This is in the latest version of Piwik 3.2.0
If you head to the HTTPS address, using the direct IP, and get the warning message about an untrusted hostname, then view the source of that page, the listing for piwik.piwik_url is the INTERNAL IP and not the EXTERNAL that you used to get there. This should be fixed, it’s a low risk, but the internal should never be exposed to the general public. The only work around we have right now is to disable this feature using enable_trusted_host_check=0 Viewing the source with it disabled, displays the correct external IP.
Haven't had a closer look, but afaik it should output
Matomo discloses the server's internal IP address via the 'Location' header if you access /index.php/ with a non-default host header
Internal IP disclosure poses no real risk on its own, but it makes exploiting other vulnerabilities like SSRF quite a lot easier. I do not expect a bounty for this.