New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify reverse_proxy vs proxy headers #2015
Comments
Anthon can confirm, but looking at the code, I'm not sure if reverse_proxy=1 is really doing good in all cases. Maybe the name is misleading? For the IP issue, check out the FAQ: http://piwik.org/faq/how-to-install/#faq_98 |
reverse_proxy seems to bypass the https test, so that reverse_proxy=1 means 'connection is secure' in the code, which affects the following:
I'm wondering if maybe the secure cookie flag causes issues in this case? |
Thanks Matt. I see you fixed a logic error in r3726 / r3727 / 3728. I just refactored it in r3731. |
my commits didn't change anything, just style change. but maybe the bug is: which would set the secure flag when reverse proxy is enabled? |
(In [3734]) refs #2015 - better explanation when to use reverse_proxy = 1 The current behaviour as you observe in comment:2 is correct. The reason why jhstatewide couldn't login with reverse_proxy=1 is likely Setting reverse_proxy=0 and configuring the proxy headers should solve both the |
I'm not sure I understand exactly when users should set the reverse_proxy From: To I feel like it's not as clear as it could be ;) |
reverse_proxy isn't the right name anymore. maybe assume_https_frontend ? If you install Piwik through a reverse proxy, the following line should be automatically added to your config/config.ini.php file during the Piwik installation:
If you install Piwik from behind the reverse proxy (where Piwik can't detect https will be used), you should set the above manually. (Separate FAQ?) If you're not using a reverse proxy, but using https with a web server that doesn't set the HTTPS environment variable, you can either set the reverse_proxy=1 or reconfigure your web server. Example: http://redmine.lighttpd.net/wiki/1/Docs:SSL#HTTPS-detection-in-PHP |
matt: should I rename the setting and update the FAQ? |
vipsoft , please go ahead and post here links to the update FAQ, thx |
(In [3855]) fixes #2015 - renamed "reverse_proxy" setting to "assume_secure_protocol". Also |
After noticing some of my IPs weren't right in reports, I set reverse_proxy = 1 in config.ini.php. This fixed the IP issue but I could no longer log in. After reverting back to reverse_proxy = 0 the problem was worked around. So now I can log in but the IPs are wrong again. I am running the latest re-release of 1.1.1. I read about other users' problems with logins but I can confirm my behavior changes just based on the reverse_proxy = 1 setting. This is with PHP 5.2.6.
The text was updated successfully, but these errors were encountered: