Open harripaalanen opened 2 years ago
Hi @harripaalanen. Thanks for creating the issue. To me this more likely sounds like a webserver configuration issue. What exactly is the cause for css and images no being loaded? Are the the requests maybe returning a 404? Maybe the user running ngnix didn't have permission to access all files in the Matomo directly and thus couldn't deliver them. Or some kind of webserver configuration prevented the access.
Yeah, it might be a configuration issue but the strange thing is that exactly the same webserver configuration works with different document root. And the two documents roots have equal contents. Only difference seems to be the permission stuff which we cannot control.
Do the matomo files have read/write permission for the user nginx is running with? At least the tmp
and misrc
directory of Matomo needs to be writable, otherwise it might be broken.
Can confirm original problem and solution. Still figuring out how to make the workaround persistent, and the specific problem. Absolutely nothing in any of the logs.
Here is the output, folder is writable but owned by nobody:nogroup
2023-02-28T10:47:46.256659301Z: [INFO] _____
2023-02-28T10:47:46.256735701Z: [INFO] / _ \ __________ _________ ____
2023-02-28T10:47:46.256742201Z: [INFO] / /_\ \\___ / | \_ __ \_/ __ \
2023-02-28T10:47:46.256746801Z: [INFO] / | \/ /| | /| | \/\ ___/
2023-02-28T10:47:46.256750701Z: [INFO] \____|__ /_____ \____/ |__| \___ >
2023-02-28T10:47:46.256755001Z: [INFO] \/ \/ \/
2023-02-28T10:47:46.256758801Z: [INFO] A P P S E R V I C E O N L I N U X
2023-02-28T10:47:46.256762601Z: [INFO]
2023-02-28T10:47:46.256766101Z: [INFO] Documentation: http://aka.ms/webapp-linux
2023-02-28T10:47:46.256769701Z: [INFO] PHP quickstart: https://aka.ms/php-qs
2023-02-28T10:47:46.256773101Z: [INFO] PHP version : 8.1.14
2023-02-28T10:47:46.256776701Z: [INFO] Note: Any data outside '/home' is not persisted
2023-02-28T10:47:49.493984184Z: [INFO] Starting OpenBSD Secure Shell server: sshd.
2023-02-28T10:47:49.501546399Z: [INFO] Running oryx create-script -appPath /home/site/wwwroot -output /opt/startup/startup.sh -bindPort 8080 -startupCommand 'php-fpm;'
2023-02-28T10:47:49.644535598Z: [INFO] Cound not find build manifest file at '/home/site/wwwroot/oryx-manifest.toml'
2023-02-28T10:47:49.688826291Z: [INFO] Could not find operation ID in manifest. Generating an operation id...
2023-02-28T10:47:49.688849091Z: [INFO] Build Operation ID: b73f210e-b61c-40cf-9878-eefcef771195
2023-02-28T10:47:50.033547911Z: [INFO] Writing output script to '/opt/startup/startup.sh'
2023-02-28T10:47:50.788664189Z: [INFO] Starting nginx: nginx.
2023-02-28T10:47:51.614396715Z: [ERROR] [28-Feb-2023 10:47:51] NOTICE: fpm is running, pid 57
2023-02-28T10:47:51.631679651Z: [ERROR] [28-Feb-2023 10:47:51] NOTICE: ready to handle connections
2023-02-28T10:48:29.489432990Z: [ERROR] NOTICE: PHP message: [matomo-skaut-prd-weeu-as.azurewebsites.net] Error in Matomo: An exception has been thrown during the rendering of a template ("Error: Unable to start session. Please check that the web server has enough permission to write to these files/directories:<br />For example, on a GNU/Linux server if your Apache httpd user is www-data, you can try to execute:<br /><code>chown -R www-data:www-data /home/site/wwwroot/tmp/sessions</code><br /><code>find /home/site/wwwroot/tmp/sessions -type f -exec chmod 644 {} \;</code><br /><code>find /home/site/wwwroot/tmp/sessions -type d -exec chmod 755 {} \;</code><br /><pre>Debug: the original error was Zend_Session::start() - Warnings: /home/site/wwwroot/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Session data file is not created by your uid /home/site/wwwroot/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Failed to read session data: files (path: /home/site/wwwroot/tmp/sessions) </pre>").
