White dashboard after fresh install


(Mike van Eckendonk) #1

Hi,

I created a Mysql user and Dbase following the guide.
Gave the use
GRANT FILE ON . TO ‘user’@‘localhost’;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON database.* TO ‘user’@‘localhost’

And installed without an error message. Created my first site for analytics, and place the code in the header of the site. Did some testing with the site to generate data, but when I wanted to look if there was any thing the Dashboard was completly white.

Also checking setting is white. So I can’t use it. I already did several setups and this is not the first time that it happens.

What can I do to fix it and to prevent it in the future?


(Lukas Winkler) #2

Hi,

This indicates that some PHP error is happening (or the dashboard is not loading properly).

Check your browsers console and the PHP error log to find out what exactly is the error and how to solve it.


(Mike van Eckendonk) #3
Error: "[$compile:tpload] http://errors.angularjs.org/1.6.5/$compile/tpload?p0=plugins%2FCoreHome%2Fangularjs%2Fnotification%2Fnotification.directive.html%3Fcb%3D21eba11d2ce30bacaf751a2415b55313&p1=403&p2=Forbidden"
    K https://domain.com/analytics/index.php?module=Proxy&action=getCoreJs&cb=21eba11d2ce30bacaf751a2415b55313:126
    g https://domain.com/analytics/index.php?module=Proxy&action=getCoreJs&cb=21eba11d2ce30bacaf751a2415b55313:280
    k https://domain.com/analytics/index.php?module=Proxy&action=getCoreJs&cb=21eba11d2ce30bacaf751a2415b55313:255
    $digest https://domain.com/analytics/index.php?module=Proxy&action=getCoreJs&cb=21eba11d2ce30bacaf751a2415b55313:266
    $apply https://domain.com/analytics/index.php?module=Proxy&action=getCoreJs&cb=21eba11d2ce30bacaf751a2415b55313:269
    l https://domain.com/analytics/index.php?module=Proxy&action=getCoreJs&cb=21eba11d2ce30bacaf751a2415b55313:221
    onload https://domain.com/analytics/index.php?module=Proxy&action=getCoreJs&cb=21eba11d2ce30bacaf751a2415b55313:227

Well, it’s full with that.


(Lukas Winkler) #4

Hi,

Can you check the network tab if requests are failing?
Maybe your server is returning 403 for some of the .html files.


(Mike van Eckendonk) #5

All files give 403 on GET
for example:

Request URL:https://domain.com/analytics/plugins/CoreHome/angularjs/notification/notification.directive.html?cb=21eba11d2ce30bacaf751a2415b55313
Request method:GET
Remote address: x.x.xx.x
Status code:
403
Version:HTTP/2.0
Referrer Policy:no-referrer-when-downgrade

But the file has this permission -rw-r----


(Lukas Winkler) #6

As you are using your Matomo in a subdirectory it is highly likely that the .htaccess file of the main directory is interfering.


(Mike van Eckendonk) #7

I’m use nginx and there is no .htaccess file in the main directory

There are some .htaccess files in some other directories, maybe I should whitelist them in my system.

.htaccess file in plugins folder

# This file is auto generated by Matomo, do not edit directly
# Please report any issue or improvement directly to the Matomo team.

# First, deny access to all files in this directory
<Files "*">
<IfModule mod_version.c>
        <IfVersion < 2.4>
                Order Deny,Allow
                Deny from All
        </IfVersion>
        <IfVersion >= 2.4>
                Require all denied
        </IfVersion>
</IfModule>
<IfModule !mod_version.c>
        <IfModule !mod_authz_core.c>
                Order Deny,Allow
                Deny from All 
        </IfModule>
        <IfModule mod_authz_core.c>
                Require all denied
        </IfModule>
</IfModule>
</Files>
# Serve HTML files as text/html mime type - Note: requires mod_mime apache module!
<IfModule mod_mime.c>
   AddHandler text/html .html
   AddHandler text/html .htm
</IfModule>
# Allow to serve static files which are safe
<Files ~ "\.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$">
<IfModule mod_version.c>
        <IfVersion < 2.4>
                Order Allow,Deny
                Allow from All
        </IfVersion>
        <IfVersion >= 2.4>
                Require all granted
        </IfVersion>
</IfModule>
<IfModule !mod_version.c>
        <IfModule !mod_authz_core.c>
                Order Allow,Deny
                Allow from All
        </IfModule>
        <IfModule mod_authz_core.c>
                Require all granted
        </IfModule>
</IfModule>
</Files>

