@anonymous-piwik-user opened this Issue on April 9th 2009

If I install Piwik behind a reverse proxy, I get some problems with the images and javascript URLs created by the tool. Instead of http://piwik.my-domain.com/... (public URL) I get http://piwik.local_network/ (internal URL) generated in front end.
The problem occures with Piwik versions 0.2.32 and 0.2.33.

For configuring reverse proxy I use apache mod_proxy module and this command in VHost configuration on public accessable host:

ProxyPass / http://piwik.local_network/
ProxyPassReverse / http://piwik.local_network/

and using own VHost on internal server.

Well, the cause is: with this type of installation the $_SERVER['HTTP_HOST']variable contains 'piwik.local_network' and not the real host name, which should be like 'piwik.my-domain.com'.

The (proposed and working) solution is:

  1. change lines 114-ff. in core/Url.php as following:

instead of

        if(isset($_SERVER['HTTP_HOST']))
        {
            $url .= $_SERVER['HTTP_HOST'];
        }
        else
        {
            $url .= 'unknown';
        }

use this one:

        if(isset($_SERVER['HTTP_X_FORWARDED_HOST']))
        {
            $url .= $_SERVER['HTTP_X_FORWARDED_HOST'];
        }
        elseif(isset($_SERVER['HTTP_HOST']))
        {
            $url .= $_SERVER['HTTP_HOST'];
        }
        else
        {
            $url .= 'unknown';
        }
  1. Replace line 181-ff. in plugins/Login/controller.php as following:

after

                $piwikHost = $_SERVER['HTTP_HOST'];

add

                if(isset($_SERVER['HTTP_X_FORWARDED_HOST']))
                {
                    $piwikHost = $_SERVER['HTTP_X_FORWARDED_HOST'];
                }

That's all.

PS:
Patched files are attached.

@anonymous-piwik-user commented on April 9th 2009

Attachment:
patched_files.zip

@robocoder commented on April 9th 2009 Contributor

Duplicates #466.

Thanks for the patch, however, it is the responsibility of the reverse proxy to make it transparent for the web site/web application because Piwik doesn't know if it's behind one or more reverse proxies, or none at all. For Apache, I suggest using mod_proxy_html (which works now without code changes). Java System Web Proxy Server also takes the URL remapping approach (i.e., content URL rewriting).

  • X-Forwarded-Host is a non-standard header, albeit possibly a defacto standard. Other proxies may use something else, e.g., lighttpd uses X-Host. Moreover, if there are multiple hosts in X-Forwarded-Host, we must "assume" that subsequent proxy hosts are appended to the list, the last being the closest hop to the server.
  • However, this doesn't handle the issue raised in #466 where the reverse proxy also maps https to http; X-Forwarded-Ssl, X-Forwarded-Scheme, and X-Forwarded-Proto are also non-standard headers, and may not even be present.
  • Umm...if both X-Host and X-Forwarded-Host are present, which do we rely on?
@mattab commented on April 13th 2009 Owner

vipsoft I agree with you that this seems like a bug in the reverse proxy configuration.

However if there is a quick fix as the one provided might be worth considering?

My question would be: how other softwares like Wordpress or Drupal deal with this problem? javalexG, can you please quickly research and let us know? thanks

@anonymous-piwik-user commented on April 15th 2009

Thank you for your answer, vipsoft!
I cant't find the possibility to reconfigure apache reverse proxy to pass proper HTTP_Host environment variable to the backend server, but I'm still looking for the solution...

Anyway, my patch described above is based on solutions for other PHP-based tools installed behind a reverse proxy (sorry, I can't find links to them anymore). Another (smart) solution is provided by Typo3 (v4.2) and is described here (with a link to bugtracker in a red box): http://www.henningpingel.de/TYPO3-Backend-Via-SSL-Proxy.124.0.html?&L=0

@mattab commented on April 15th 2009 Owner

can you please find a link for your source (either wordpress, or typo3, drupal...) and a patch? we would like to add this support but want to get it right which means copy what other softwares did :)

@anonymous-piwik-user commented on May 20th 2009

There's a simple solution: let the admin set the host or better an URL. I use Apache Roller in a reverse proxy situation. In Roller you can set an absolute URL for your application in the configuration dialogue, which replaces every automatic determined hostname/URL like the above mentioned (HTTP_HOST). If there's no absolute URL set, Roller uses HTTP_HOST.

@anonymous-piwik-user commented on May 20th 2009

Replying to rafaelo:
PS: Every link on a page has to be prefixed with the URL from the configuration. The advantage: you don't have to twiddle with the HTTP-server configuration to rewrite the HTML-code of the pages. You only need your reverse proxy configuration.

@robocoder commented on May 30th 2009 Contributor

(In [1155]) fixes #691 - use relative URLs (except in Widgetize iframe & flash embed
code); refs #466 and #647 - should also resolve the reverse proxy issues

This Issue was closed on July 30th 2009
Powered by GitHub Issue Mirror