2023-02-28T10:48:29.494298200Z: [ERROR] NOTICE: PHP message: [matomo-skaut-prd-weeu-as.azurewebsites.net] Error in Matomo: An exception has been thrown during the rendering of a template ("Error: Nepodařilo se zahájit sezení. Please check that the web server has enough permission to write to these files/directories:<br />For example, on a GNU/Linux server if your Apache httpd user is www-data, you can try to execute:<br /><code>chown -R www-data:www-data /home/site/wwwroot/tmp/sessions</code><br /><code>find /home/site/wwwroot/tmp/sessions -type f -exec chmod 644 {} \;</code><br /><code>find /home/site/wwwroot/tmp/sessions -type d -exec chmod 755 {} \;</code><br /><pre>Debug: the original error was Zend_Session::start() - Warnings: /home/site/wwwroot/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Session data file is not created by your uid /home/site/wwwroot/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Failed to read session data: files (path: /home/site/wwwroot/tmp/sessions) </pre>").
2023-02-28T10:48:29.565052259Z: [ERROR] 127.0.0.1 - 28/Feb/2023:10:47:52 +0000 "GET /index.php" 500
2023-02-28T10:48:29.579670892Z: [ERROR] 127.0.0.1 - 28/Feb/2023:10:47:52 +0000 "GET /index.php" 500
/ _ \ __________ _________ ____
/ /_\ \\___ / | \_ __ \_/ __ \
/ | \/ /| | /| | \/\ ___/
\____|__ /_____ \____/ |__| \___ >
\/ \/ \/
A P P S E R V I C E O N L I N U X
Documentation: http://aka.ms/webapp-linux
PHP quickstart: https://aka.ms/php-qs
PHP version : 8.1.14
Note: Any data outside '/home' is not persisted
root@df20e180188a:/home# ls
ASP.NET Data LogFiles site
root@df20e180188a:/home# ls -alsh
total 4.0K
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 .
4.0K drwxr-xr-x 131 root root 4.0K Feb 28 10:47 ..
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 ASP.NET
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 Data
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 10:45 LogFiles
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 site
root@df20e180188a:/home# ls -lash
total 4.0K
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 .
4.0K drwxr-xr-x 131 root root 4.0K Feb 28 10:47 ..
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 ASP.NET
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 Data
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 10:45 LogFiles
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 site
root@df20e180188a:/home# ls site/ -lash
total 0
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 .
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 ..
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 deployments
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 locks
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 repository
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 10:18 wwwroot
root@df20e180188a:/home# ls site/wwwroot/ -lash
total 339K
4.0K drwxrwxrwx 2 nobody nogroup 4.0K Feb 28 10:18 .
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:29 ..
100K -rwxrwxrwx 1 nobody nogroup 100K Feb 8 21:52 CHANGELOG.md
4.0K -rwxrwxrwx 1 nobody nogroup 929 Feb 8 21:52 CONTRIBUTING.md
1.0K -rwxrwxrwx 1 nobody nogroup 578 Feb 8 21:52 DIObject.php
12K -rwxrwxrwx 1 nobody nogroup 8.5K Feb 8 21:52 LEGALNOTICE
36K -rwxrwxrwx 1 nobody nogroup 35K Feb 8 21:52 LICENSE
4.0K -rwxrwxrwx 1 nobody nogroup 828 Feb 8 21:52 LegacyAutoloader.php
8.0K -rwxrwxrwx 1 nobody nogroup 4.6K Feb 8 21:52 PRIVACY.md
8.0K -rwxrwxrwx 1 nobody nogroup 5.8K Feb 8 21:52 README.md
4.0K -rwxrwxrwx 1 nobody nogroup 1.9K Feb 8 21:52 SECURITY.md
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:30 config
4.0K -rwxrwxrwx 1 nobody nogroup 753 Feb 8 21:52 console
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:33 core
1.0K -rwxrwxrwx 1 nobody nogroup 712 Feb 8 21:52 index.php
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:33 js
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:34 lang
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:34 libs
68K -rwxrwxrwx 1 nobody nogroup 65K Feb 8 21:52 matomo.js
512 -rwxrwxrwx 1 nobody nogroup 328 Feb 8 21:52 matomo.php
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:35 misc
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 09:35 node_modules
8.0K -rwxrwxrwx 1 nobody nogroup 6.3K Feb 8 21:52 offline-service-worker.js
68K -rwxrwxrwx 1 nobody nogroup 65K Feb 8 21:52 piwik.js
4.0K -rwxrwxrwx 1 nobody nogroup 2.7K Feb 8 21:52 piwik.php
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 10:12 plugins
4.0K -rwxrwxrwx 1 nobody nogroup 770 Feb 8 21:52 robots.txt
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 10:12 tests
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 10:48 tmp
0 drwxrwxrwx 2 nobody nogroup 0 Feb 28 10:17 vendor
root@df20e180188a:/home#
This still sound like a permission problem where we can't provide any proper solution in the code. Some direcories need to be writable by the webserver in order to place some temporary files.
A solution that could work is to use a custom tmp path for Matomo. I think the tmp path can be overwritten adding a config/config.php
with following content:
return [
'path.tmp' => '/path/to/writable/tmp/dir'
];
I'm getting a similar problem.
