. php.ini). I´ve had someone suggest maybe extension=php_openssl.dll needs to be set. I´ve tried all possible settings in config.ini on the piwik server without success.

Im thankful for any pointers or tips towards bringing this problem to a solution. My knowledge around php and server configuration is not the best. But im working on it!

*Flexible SSL – SSL between the visitor and CloudFlare – visitor sees HTTPS on your site, but no SSL between CloudFlare and your web server. You don’t need to have an SSL cert on your web server, but your visitors will still see the site as being HTTPS enabled.

(Matthieu Aubry) #2

Hi @michaelscott thanks for the report. Could you create an issue on the issue tracker for this, and if you have already done it maybe post a link here?