We have a Matomo user that has configured their servers to block outbound requests that are sent over port 80 because they want to completely prevent insecure connections from being made.
When this port is blocked, several issues occur:
I found one example of where the HTTP hostname is defined instead of the HTTPS hostname:
https://github.com/matomo-org/matomo/blob/4.x-dev/plugins/Marketplace/config/config.php#L9
Potential solutions:
But in either case, the timeout seems quite high for a failed connection at 60 seconds, which means that each time that page or a page that checks an external hostname is accessed, the Matomo UI would take a minimum of 1 minute to load. It would be good if this timeout was reduced to at least not block the page from loading for such a long time.
We have completed https://github.com/matomo-org/matomo/issues/19081 recently, and will soon make these requests use https by default.
Thanks for the update @justinvelluppillai
Is there an existing issue for changing the URLs/hostnames to use HTTPS? If so we can close this one and rather track it there?
We don't have a public facing issue for this yet so this one can remain open 👍🏽
Hi, just wanting to throw in that the change here (https://github.com/matomo-org/matomo/blob/4.x-dev/plugins/Marketplace/config/config.php#L9) did in fact break my installation so that every request took more than 1 minute because of the long timeout defined in the marketplace plugin.
The server is only allowed to make outbound connections for https (TCP 443) and not http (TCP 80). I had to shut down the internet features via enable_internet_features=0
to see what's going on after what appeared to be a minor update (4.10.1 -> 4.12.0.
I would've liked to see that change in the changelog of 4.11 instead of only "a new config setting force_matomo_http_request
" which is irrelevant to me. I now have to edit the plugins/Marketplace/config/config.php
file to rewrite the URL to https
because there seems to be no config option to override it (like api_service_url
).
I only found out that the marketplace is not using https after dumping the URL in its service, maybe this could somehow be marked in the system diagnostics check with the curl-error if http://plugins.matomo.org
is not reachable if the marketplace plugin is active.