PiWik behind proxy in LXC or Qemu

Posted Wednesday 3 June 2015 by Urs Riggenbach.

PiWik can lookup your site visitor’s IPs to geolocate them. But if you’re running PiWik as an LXC container and forward traffic with Apache or Nginx to the container, PiWik thinks you’re coming from the IP the last network interface, eg. or your server’s public facing IP.

I assume that the container runs Debian and you’re running PiWik with Apache.

1. Make sure you forward the original remote IP as HTTP headers to your Piwik install.
If you use NGINX as a proxy, you’d do it as follows:

proxy_set_header X-Real- $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

2. Configure Piwik to use the remote HTTP headers instead of normal ones:

nano /var/www/html/config/config.ini.php

and add these three lines below the [General] settings:

; Uncomment line below if you use a standard proxy
proxy_client_headers[] = HTTP_X_FORWARDED_FOR
proxy_host_headers[] = HTTP_X_FORWARDED_HOST

You may also need to enable the Apache RPAF module.

apt-get install libapache2-mod-rpaf
nano /etc/apache2/mods-enabled/rpaf.conf

Change RPAFproxy_ips setting to include your bridge network’s IP, or public IP depending on your set up, eg.

service apache2 restart

Check your PiWik and see visitor’s IPs. PiWik can automatically anonymize IP adresses to retain privacy.