Installing Matomo on Nginx returns 502 Bad Gateway Error
I'm in the process of installing the Matomo Analytics platform on my Debian 10 server, running Nginx and using the Cloudflare DNS and CDN. Unfortunately I get a 502 Bad Gateway error when trying to access it, indicating that the error lies with the host.
Following the installation guide of Matomo, I installed the dependencies downloaded the latest release and unzipped it in /var/www:
# wget https://builds.matomo.org/matomo.zip && unzip matomo.zip
Then I copied their Nginx configuration example to /etc/nginx/sites-available, linked it to /etc/nginx/sites-enabled and modified the settings to fit my case, as described here:
server {
listen [::]:80; # remove this if you don't want Matomo to be reachable from IPv6
listen 80;
server_name matomo.andy-sb.com;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
location / {
return 301 https://$host$request_uri;
}
}
server {
listen [::]:443 ssl http2; # remove this if you don't want Matomo to be reachable from IPv6
listen 443 ssl http2;
server_name matomo.andy-sb.com; # list all domains Matomo should be reachable from
access_log /var/log/nginx/matomo.access.log;
error_log /var/log/nginx/matomo.error.log;
## uncomment if you want to enable HSTS with 6 months cache
## ATTENTION: Be sure you know the implications of this change (you won't be able to disable HTTPS anymore)
#add_header Strict-Transport-Security max-age=15768000 always;
## replace with your SSL certificate
ssl_certificate /etc/letsencrypt/live/matomo.andy-sb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/matomo.andy-sb.com/privkey.pem;
include ssl.conf; # if you want to support older browsers, please read through this file
add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instance
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
root /var/www/matomo/; # replace with path to your matomo instance
index index.php;
## only allow accessing the following php files
location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php {
include snippets/fastcgi-php.conf; # if your Nginx setup doesn't come with a default fastcgi-php config, you can fetch it from https://github.com/nginx/nginx/blob/master/conf/fastcgi.conf
#try_files $fastcgi_script_name =404; # protects against CVE-2019-11043. If this line is already included in your snippets/fastcgi-php.conf you can comment it here.
fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; #replace with the path to your PHP socket file
#fastcgi_pass 127.0.0.1:9000; # uncomment if you are using PHP via TCP sockets (e.g. Docker container)
}
## deny access to all other .php files
location ~* ^.+\.php$ {
deny all;
return 403;
}
## serve all other files normally
location / {
try_files $uri $uri/ =404;
}
## disable all access to the following directories
location ~ ^/(config|tmp|core|lang) {
deny all;
return 403; # replace with 404 to not show these directories exist
}
location ~ /\.ht {
deny all;
return 403;
}
location ~ js/container_.*_preview\.js$ {
expires off;
add_header Cache-Control 'private, no-cache, no-store';
}
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
allow all;
## Cache images,CSS,JS and webfonts for an hour
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
expires 1h;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~ ^/(libs|vendor|plugins|misc/user|node_modules) {
deny all;
return 403;
}
## properly display textfiles in root directory
location ~/(.*\.md|LEGALNOTICE|LICENSE) {
default_type text/plain;
}
}
The SSL certificate is valid and running nginx -t does not return any errors, nor does running systemctl restart nginx to restart Nginx. And I have already created an A and AAAA record using Cloudflare DNS.
You need to do what it said here:
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; #replace with the path to your PHP socket file