Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

https proxy call brakes logo.svg URL (also some strange redirect removing /piwik/ folder) and getting a "No input file specified." response. #11765

Closed
courtens opened this issue Jun 3, 2017 · 20 comments
Milestone

Comments

@courtens
Copy link

courtens commented Jun 3, 2017

There are three issues I have, and they are all related to the proxy setup problem I am experiencing.

  1. ======
    On the login page located here https://www.mydomainname.com/piwik/ I get a broken logo image. The logo image is located on the server at http://192.168.1.1:8080/plugins/Morpheus/images/logo.svg. But somehow the proxy (or piwik) responds that the logo.svg file is located here: https://www.mydomainname.com/plugins/Morpheus/images/logo.svg which is wrong, where in fact it should be https://www.mydomainname.com/piwik/plugins/Morpheus/images/logo.svg. Somehow /piwik/ gets dropped.

  2. ======
    Immediately after logging in I get a redirect to a page that prompts: No input file specified. (or a redirect to https://www.mydomainname.com/ instead of https://www.mydomainname.com/piwik/) It is only after clicking back on the browser that I get redirected to the piwik website. Somehow the piwik code truncates the piwik folder during the redirect right after a successful login (back to the root folder.) This redirect brakes the page.

  3. =====
    The "All Websites" page is not working (not giving me any data), only the "Dashboard" page works. "Add a new website" goes to https://www.mydomainname.com/?module=SitesManager&action=index&showaddsite=1&period=range&date=previous30&idSite=1 but it should go to https://www.mydomainname.com/piwik/?module=SitesManager&action=index&showaddsite=1&period=range&date=previous30&idSite=1

Same issue as issue 1 and 2, a redirect dropping the working folder I am in.

=== my setup ============
I am running Ubuntu, hosting VM (VirtualBox) Win10 serving:
Piwik 3.0.4 (running on IIS)
Apache 2.4 listening to :80 and :443
Apache proxy from https://www.mydomainname.com/piwik/ to http://192.168.1.1:8080
IIS 10 is hosting Piwik on http://192.168.1.1:8080

relevant parts of my httpd-ssl.conf file

<IfModule mod_proxy.c>    
	ProxyRequests Off	
	ProxyPass 		/      		http://192.168.1.1:82/
	ProxyPassReverse 	/      		http://192.168.1.1:82/
	ProxyPass			/piwik/	http://192.168.1.1:8080/
	ProxyPassReverse 	/piwik/ 	http://192.168.1.1:8080/
	RewriteRule ^(.+)$ https://www.mydomainname.com/$1 [P,L]		
</IfModule>
<Proxy "http://192.168.1.1:8080">
	SetOutputFilter proxy-html
	ProxyHTMLEnable  on
	ProxyHTMLExtended on
	ProxyHTMLURLMap  http://192.168.1.1:8080 https://www.mydomainname.com/piwik/
</Proxy>

my piwik global.ini.php file is set to:

force_ssl = 0
assume_secure_protocol = 0
;proxy_host_headers[] = HTTP_X_FORWARDED_HOST ; List of proxy headers for host IP addresses

[proxy]
host =  ; Proxy host
port =  ; Proxy port

I tried host = 192.168.1.1; port = 8080; -- but it did not fix the issue.

@halfer
Copy link

halfer commented Jun 16, 2017

I'm Dockerising my Piwik install presently, and am getting the same. I use Apache in the host and in the guest. Here's the Apache config in the host:

Listen 9998
Listen 9999

<VirtualHost *:9998>
        ServerName myserver.example.com

        ProxyPass / http://127.0.0.1:8082/
        ProxyPassReverse / http://127.0.0.1:8082/
</VirtualHost>

<IfModule mod_ssl.c>
    <VirtualHost *:9999>
        ServerName myserver.example.com

        ProxyPass / http://127.0.0.1:8082/
        ProxyPassReverse / http://127.0.0.1:8082/

        SSLCertificateFile /etc/letsencrypt/live/myserver.example.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/myserver.example.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
    </VirtualHost>
</IfModule>

This results in a broken logo URL of:

http://172.17.0.4/plugins/Morpheus/images/logo.svg

That IP address is the internal IP of the container, accessible only to the host. I expect I can write a mod_proxy rule to resolve it, but it feels better to fix it at the Piwik end, to make things more "plug and play". What do the core team think?

@halfer
Copy link

halfer commented Jun 16, 2017

Could be a duplicate of:

The last one says it is resolved by #9145, but that sounds like a different issue.

@halfer
Copy link

halfer commented Jun 16, 2017

I've managed to work around it, by enabling the proxy_html module. On Ubuntu:

a2enmod proxy_html

then add this config to the vhost:

SetOutputFilter proxy-html
ProxyHTMLURLMap http://172.17.0.4/ /

@courtens
Copy link
Author

halfer, have you tried calling it over a SSL connection? For me - that is what is breaking (not working). Over a non-SSL connection it works, but I would like to use SSL connection.

@halfer
Copy link

halfer commented Jun 18, 2017

@courtens: my configuration presently is: SSL on the host, proxying to the container via plaintext. After adding the two lines above, the logo.svg thing stops causing a mixed content error, and renders the logo fine.

However my work has paused there. My live instance is running v2.17.x but my Piwik Docker build (pointing to the same database) contains 3.x, and as a result I get the database upgrade screen. I think my next step is to do a manual upgrade on live, and then I can play around with the containerised version to see if there are any problems.

What specifically is still not working for you? I've seen reports of several things not working - logo, sparkline graphs, and some other things I think. I've only experienced the logo so far, and I think I've now fixed that.

@courtens
Copy link
Author

courtens commented Jun 18, 2017

@halfer I picked to use the "logo not working" as post titles (issue 1 in the first post) because it was simple to document -- other things require more words, but they are all related (see issue 2 and 3 in first post for the other things that are not woring.) I have to note that if I proxy over a non secure connection (proxy server to the world) Piwik works just fine. Piwik is only acting up over a SSL connection (proxy server to the world over SSL) and internal (proxy server to server using port 8080.)

@halfer
Copy link

halfer commented Jun 19, 2017

(@courtens: It would be ideal to swap out your hash marks in your comment just now, they link to very old bugs of the same numbers).

@halfer
Copy link

halfer commented Jun 19, 2017

I've not been able to replicate item (2).

Item (3) is also a problem for me, it's a JavaScript crash:

"Error: [$compile:tplrt] http://errors.angularjs.org/1.4.10/$compile/tplrt?p0=piwikMultisitesSite&p1=plugins%2FMultiSites%2Fangularjs%2Fsite%2Fsite.directive.html%3Fcb%3D3c01fb1e6eb6de5ed53bf97c40a1bdef
L/<@https://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:125:417
Vf/<@https://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:187:470
f/<@https://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:239:425
$eval@https://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:254:132
$digest@https://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:251:210
$apply@https://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:254:428
g@https://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:207:329
S@https://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:211:448
ag/</t.onload@https://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:212:465
"

See if you get the same, in your browser console? Mine is from latest FF 54/Mint Linux.

Edit: I have removed SetOutputFilter proxy-html from my earlier vhost config, and the problem goes away. Strangely I now don't seem to need the ProxyHTMLURLMap from three days ago - I added some proxy config and SSL forcing to config/config.ini.php, I wonder if either of these fixed it?

For the record they are:

; Uncomment line below if you use a standard proxy
proxy_client_headers[] = HTTP_X_FORWARDED_FOR
proxy_host_headers[] = HTTP_X_FORWARDED_HOST

; Assume TLS
assume_secure_protocol=1

@courtens
Copy link
Author

courtens commented Jun 19, 2017

I am getting a long list of JS errors

SyntaxError: test for equality (==) mistyped as assignment (=)?[Learn More]  index.php:4:6159
...

looking at the code it must be due to a /*! jQuery v2.2.3 | (c) jQuery Foundation | jquery.org/license */ library call.

I am still getting the logo error:

GET https://www.mydomain.com/plugins/Morpheus/images/logo.svg [HTTP/1.1 404 Not Found 524ms]

I have Piwik in a sub-directory, and somehow the code is dropping this. Is there a place in the config file where one can specify the sub-directory to prevent this?

My config.ini.php file is set to (and I made sure that global.ini.php is set to the same)

[General]
assume_secure_protocol = 1
proxy_client_headers[] = HTTP_X_FORWARDED_FOR
proxy_host_headers[] = HTTP_X_FORWARDED_HOST

@halfer
Copy link

halfer commented Jun 19, 2017

@courtens I don't have any answers over and above my existing detail, as I'm not using subdirs myself. However the detail we have now both supplied may be helpful to devs wanting to repro the problem.

In the meantime, consider using a subdomain instead of a subdir. I appreciate it is not ideal to have to make such a change, but it may get you started again in the short term.

@courtens
Copy link
Author

@halfer ..... the problem using sub-domains is that it requires a more expensive SSL certificate. Just using www cost less.

