Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Visits aren't saved behind proxy #333

Open
ikerib opened this issue Sep 8, 2023 · 0 comments
Open

Visits aren't saved behind proxy #333

ikerib opened this issue Sep 8, 2023 · 0 comments
Labels
question

Comments

@ikerib
Copy link

ikerib commented Sep 8, 2023
edited
Loading

Hi,

I readed #295 and #210 and some other issues. If i run docker-compose logs -f and I use my celular I can see this on the logs:

docker-app-1  | 172.25.0.2 -  08/Sep/2023:08:28:07 +0000 "POST /matomo.php" 200
docker-web-1  | 172.23.64.99 - - [08/Sep/2023:08:28:07 +0000] "POST /matomo.php?action_name=Build%20de%20Domain&idsite=2&rec=1&r=108308&h=10&m=28&s=7&url=https%3A%2F%2Fwww.domain.eus%2Fes%2Finicio&_id=c872d29882a35929&_idn=0&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=390x844&pv_id=pn4VxN&pf_net=444&pf_srv=1531&pf_tfr=0&pf_dm1=471&uadata=%7B%7D HTTP/1.0" 204 0 "https://www.domain.eus/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1" "104.28.88.117"

but this visit is not stored on the database (I checked it).

I've configured 2 sites:

  • Intranet => is working wall (but I need to enable geoip because it says all visits are from USA)
  • External web => Data is send and received but not stored on the database and in the dashboard I have 0 visits.

This is my nginx reverse proxy config:

server {
    listen              443;
    server_name         matomo.domain.eus;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    location / {
            proxy_pass https://matomo.domain.net/;

            proxy_redirect off;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Proto https;

            proxy_set_header Connection "";
    }
}

Also this is my matomo.conf for nginx:

upstream php-handler {
	server app:9000;
}

server {
	listen 80;
	listen 443 ssl;
    ssl_certificate     /etc/nginx/ssl/file.crt;
    ssl_certificate_key /etc/nginx/ssl/file.key;

    add_header Referrer-Policy origin; # make sure outgoing links don't show the URL to the Matomo instance
    root /var/www/html; # replace with path to your matomo instance
    index index.php;
    try_files $uri $uri/ =404;

    ## only allow accessing the following php files
    location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs).php {
        # regex to split $uri to $fastcgi_script_name and $fastcgi_path
        fastcgi_split_path_info ^(.+\.php)(/.+)$;

        # Check that the PHP script exists before passing it
        try_files $fastcgi_script_name =404;

        include fastcgi_params;
                fastcgi_param REMOTE_ADDR $http_x_real_ip;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
        fastcgi_pass php-handler;
    }

    ## deny access to all other .php files
    location ~* ^.+\.php$ {
        deny all;
        return 403;
    }

    ## disable all access to the following directories
    location ~ /(config|tmp|core|lang) {
        deny all;
        return 403; # replace with 404 to not show these directories exist
    }
    location ~ /\.ht {
        deny all;
        return 403;
    }

    location ~ js/container_.*_preview\.js$ {
        expires off;
        add_header Cache-Control 'private, no-cache, no-store';
    }

    location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
        allow all;
        ## Cache images,CSS,JS and webfonts for an hour
        ## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
        expires 1h;
        add_header Pragma public;
        add_header Cache-Control "public";
    }

    location ~ /(libs|vendor|plugins|misc/user) {
        deny all;
        return 403;
    }

    ## properly display textfiles in root directory
    location ~/(.*\.md|LEGALNOTICE|LICENSE) {
        default_type text/plain;
    }
}

I also edited config/config.ini.php and mounted via docker-compose volume option to override with this changes:

[General]
proxy_client_headers[] = HTTP_X_FORWARDED_FOR
proxy_host_headers[] = HTTP_X_FORWARDED_HOST
force_ssl = 1                 ;please add this as well
assume_secure_protocol = 1    ;if you add this

Does anyone know why visit data is not being saved?
I don't know what else to try.....

thanks in advance
@J0WI J0WI added the question label Nov 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ikerib @J0WI