Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Matomo not working properly in Azure App Service with PHP 8 and Nginx #79

Open
harripaalanen opened this issue Feb 9, 2022 · 13 comments
Open

Matomo not working properly in Azure App Service with PHP 8 and Nginx #79

harripaalanen opened this issue Feb 9, 2022 · 13 comments

Comments

@harripaalanen
Copy link

We are having problems running Matomo 4.6.2 in Azure App Service (Linux based) with PHP 8 and Nginx server. If we run Matomo from the App Service's /home/site/wwwroot/ directory the problems occurs. If we copy the Matomo files over to different directory (/var/www/html owned by the same user running the Nginx) it works just fine. /home directory should be used for apps deployed in App Service.

Is this some kind of permission issue? It is not possible to modify /home permission in Azure App Service. We used https://github.com/matomo-org/matomo-nginx as base config for our Nginx configuration.

Expected Behavior

Matomo works with the Azure App Service + PHP8 + Nginx combination as it is working with Azure App Service with PHP7 and Apache from the default App Service directory.

Current Behavior

Matomo loads very slow, resources (CSS, images) not getting loaded and nothing works. No errors in logs though.

Possible Solution

Temporary workaround is to run the Matomo from different directory (/var/www/html). In this case Matomo works just fine.

Steps to Reproduce (for Bugs)

  1. Set up an Azure Linux-based App Service with PHP8 and Nginx and deploy Matomo
  2. Use Nginx config from https://github.com/matomo-org/matomo-nginx

Context

Your Environment

  • Matomo Version: 4.6.2
  • PHP Version: 8.0.11
  • Server Operating System: Azure App Service (Linux)
  • Additionally installed plugins:
  • Browser:
  • Operating System:
@sgiehl
Copy link
Member

sgiehl commented Feb 9, 2022

Hi @harripaalanen. Thanks for creating the issue. To me this more likely sounds like a webserver configuration issue.
What exactly is the cause for css and images no being loaded? Are the the requests maybe returning a 404? Maybe the user running ngnix didn't have permission to access all files in the Matomo directly and thus couldn't deliver them. Or some kind of webserver configuration prevented the access.

@harripaalanen
Copy link
Author

Yeah, it might be a configuration issue but the strange thing is that exactly the same webserver configuration works with different document root. And the two documents roots have equal contents. Only difference seems to be the permission stuff which we cannot control.

@sgiehl
Copy link
Member

sgiehl commented Feb 9, 2022

Do the matomo files have read/write permission for the user nginx is running with? At least the tmp and misrc directory of Matomo needs to be writable, otherwise it might be broken.

@ZirconCode
Copy link

Can confirm original problem and solution. Still figuring out how to make the workaround persistent, and the specific problem. Absolutely nothing in any of the logs.

@johnymachine
Copy link

Here is the output, folder is writable but owned by nobody:nogroup

2023-02-28T10:47:46.256659301Z: [INFO]     _____
2023-02-28T10:47:46.256735701Z: [INFO]    /  _  \ __________ _________   ____
2023-02-28T10:47:46.256742201Z: [INFO]   /  /_\  \\___   /  |  \_  __ \_/ __ \
2023-02-28T10:47:46.256746801Z: [INFO]  /    |    \/    /|  |  /|  | \/\  ___/
2023-02-28T10:47:46.256750701Z: [INFO]  \____|__  /_____ \____/ |__|    \___  >
2023-02-28T10:47:46.256755001Z: [INFO]          \/      \/                  \/
2023-02-28T10:47:46.256758801Z: [INFO]  A P P   S E R V I C E   O N   L I N U X
2023-02-28T10:47:46.256762601Z: [INFO]
2023-02-28T10:47:46.256766101Z: [INFO]  Documentation: http://aka.ms/webapp-linux
2023-02-28T10:47:46.256769701Z: [INFO]  PHP quickstart: https://aka.ms/php-qs
2023-02-28T10:47:46.256773101Z: [INFO]  PHP version : 8.1.14
2023-02-28T10:47:46.256776701Z: [INFO]  Note: Any data outside '/home' is not persisted
2023-02-28T10:47:49.493984184Z: [INFO]  Starting OpenBSD Secure Shell server: sshd.
2023-02-28T10:47:49.501546399Z: [INFO]  Running oryx create-script -appPath /home/site/wwwroot -output /opt/startup/startup.sh     -bindPort 8080 -startupCommand 'php-fpm;'
2023-02-28T10:47:49.644535598Z: [INFO]  Cound not find build manifest file at '/home/site/wwwroot/oryx-manifest.toml'
2023-02-28T10:47:49.688826291Z: [INFO]  Could not find operation ID in manifest. Generating an operation id...
2023-02-28T10:47:49.688849091Z: [INFO]  Build Operation ID: b73f210e-b61c-40cf-9878-eefcef771195
2023-02-28T10:47:50.033547911Z: [INFO]  Writing output script to '/opt/startup/startup.sh'
2023-02-28T10:47:50.788664189Z: [INFO]  Starting nginx: nginx.
2023-02-28T10:47:51.614396715Z: [ERROR]  [28-Feb-2023 10:47:51] NOTICE: fpm is running, pid 57
2023-02-28T10:47:51.631679651Z: [ERROR]  [28-Feb-2023 10:47:51] NOTICE: ready to handle connections
2023-02-28T10:48:29.489432990Z: [ERROR]  NOTICE: PHP message: [matomo-skaut-prd-weeu-as.azurewebsites.net] Error in Matomo: An exception has been thrown during the rendering of a template ("Error: Unable to start session. Please check that the web server has enough permission to write to these files/directories:<br />For example, on a GNU/Linux server if your Apache httpd user is www-data, you can try to execute:<br /><code>chown -R www-data:www-data /home/site/wwwroot/tmp/sessions</code><br /><code>find /home/site/wwwroot/tmp/sessions -type f -exec chmod 644 {} \;</code><br /><code>find /home/site/wwwroot/tmp/sessions -type d -exec chmod 755 {} \;</code><br /><pre>Debug: the original error was Zend_Session::start() -  Warnings: /home/site/wwwroot/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Session data file is not created by your uid /home/site/wwwroot/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Failed to read session data: files (path: /home/site/wwwroot/tmp/sessions) </pre>").
2023-02-28T10:48:29.494298200Z: [ERROR]  NOTICE: PHP message: [matomo-skaut-prd-weeu-as.azurewebsites.net] Error in Matomo: An exception has been thrown during the rendering of a template ("Error: Nepodařilo se zahájit sezení. Please check that the web server has enough permission to write to these files/directories:<br />For example, on a GNU/Linux server if your Apache httpd user is www-data, you can try to execute:<br /><code>chown -R www-data:www-data /home/site/wwwroot/tmp/sessions</code><br /><code>find /home/site/wwwroot/tmp/sessions -type f -exec chmod 644 {} \;</code><br /><code>find /home/site/wwwroot/tmp/sessions -type d -exec chmod 755 {} \;</code><br /><pre>Debug: the original error was Zend_Session::start() -  Warnings: /home/site/wwwroot/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Session data file is not created by your uid /home/site/wwwroot/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Failed to read session data: files (path: /home/site/wwwroot/tmp/sessions) </pre>").
2023-02-28T10:48:29.565052259Z: [ERROR]  127.0.0.1 -  28/Feb/2023:10:47:52 +0000 "GET /index.php" 500
2023-02-28T10:48:29.579670892Z: [ERROR]  127.0.0.1 -  28/Feb/2023:10:47:52 +0000 "GET /index.php" 500

  /  _  \ __________ _________   ____  
 /  /_\  \\___   /  |  \_  __ \_/ __ \ 
/    |    \/    /|  |  /|  | \/\  ___/ 
\____|__  /_____ \____/ |__|    \___  >
        \/      \/                  \/ 
A P P   S E R V I C E   O N   L I N U X

Documentation: http://aka.ms/webapp-linux
PHP quickstart: https://aka.ms/php-qs
PHP version : 8.1.14
Note: Any data outside '/home' is not persisted
root@df20e180188a:/home# ls
ASP.NET  Data  LogFiles  site
root@df20e180188a:/home# ls -alsh
total 4.0K
   0 drwxrwxrwx   2 nobody nogroup    0 Feb 28 09:29 .
4.0K drwxr-xr-x 131 root   root    4.0K Feb 28 10:47 ..
   0 drwxrwxrwx   2 nobody nogroup    0 Feb 28 09:29 ASP.NET
   0 drwxrwxrwx   2 nobody nogroup    0 Feb 28 09:29 Data
   0 drwxrwxrwx   2 nobody nogroup    0 Feb 28 10:45 LogFiles
   0 drwxrwxrwx   2 nobody nogroup    0 Feb 28 09:29 site
root@df20e180188a:/home# ls -lash
total 4.0K
   0 drwxrwxrwx   2 nobody nogroup    0 Feb 28 09:29 .
4.0K drwxr-xr-x 131 root   root    4.0K Feb 28 10:47 ..
   0 drwxrwxrwx   2 nobody nogroup    0 Feb 28 09:29 ASP.NET
   0 drwxrwxrwx   2 nobody nogroup    0 Feb 28 09:29 Data
   0 drwxrwxrwx   2 nobody nogroup    0 Feb 28 10:45 LogFiles
   0 drwxrwxrwx   2 nobody nogroup    0 Feb 28 09:29 site
root@df20e180188a:/home# ls site/ -lash
total 0
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 .
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 ..
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 deployments
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 locks
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 repository
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 10:18 wwwroot
root@df20e180188a:/home# ls site/wwwroot/ -lash
total 339K
4.0K drwxrwxrwx 2 nobody nogroup 4.0K Feb 28 10:18 .
   0 drwxrwxrwx 2 nobody nogroup    0 Feb 28 09:29 ..
100K -rwxrwxrwx 1 nobody nogroup 100K Feb  8 21:52 CHANGELOG.md
4.0K -rwxrwxrwx 1 nobody nogroup  929 Feb  8 21:52 CONTRIBUTING.md
1.0K -rwxrwxrwx 1 nobody nogroup  578 Feb  8 21:52 DIObject.php
 12K -rwxrwxrwx 1 nobody nogroup 8.5K Feb  8 21:52 LEGALNOTICE
 36K -rwxrwxrwx 1 nobody nogroup  35K Feb  8 21:52 LICENSE
4.0K -rwxrwxrwx 1 nobody nogroup  828 Feb  8 21:52 LegacyAutoloader.php
8.0K -rwxrwxrwx 1 nobody nogroup 4.6K Feb  8 21:52 PRIVACY.md
8.0K -rwxrwxrwx 1 nobody nogroup 5.8K Feb  8 21:52 README.md
4.0K -rwxrwxrwx 1 nobody nogroup 1.9K Feb  8 21:52 SECURITY.md
   0 drwxrwxrwx 2 nobody nogroup    0 Feb 28 09:30 config
4.0K -rwxrwxrwx 1 nobody nogroup  753 Feb  8 21:52 console
   0 drwxrwxrwx 2 nobody nogroup    0 Feb 28 09:33 core
1.0K -rwxrwxrwx 1 nobody nogroup  712 Feb  8 21:52 index.php
   0 drwxrwxrwx 2 nobody nogroup    0 Feb 28 09:33 js
   0 drwxrwxrwx 2 nobody nogroup    0 Feb 28 09:34 lang
   0 drwxrwxrwx 2 nobody nogroup    0 Feb 28 09:34 libs
 68K -rwxrwxrwx 1 nobody nogroup  65K Feb  8 21:52 matomo.js
 512 -rwxrwxrwx 1 nobody nogroup  328 Feb  8 21:52 matomo.php
   0 drwxrwxrwx 2 nobody nogroup    0 Feb 28 09:35 misc
   0 drwxrwxrwx 2 nobody nogroup    0 Feb 28 09:35 node_modules
8.0K -rwxrwxrwx 1 nobody nogroup 6.3K Feb  8 21:52 offline-service-worker.js
 68K -rwxrwxrwx 1 nobody nogroup  65K Feb  8 21:52 piwik.js
4.0K -rwxrwxrwx 1 nobody nogroup 2.7K Feb  8 21:52 piwik.php
   0 drwxrwxrwx 2 nobody nogroup    0 Feb 28 10:12 plugins
4.0K -rwxrwxrwx 1 nobody nogroup  770 Feb  8 21:52 robots.txt
   0 drwxrwxrwx 2 nobody nogroup    0 Feb 28 10:12 tests
   0 drwxrwxrwx 2 nobody nogroup    0 Feb 28 10:48 tmp
   0 drwxrwxrwx 2 nobody nogroup    0 Feb 28 10:17 vendor
root@df20e180188a:/home#

@sgiehl
Copy link
Member

sgiehl commented Mar 7, 2023

This still sound like a permission problem where we can't provide any proper solution in the code. Some direcories need to be writable by the webserver in order to place some temporary files.

A solution that could work is to use a custom tmp path for Matomo. I think the tmp path can be overwritten adding a config/config.php with following content:

return [
    'path.tmp' => '/path/to/writable/tmp/dir'
];

@cedricguindon
Copy link

I'm getting a similar problem.

I use azure to run matomo with a storage account to store tmp folder (define('PIWIK_USER_PATH', '/usr/share/nginx/bootstrapmount');)

I'm also getting this error:

An exception has been thrown during the rendering of a template ("Error: Unable to start session. Please check that the web server has enough permission to write to these files/directories:<br />For example, on a GNU/Linux server if your Apache httpd user is nginx, you can try to execute:<br /><code>chown -R nginx:nginx /usr/share/nginx/bootstrapmount/tmp/sessions</code><br /><code>find /usr/share/nginx/bootstrapmount/tmp/sessions -type f -exec chmod 644 {} \;</code><br /><code>find /usr/share/nginx/bootstrapmount/tmp/sessions -type d -exec chmod 755 {} \;</code><br /><pre>Debug: the original error was Zend_Session::start() - Warnings: /usr/share/nginx/matomo/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Session data file is not created by your uid /usr/share/nginx/matomo/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Failed to read session data: files (path: /usr/share/nginx/bootstrapmount/tmp/sessions) </pre>").

The problem seems to be related to the storage account, the files are 777 but owned by NOBODY:NOGROUP.

This seems to be causing a problem with matomo, the UIDs do not match with the web servers, the sessions are giving the error.

@akito2001
Copy link

any update on this? Getting the same issue when trying to deploy in azure. App Service (as a docker container or a php app), container environment, container instances, etc. All throw the error whenever you try and make them persistent with storage added. Makes all the methods of deploying to a scalable app pretty impossible.

@patrickgregorius
Copy link

Dear People,
same problem here which prevents me to use Matomo on Azure APP Service.

It´s very simple to reproduce.

  1. Deploy Php - 8.2 Azure Web APP service
  2. Copy Matomo files to wwwroot
  3. Feel the problem like a wall of death.

Error Message:
NOTICE: PHP message: [*********.azurewebsites.net] Error in Matomo: An exception has been thrown during the rendering of a template (&quot;Error: Starten einer Session nicht möglich. Please check that the web server has enough permission to write to these files/directories:&lt;br /&gt;For example, on a GNU/Linux server if your Apache httpd user is www-data, you can try to execute:&lt;br /&gt;&lt;code&gt;chown -R www-data:www-data /home/site/wwwroot/tmp/sessions&lt;/code&gt;&lt;br /&gt;&lt;code&gt;find /home/site/wwwroot/tmp/sessions -type f -exec chmod 644 {} \;&lt;/code&gt;&lt;br /&gt;&lt;code&gt;find /home/site/wwwroot/tmp/sessions -type d -exec chmod 755 {} \;&lt;/code&gt;&lt;br /&gt;&lt;pre&gt;Debug: the original error was Zend_Session::start() - Warnings: /home/site/wwwroot/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Session data file is not created by your uid /home/site/wwwroot/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Failed to read session data: files (path: /home/site/wwwroot/tmp/sessions) &lt;/pre&gt;&quot;).

For me this problem seems to be a showstoper for using Matomo on Azure Cloud.

If someone have an idea, please let me know.

Thank you in advance

@akito2001
Copy link

akito2001 commented Jul 7, 2023
edited

I got it working in azure but its a bit slow. Using the docker container under app service but this solution should apply to app service web server or any of the other container methods in azure. The problem is matomo's tmp dir is on azure persistent storage and matomo doesnt like how azure handles persistent storage. My solution was using a bootstrap.php to redirect tmp outside of the persistent storage (similar to sgiehl's proposed solution but I couldnt get his to work). This setting also moves the config folder which is why I needed 2 persistent storage mappings, 1 for /var/www/home and another for /tmp/config. That gets it to work without errors but Im still working on how to get it to run faster because its pretty slow. Any help getting the speed up to normal would be much appreciated.

image

bootstrap.php placed in the root matomo dir
<?php define('PIWIK_USER_PATH', "/tmp");

@akito2001
Copy link

Note: if you are trying my method above on php 8.2 web app then you only need the persistent storage mapping for /tmp/config and of course, thats where your config files go now.

@akito2001
Copy link

Its actually much faster when run in app service web app. the containerized version is slow because all matomo files are in azure file stores.

@mattab mattab transferred this issue from matomo-org/matomo Dec 14, 2023
@mattab
Copy link
Member

mattab commented Dec 14, 2023

Unfortunately we're not aware of this being a problem with Matomo. we'd love to fix it but it's not clear that we can. As this might be related to (or could be fixed in) the Matomo-nginx project, so i've moved this issue here for now. If anyone else experiences this issue please let us know here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@ZirconCode @mattab @sgiehl @johnymachine @cedricguindon @harripaalanen @patrickgregorius @akito2001