@halfer
Copy link

halfer commented Jun 20, 2017

@courtens: you can use Let's Encrypt to get as many certs as you need, free of charge, and automatically renewed, for as long as you want.

@mattab
Copy link
Member

mattab commented Sep 14, 2017

Update regarding this issue: a new pull request was submitted by @user121216 in #12011 and addresses this issue by 1) requiring the web server to set the header X-Forwarded-Uri with the folder where Piwik resides, and 2) add a new Piwik config setting proxy_uri_header so the forwarded_uri header is used to construct logo URLs.

-> if you could test and leave a comment here or on the PR that would be great? (and maybe also share what the apache config looks like to set this header).

@mattab mattab added this to the 3.2.0 milestone Sep 14, 2017
@mattab
Copy link
Member

mattab commented Nov 19, 2017

Hi everyone,

Since #12011 was merged, we consider this issue fixed. Please check the FAQ here for more information: https://piwik.org/faq/how-to-install/faq_98/

in particular check the section If Piwik is behind a reverse proxy and installed in a sub-path

Feedback welcome!

@halfer currently the FAQ only explains how to configure the HTTP_X_FORWARDED_URI header (containing the sub-patch) for NGINX, but would be great if you could let me know how to configure this for apache as well so we can add to the FAQ

@mattab mattab closed this as completed Nov 19, 2017
@mattab mattab modified the milestones: 3.3.0, 3.2.1 Nov 19, 2017
@ghost
Copy link

ghost commented Nov 20, 2017

Seems like I have also run into this issue. I have this apache reverse proxy config:

<Location "/piwik">
  RequestHeader set X-Forwarded-Uri "/piwik"
  ProxyPass http://piwik/
  ProxyPassReverse http://piwik/
</Location>

This results in a header coming to piwik which looks like this:
X-Forwarded-Uri: /piwik

Given this in the config.ini.php
proxy_uri_header = 1
it should be working no ... right?!

@halfer
Copy link

halfer commented Nov 20, 2017

Hi @mattab,

I forget the exact details of my proxy woes, but we're several releases of Piwik on since I made my posts above, and my setup has been problem-free for months.

I include below my current Apache config, lightly edited to remove domain-specific stuff, and with my old comments left in (logos and JS are now fine). The Docker container is at 172.17.0.4 on a spare port number, and is protected from direct access from the web using Ufw on Ubuntu.

<VirtualHost *:80>
        ServerName myserver.example.com

        ProxyPass / http://127.0.0.1:8082/
        ProxyPassReverse / http://127.0.0.1:8082/
</VirtualHost>

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName myserver.example.com

        ProxyPass / http://127.0.0.1:8082/
        ProxyPassReverse / http://127.0.0.1:8082/

        # This was to fix the logo problem, but introduces a JS error in the
        # "All Websites dashboard". The logo problem seems to have been fixed
        # anyway, odd
        SetOutputFilter proxy-html
        ProxyHTMLURLMap http://172.17.0.4/ /

        SSLCertificateFile /etc/letsencrypt/live/myserver.example.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/myserver.example.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
    </VirtualHost>
</IfModule>

(Looking at this, I would guess I have config missing in my non-SSL vhost, but since I don't use it, it has not been something I have needed to fix!).

Let me know if any more info would be useful.

@halfer
Copy link

halfer commented Nov 20, 2017

@tobiasassmann: does my (SSL) vhost config above help?

Edit: mine may have been another problem though - I am proxying a root domain to a root domain, whereas the /piwik thing you have suggests to me you're proxying a root domain to a subfolder (or vice versa).

@mattab
Copy link
Member

mattab commented Nov 20, 2017

it should be working no ... right?!

Yes it should but you need to use at least piwik 3.2.1-b1, released yesterday, learn more: http://piwik.org/faq/how-to-update/faq_159/

@ghost
Copy link

ghost commented Nov 21, 2017

@halfer Jep,this is how it should work.
@mattab Thanks for the feedback. We will wait for the next release, as this seems to be a minor issue to us, only affecting the redirect after login.

@courtens
Copy link
Author

courtens commented Mar 17, 2018

OK - this is an old issue, but here is what needs fixing:

  1. logo.svg is called from index.php page one directory too low. Instead of index.php/logo.svg it is calling it in index.php/..logo.svg.

  2. https://www.domainname.com/piwik/index.php?module=Proxy&action=getCoreJs&cb=11b0ae1a60ee696302f18c99f6c9e600 has an error on line 242.

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants