Anthon can confirm, but looking at the code, I'm not sure if reverse_proxy=1 is really doing good in all cases. Maybe the name is misleading?

For the IP issue, check out the FAQ: http://piwik.org/faq/how-to-install/#faq_98
it explains how to setup so that IPs are read correctly based on your proxy headers.

reverse_proxy seems to bypass the https test, so that reverse_proxy=1 means 'connection is secure' in the code, which affects the following:

• "Workaround IE bug when downloading certain document types over SSL and cache control headers are present"
• login cookie is set with the 'secure' flag http://en.wikipedia.org/wiki/HTTP_cookie#Secure_Cookie

I'm wondering if maybe the secure cookie flag causes issues in this case?

matt: the reverse_proxy only has to be set if php isn't setting $_SERVER['HTTPS']. This is used for the absolute URL in the OFC data feeds. It shouldn't affect login -- if so, it's a regression. I'll take a look when I get back.

jhstatewide: For the incorrect IPs and login problem, you should be setting proxy_client_headers[and proxy_host_headers in your config.ini.php. See global.ini.php for examples. This will resolve the login issue which checks Referer and Origin headers to protect against CSRF.

Thanks Matt. I see you fixed a logic error in r3726 / r3727 / 3728. I just refactored it in r3731.

my commits didn't change anything, just style change.

but maybe the bug is:
$cookie->setSecure(Piwik::isHttps());

which would set the secure flag when reverse proxy is enabled?

(In [3734]) refs #2015 - better explanation when to use reverse_proxy = 1

The current behaviour as you observe in comment:2 is correct.

The reason why jhstatewide couldn't login with reverse_proxy=1 is likely
because he's using a non-https proxy (i.e., http to http); in which case, the
browser won't send back the secure-only cookie to Piwik over an http connection.

Setting reverse_proxy=0 and configuring the proxy headers should solve both the
wrong IPs and login issue.

I'm not sure I understand exactly when users should set the reverse_proxy
so, should I update the FAQ as follows?

From: If you are running Piwik behind a reverse proxy, the following line should be automatically added to your config/config.ini.php file during the Piwik installation:[General] reverse_proxy = 1

To If you are running Piwik behind a reverse proxy that responds to SSL (https) queries on an http host, or your proxy doesn't set the HTTPS header correctly, You should add the following line in your config file: [General] reverse_proxy = 1

I feel like it's not as clear as it could be ;)

reverse_proxy isn't the right name anymore. maybe assume_https_frontend ?

If you install Piwik through a reverse proxy, the following line should be automatically added to your config/config.ini.php file during the Piwik installation:

[General]
reverse_proxy = 1

If you install Piwik from behind the reverse proxy (where Piwik can't detect https will be used), you should set the above manually.

(Separate FAQ?)

If you're not using a reverse proxy, but using https with a web server that doesn't set the HTTPS environment variable, you can either set the reverse_proxy=1 or reconfigure your web server.

Example: http://redmine.lighttpd.net/wiki/1/Docs:SSL#HTTPS-detection-in-PHP

matt: should I rename the setting and update the FAQ?

vipsoft , please go ahead and post here links to the update FAQ, thx

(In [3855]) fixes #2015 - renamed "reverse_proxy" setting to "assume_secure_protocol".

Also

• updated How do I configure Piwik when the server is installed behind a proxy?
• added When I use https, graphs on the Piwik dashboard are empty. I also can't export to CSV or view PDF reports.