Tracker only installation?

Hi!

Is it possible to do a “tracker only” installation of piwik?
While this might sound slightly paranoid, we would like to set up piwik without the possibility to access the administrative interface (and API of course) at all from the internet. Only tracking requests should be possible, nothing else.

Btw: I am aware of the “trusted_hosts” parameter, very nice, but easy to fake if somebody knows the correct hostname. Basically we would like to do something like this:

Installation A: Tracking interface only
Installation B: Administrative/reports interface

Thanks for ideas.

Never mind, found it:
http://piwik.org/docs/include-piwik-in-your-project/

May I ask how you achieved this in the end?

bootstrap.php helped me, but the solution seems to be rather simple.
As far as I can tell piwik just makes a call to piwik.php for tracking purposes. That’s all. So, only piwik.php (and piwik.js) need to be accessible.

I did just a quick test, need to test this further. Basically I created a bare directory containing only:

piwik.php
piwik.js
bootstrap.php

(No index.php and no folders!!)
bootstrap.php contains the paths to the “real” installation, so piwik.php will find its libraries.

That way only piwik.php can be called. Nothing else. As I said, I will need to test this further, but I think it works. piwik.php and piwik.js are softlinks to the real installation. So, if the “real” installation is updated, these files are automatically updated too.

Without bootstrap.php I would have had to patch piwik.php and that would have been a hassle at updates…

Awesome! Any chance of having a look at what you put in bootstrap.php?

Hi!

Just put this line in there (of course, you need to replace ‘/path/to/piwikinstallation’ with the path in your filesystem)


<?php
define('PIWIK_INCLUDE_PATH','/path/to/piwikinstallation');

Please note that this approach does not work with index.php (create a new directory and put only index.php and bootstrap.php) inside. bootstrap.php seems to be only useful for a tracker only installation.

Ahhh okay, cool! So technically I could use this to hide my Piwik installation under a couple of domains?

Well, you cannot hide that you use piwik :wink: but you can hide the administrative interface. Or make it totally inaccessible from the internet.
Oh, one small thing: “View Tracking code” shows your “real url”, so you need to fix that script and replace /yourpath/ with /piwik/.

Btw.: I think, this approach would make a good FAQ entry.

Btw.: I think, this approach would make a good FAQ entry.

Ok sure, would you like to suggest it after trying yourself, explaining to others, and i’ll add it to the site? Thanks!

Not sure what I should do after that answer :slight_smile: Suggest it where? (I already thought I did that subtly in this thread :wink: )

Maybe you should also think about allowing a “tracker only” installation? Having 2 packages is a headache, but it might be worth it security wise. After all, if there is no index.php, nobody can attack it.

In a first step you could simply kick out index.php and most/all(?) plugins. Not sure if there are dependencies. Install package FULL for piwik, install package TRACKER for tracker only. Requirement for tracker is, of course, an already working piwik installation.

What I meant, was that if you could write the FAQ (considering you have done tracking only install successfully), then I would be happy to write it in the faq!

Hi!

Ok, will do.

Small problem:
To set a “no-tracking-please-cookie” one needs to access index.php
/piwik/index.php?module=UsersManager&action=setIgnoreCookie…

I can live with that for the moment, basically nobody ever uses that link on the privacy page, but it would be helpful in the long run to either create a new php file or move the functionality to piwik.php (if possible)