@courtens opened this Issue on June 3rd 2017

There are three issues I have, and they are all related to the proxy setup problem I am experiencing.

1) ======
On the login page located here https://www.mydomainname.com/piwik/ I get a broken logo image. The logo image is located on the server at But somehow the proxy (or piwik) responds that the logo.svg file is located here: https://www.mydomainname.com/plugins/Morpheus/images/logo.svg which is wrong, where in fact it should be https://www.mydomainname.com/piwik/plugins/Morpheus/images/logo.svg. Somehow /piwik/ gets dropped.

2) ======
Immediately after logging in I get a redirect to a page that prompts: No input file specified. (or a redirect to https://www.mydomainname.com/ instead of https://www.mydomainname.com/piwik/) It is only after clicking back on the browser that I get redirected to the piwik website. Somehow the piwik code truncates the piwik folder during the redirect right after a successful login (back to the root folder.) This redirect brakes the page.

3) =====
The "All Websites" page is not working (not giving me any data), only the "Dashboard" page works. "Add a new website" goes to https://www.mydomainname.com/?module=SitesManager&action=index&showaddsite=1&period=range&date=previous30&idSite=1 but it should go to https://www.mydomainname.com/piwik/?module=SitesManager&action=index&showaddsite=1&period=range&date=previous30&idSite=1

Same issue as issue 1 and 2, a redirect dropping the working folder I am in.

=== my setup ============
I am running Ubuntu, hosting VM (VirtualBox) Win10 serving:
Piwik 3.0.4 (running on IIS)
Apache 2.4 listening to :80 and :443
Apache proxy from https://www.mydomainname.com/piwik/ to
IIS 10 is hosting Piwik on

relevant parts of my httpd-ssl.conf file

<IfModule mod_proxy.c>    
    ProxyRequests Off   
    ProxyPass       / 
    ProxyPassReverse    / 
    ProxyPass           /piwik/
    ProxyPassReverse    /piwik/
    RewriteRule ^(.+)$ https://www.mydomainname.com/$1 [P,L]        
<Proxy "">
    SetOutputFilter proxy-html
    ProxyHTMLEnable  on
    ProxyHTMLExtended on
    ProxyHTMLURLMap https://www.mydomainname.com/piwik/

my piwik global.ini.php file is set to:

force_ssl = 0
assume_secure_protocol = 0
;proxy_host_headers[] = HTTP_X_FORWARDED_HOST ; List of proxy headers for host IP addresses

host =  ; Proxy host
port =  ; Proxy port

I tried host =; port = 8080; -- but it did not fix the issue.

@halfer commented on June 16th 2017

I'm Dockerising my Piwik install presently, and am getting the same. I use Apache in the host and in the guest. Here's the Apache config in the host:

Listen 9998
Listen 9999

<VirtualHost *:9998>
        ServerName myserver.example.com

        ProxyPass /
        ProxyPassReverse /

<IfModule mod_ssl.c>
    <VirtualHost *:9999>
        ServerName myserver.example.com

        ProxyPass /
        ProxyPassReverse /

        SSLCertificateFile /etc/letsencrypt/live/myserver.example.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/myserver.example.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

This results in a broken logo URL of:

That IP address is the internal IP of the container, accessible only to the host. I expect I can write a mod_proxy rule to resolve it, but it feels better to fix it at the Piwik end, to make things more "plug and play". What do the core team think?

@halfer commented on June 16th 2017

Could be a duplicate of:

The last one says it is resolved by #9145, but that sounds like a different issue.

@halfer commented on June 16th 2017

I've managed to work around it, by enabling the proxy_html module. On Ubuntu:

a2enmod proxy_html

then add this config to the vhost:

SetOutputFilter proxy-html
@courtens commented on June 17th 2017

halfer, have you tried calling it over a SSL connection? For me - that is what is breaking (not working). Over a non-SSL connection it works, but I would like to use SSL connection.

@halfer commented on June 18th 2017

@courtens: my configuration presently is: SSL on the host, proxying to the container via plaintext. After adding the two lines above, the logo.svg thing stops causing a mixed content error, and renders the logo fine.

However my work has paused there. My live instance is running v2.17.x but my Piwik Docker build (pointing to the same database) contains 3.x, and as a result I get the database upgrade screen. I think my next step is to do a manual upgrade on live, and then I can play around with the containerised version to see if there are any problems.

What specifically is still not working for you? I've seen reports of several things not working - logo, sparkline graphs, and some other things I think. I've only experienced the logo so far, and I think I've now fixed that.

@courtens commented on June 18th 2017

@halfer I picked to use the "logo not working" as post titles (issue 1 in the first post) because it was simple to document -- other things require more words, but they are all related (see issue 2 and 3 in first post for the other things that are not woring.) I have to note that if I proxy over a non secure connection (proxy server to the world) Piwik works just fine. Piwik is only acting up over a SSL connection (proxy server to the world over SSL) and internal (proxy server to server using port 8080.)

@halfer commented on June 19th 2017

(@courtens: It would be ideal to swap out your hash marks in your comment just now, they link to very old bugs of the same numbers).

@halfer commented on June 19th 2017

I've not been able to replicate item (2).

Item (3) is also a problem for me, it's a JavaScript crash:

"Error: [$compile:tplrt] http://errors.angularjs.org/1.4.10/$compile/tplrt?p0=piwikMultisitesSite&p1=plugins%2FMultiSites%2Fangularjs%2Fsite%2Fsite.directive.html%3Fcb%3D3c01fb1e6eb6de5ed53bf97c40a1bdef
L/<<a class='mention' href='https://github.com/https'>@https</a>://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:125:417
Vf/<<a class='mention' href='https://github.com/https'>@https</a>://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:187:470
f/<<a class='mention' href='https://github.com/https'>@https</a>://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:239:425
$eval<a class='mention' href='https://github.com/https'>@https</a>://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:254:132
$digest<a class='mention' href='https://github.com/https'>@https</a>://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:251:210
$apply<a class='mention' href='https://github.com/https'>@https</a>://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:254:428
g<a class='mention' href='https://github.com/https'>@https</a>://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:207:329
S<a class='mention' href='https://github.com/https'>@https</a>://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:211:448
ag/</t.onload<a class='mention' href='https://github.com/https'>@https</a>://piwik.example.com:9999/index.php?module=Proxy&action=getCoreJs&cb=3c01fb1e6eb6de5ed53bf97c40a1bdef:212:465

See if you get the same, in your browser console? Mine is from latest FF 54/Mint Linux.

Edit: I have removed SetOutputFilter proxy-html from my earlier vhost config, and the problem goes away. Strangely I now don't seem to need the ProxyHTMLURLMap from three days ago - I added some proxy config and SSL forcing to config/config.ini.php, I wonder if either of these fixed it?

For the record they are:

; Uncomment line below if you use a standard proxy
proxy_client_headers[] = HTTP_X_FORWARDED_FOR
proxy_host_headers[] = HTTP_X_FORWARDED_HOST

; Assume TLS
@courtens commented on June 19th 2017

I am getting a long list of JS errors

SyntaxError: test for equality (==) mistyped as assignment (=)?[Learn More]  index.php:4:6159

looking at the code it must be due to a /*! jQuery v2.2.3 | (c) jQuery Foundation | jquery.org/license */ library call.

I am still getting the logo error:

GET https://www.mydomain.com/plugins/Morpheus/images/logo.svg [HTTP/1.1 404 Not Found 524ms]

I have Piwik in a sub-directory, and somehow the code is dropping this. Is there a place in the config file where one can specify the sub-directory to prevent this?

My config.ini.php file is set to (and I made sure that global.ini.php is set to the same)

assume_secure_protocol = 1
proxy_client_headers[] = HTTP_X_FORWARDED_FOR
proxy_host_headers[] = HTTP_X_FORWARDED_HOST
@halfer commented on June 19th 2017

@courtens I don't have any answers over and above my existing detail, as I'm not using subdirs myself. However the detail we have now both supplied may be helpful to devs wanting to repro the problem.

In the meantime, consider using a subdomain instead of a subdir. I appreciate it is not ideal to have to make such a change, but it may get you started again in the short term.

@courtens commented on June 19th 2017

@halfer ..... the problem using sub-domains is that it requires a more expensive SSL certificate. Just using www cost less.

@halfer commented on June 20th 2017

@courtens: you can use Let's Encrypt to get as many certs as you need, free of charge, and automatically renewed, for as long as you want.

@mattab commented on September 14th 2017 Owner

Update regarding this issue: a new pull request was submitted by @user121216 in https://github.com/piwik/piwik/pull/12011 and addresses this issue by 1) requiring the web server to set the header X-Forwarded-Uri with the folder where Piwik resides, and 2) add a new Piwik config setting proxy_uri_header so the forwarded_uri header is used to construct logo URLs.

-> if you could test and leave a comment here or on the PR that would be great? (and maybe also share what the apache config looks like to set this header).

@mattab commented on November 19th 2017 Owner

Hi everyone,

Since #12011 was merged, we consider this issue fixed. Please check the FAQ here for more information: https://piwik.org/faq/how-to-install/faq_98/

in particular check the section If Piwik is behind a reverse proxy and installed in a sub-path

Feedback welcome!

@halfer currently the FAQ only explains how to configure the HTTP_X_FORWARDED_URI header (containing the sub-patch) for NGINX, but would be great if you could let me know how to configure this for apache as well so we can add to the FAQ

@tobiasassmann commented on November 20th 2017

Seems like I have also run into this issue. I have this apache reverse proxy config:

<Location "/piwik">
  RequestHeader set X-Forwarded-Uri "/piwik"
  ProxyPass http://piwik/
  ProxyPassReverse http://piwik/

This results in a header coming to piwik which looks like this:
X-Forwarded-Uri: /piwik

Given this in the config.ini.php
proxy_uri_header = 1
it should be working no ... right?!

@halfer commented on November 20th 2017

Hi @mattab,

I forget the exact details of my proxy woes, but we're several releases of Piwik on since I made my posts above, and my setup has been problem-free for months.

I include below my current Apache config, lightly edited to remove domain-specific stuff, and with my old comments left in (logos and JS are now fine). The Docker container is at on a spare port number, and is protected from direct access from the web using Ufw on Ubuntu.

<VirtualHost *:80>
        ServerName myserver.example.com

        ProxyPass /
        ProxyPassReverse /

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName myserver.example.com

        ProxyPass /
        ProxyPassReverse /

        # This was to fix the logo problem, but introduces a JS error in the
        # "All Websites dashboard". The logo problem seems to have been fixed
        # anyway, odd
        SetOutputFilter proxy-html
        ProxyHTMLURLMap /

        SSLCertificateFile /etc/letsencrypt/live/myserver.example.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/myserver.example.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

(Looking at this, I would guess I have config missing in my non-SSL vhost, but since I don't use it, it has not been something I have needed to fix!).

Let me know if any more info would be useful.

@halfer commented on November 20th 2017

@tobiasassmann: does my (SSL) vhost config above help?

Edit: mine may have been another problem though - I am proxying a root domain to a root domain, whereas the /piwik thing you have suggests to me you're proxying a root domain to a subfolder (or vice versa).

@mattab commented on November 20th 2017 Owner

it should be working no ... right?!

Yes it should but you need to use at least piwik 3.2.1-b1, released yesterday, learn more: http://piwik.org/faq/how-to-update/faq_159/

@tobiasassmann commented on November 21st 2017

@halfer Jep,this is how it should work.
@mattab Thanks for the feedback. We will wait for the next release, as this seems to be a minor issue to us, only affecting the redirect after login.

@courtens commented on March 17th 2018

OK - this is an old issue, but here is what needs fixing:

  1. logo.svg is called from index.php page one directory too low. Instead of index.php/logo.svg it is calling it in index.php/..logo.svg.

  2. https://www.domainname.com/piwik/index.php?module=Proxy&action=getCoreJs&cb=11b0ae1a60ee696302f18c99f6c9e600 has an error on line 242.


This Issue was closed on November 19th 2017
Powered by GitHub Issue Mirror