New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better documentation of Proxy setup #16379
Comments
Thanks for all this @bazzadp very appreciated |
Thank you for this great product 😀 Is this page in GitHub? If so I’m happy to open a PR with the above info if you agree with what I’ve said and can point me at where this? |
Hi @bazzadp, The FAQs are not on GitHub, but if you can send us your improvements, we can replace the text. |
@bazzadp here is the text of the current FAQ in markdown, if you're able to suggest some improvements, we'd love to publish them in the page, that would be very appreciated
|
Thanks that makes it easier! What about this:
|
Thank you very much @bazzadp for your suggestion 💪 |
Could we add to the documentation how
X-Forwarded-For
type headers are transformed for when you want to set them up inconfig.ini.php
when usingproxy_client_headers
?Namely that the following transforms take place for the HTTP Header name:
So if your server is sending
X-Forwarded-For
(likemod_proxy
does for Apache for example) then this should be entered in the config asHTTP_X_FORWARDED_FOR
.Additionally it is possible to have multiple
proxy_client_headers
and they should be added to the config in order of preference. For example:Means first try the
HTTP_WAF_FORWARDED_FOR
header and if that doesn’t exist, then try theHTTP_LB_FORWARDED_FOR
and if neither exists then finally tryHTTP_X_FORWARDED_FOR
.Within these, it is possible to have multiple IPs. The IPs are are used in reverse order and you can use
proxy_ips
config to exclude known IPs.So if you have the following headers:
And the following set up in
config.ini.php
:Then it would first look at
HTTP_X_FORWARDED_FOR
and start at the right-most IP (192.168.10.20), which would be discarded as matches theproxy_ips[]
. Next it would move left and find123.456.78.9
which is what would be selected as the real ip.It’s also possible to debug this to list all these details in the Matomo log file.
Some or all of this may be obvious to regular PHP developers (or regular Matomo administrators) but just spent quite a bit of time getting this setup on my server and I feel the documentation could be improved here to prevent future people making the same mistakes I initially did.
The text was updated successfully, but these errors were encountered: