@Starker3
We have a Matomo user that has configured their servers to block outbound requests that are sent over port 80 because they want to completely prevent insecure connections from being made.
When this port is blocked, several issues occur:
- The Matomo application in certain places in the UI are effectively blocking the UI from loading or responding while Matomo attempts to make a connection to the outbound server.
- The connection to the external hostname eventually fails which results in plugin update checks for example to fail.
I found one example of where the HTTP hostname is defined instead of the HTTPS hostname:
https://github.com/matomo-org/matomo/blob/4.x-dev/plugins/Marketplace/config/config.php#L9
Potential solutions:
- I guess the simplest would be to just change the hostnames for outbound connections to HTTPS, but this might break things for some servers that have outdated certificate bundles.
- It would be great if we could use the HTTPS hostname by default and if that fails maybe try the HTTP hostname
But in either case, the timeout seems quite high for a failed connection at 60 seconds, which means that each time that page or a page that checks an external hostname is accessed, the Matomo UI would take a minimum of 1 minute to load. It would be good if this timeout was reduced to at least not block the page from loading for such a long time.
@justinvelluppillai
We have completed https://github.com/matomo-org/matomo/issues/19081 recently, and will soon make these requests use https by default.
Thanks for the update @justinvelluppillai
Is there an existing issue for changing the URLs/hostnames to use HTTPS? If so we can close this one and rather track it there?
We don't have a public facing issue for this yet so this one can remain open 👍🏽