nginx -V
nginx version: nginx/1.15.12 (190419-192224-centos7-kvm)
built by gcc 8.2.1 20180905 (Red Hat 8.2.1-3) (GCC) 
built with OpenSSL 1.1.1b  26 Feb 2019
TLS SNI support enabled
configure arguments: --with-ld-opt='-Wl,-E -L/usr/local/zlib-cf/lib -L/usr/local/lib -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/zlib-cf/lib:/usr/local/lib' --with-cc-opt='-I/usr/local/zlib-cf/include -I/usr/local/include -m64 -march=x86-64 -mavx -mavx2 -mpclmul -msse4 -msse4.1 -msse4.2 -DTCP_FASTOPEN=23 -g -O3 -Wno-error=strict-aliasing -fstack-protector-strong -flto --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -fcode-hoisting -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --build=190419-192224-centos7-kvm --with-compat --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --add-dynamic-module=../ngx_brotli --add-dynamic-module=../ngx_http_geoip2_module --add-dynamic-module=../incubator-pagespeed-ngx-1.13.35.2-stable --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.2 --add-module=../ngx_cache_purge-2.5 --add-dynamic-module=../ngx_devel_kit-0.3.0 --add-dynamic-module=../set-misc-nginx-module-0.32 --add-dynamic-module=../echo-nginx-module-0.61 --add-module=../redis2-nginx-module-0.15 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.18 --add-module=../srcache-nginx-module-0.31 --add-dynamic-module=../headers-more-nginx-module-0.33 --with-pcre-jit --with-zlib=../zlib-cloudflare-1.3.0 --with-http_ssl_module --with-http_v2_module --with-openssl=../openssl-1.1.1b --with-openssl-opt='enable-ec_nistp_64_gcc_128 enable-tls1_3'

Sorry for the long configure arguments, I don’t know how to post them nicely on this forum


(Lukas Winkler) #8

In that case I’d recommend you to check your nginx log on why it returns 403.

You can also take a look at GitHub - matomo-org/matomo-nginx: Nginx configuration for running Matomo for comparison.


(Mike van Eckendonk) #9

Hmmm, guess my autoproct include file for vhos.conf is the issue that block .htaccess files due security

# /home/nginx/domains/XXX/public/analytics/config
location ~* ^/analytics/config/ { allow 127.0.0.1; deny all; }
# /home/nginx/domains/XXXX/public/analytics/lang
location ~* ^/analytics/lang/ { allow 127.0.0.1; deny all; }
# /home/nginx/domains/XXX/public/analytics/misc/user
location ~* ^/analytics/misc/user/ { allow 127.0.0.1; deny all; }
# /home/nginx/domains/XXX/public/analytics/libs
location ~* ^/analytics/libs/ { allow 127.0.0.1; deny all; }
# /home/nginx/domains/XXXX/public/analytics/core
location ~* ^/analytics/core/ { allow 127.0.0.1; deny all; }
# /home/nginx/domains/XXX/public/analytics/vendor/tecnickcom/tcpdf/tools
location ~* ^/analytics/vendor/tecnickcom/tcpdf/tools/ { allow 127.0.0.1; deny all; }
# /home/nginx/domains/XXX/public/analytics/vendor
location ~* ^/analytics/vendor/ { allow 127.0.0.1; deny all; }
# /home/nginx/domains/XXX/public/analytics/plugins
location ~* ^/analytics/plugins/ { allow 127.0.0.1; deny all; }
# /home/nginx/domains/XXX/public/analytics/tmp
location ~* ^/analytics/tmp/ { allow 127.0.0.1; deny all; }

Disabled it by

#  include /usr/local/nginx/conf/autoprotect/XXX/autoprotect-XXX.conf;

Guess that adding my IP to allow 127.0.0.1; will resolve it and keep the autoprotect intact

For now the dashboard works again

Thanks for the GitHub link, it sure has some setting that improve my config like Referrer-Policy origin;
Will use some parts of it to improve my config and whitelist some autoprotect issues