I use azure to run matomo with a storage account to store tmp folder (define('PIWIK_USER_PATH', '/usr/share/nginx/bootstrapmount');)
I'm also getting this error:
An exception has been thrown during the rendering of a template ("Error: Unable to start session. Please check that the web server has enough permission to write to these files/directories:<br />For example, on a GNU/Linux server if your Apache httpd user is nginx, you can try to execute:<br /><code>chown -R nginx:nginx /usr/share/nginx/bootstrapmount/tmp/sessions</code><br /><code>find /usr/share/nginx/bootstrapmount/tmp/sessions -type f -exec chmod 644 {} \;</code><br /><code>find /usr/share/nginx/bootstrapmount/tmp/sessions -type d -exec chmod 755 {} \;</code><br /><pre>Debug: the original error was Zend_Session::start() - Warnings: /usr/share/nginx/matomo/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Session data file is not created by your uid /usr/share/nginx/matomo/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Failed to read session data: files (path: /usr/share/nginx/bootstrapmount/tmp/sessions) </pre>").
The problem seems to be related to the storage account, the files are 777 but owned by NOBODY:NOGROUP.
This seems to be causing a problem with matomo, the UIDs do not match with the web servers, the sessions are giving the error.
any update on this? Getting the same issue when trying to deploy in azure. App Service (as a docker container or a php app), container environment, container instances, etc. All throw the error whenever you try and make them persistent with storage added. Makes all the methods of deploying to a scalable app pretty impossible.
Dear People, same problem here which prevents me to use Matomo on Azure APP Service.
It´s very simple to reproduce.
Error Message:
NOTICE: PHP message: [*********.azurewebsites.net] Error in Matomo: An exception has been thrown during the rendering of a template ("Error: Starten einer Session nicht möglich. Please check that the web server has enough permission to write to these files/directories:<br />For example, on a GNU/Linux server if your Apache httpd user is www-data, you can try to execute:<br /><code>chown -R www-data:www-data /home/site/wwwroot/tmp/sessions</code><br /><code>find /home/site/wwwroot/tmp/sessions -type f -exec chmod 644 {} \;</code><br /><code>find /home/site/wwwroot/tmp/sessions -type d -exec chmod 755 {} \;</code><br /><pre>Debug: the original error was Zend_Session::start() - Warnings: /home/site/wwwroot/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Session data file is not created by your uid /home/site/wwwroot/libs/Zend/Session.php(Line:496): Error matomo-org/matomo#2 session_start(): Failed to read session data: files (path: /home/site/wwwroot/tmp/sessions) </pre>").
For me this problem seems to be a showstoper for using Matomo on Azure Cloud.
If someone have an idea, please let me know.
Thank you in advance
I got it working in azure but its a bit slow. Using the docker container under app service but this solution should apply to app service web server or any of the other container methods in azure. The problem is matomo's tmp dir is on azure persistent storage and matomo doesnt like how azure handles persistent storage. My solution was using a bootstrap.php to redirect tmp outside of the persistent storage (similar to sgiehl's proposed solution but I couldnt get his to work). This setting also moves the config folder which is why I needed 2 persistent storage mappings, 1 for /var/www/home and another for /tmp/config. That gets it to work without errors but Im still working on how to get it to run faster because its pretty slow. Any help getting the speed up to normal would be much appreciated.
bootstrap.php placed in the root matomo dir
<?php define('PIWIK_USER_PATH', "/tmp");
Note: if you are trying my method above on php 8.2 web app then you only need the persistent storage mapping for /tmp/config and of course, thats where your config files go now.
Its actually much faster when run in app service web app. the containerized version is slow because all matomo files are in azure file stores.
Unfortunately we're not aware of this being a problem with Matomo. we'd love to fix it but it's not clear that we can. As this might be related to (or could be fixed in) the Matomo-nginx project, so i've moved this issue here for now. If anyone else experiences this issue please let us know here.
We are having problems running Matomo 4.6.2 in Azure App Service (Linux based) with PHP 8 and Nginx server. If we run Matomo from the App Service's /home/site/wwwroot/ directory the problems occurs. If we copy the Matomo files over to different directory (/var/www/html owned by the same user running the Nginx) it works just fine. /home directory should be used for apps deployed in App Service.
Is this some kind of permission issue? It is not possible to modify /home permission in Azure App Service. We used https://github.com/matomo-org/matomo-nginx as base config for our Nginx configuration.
Expected Behavior
Matomo works with the Azure App Service + PHP8 + Nginx combination as it is working with Azure App Service with PHP7 and Apache from the default App Service directory.
Current Behavior
Matomo loads very slow, resources (CSS, images) not getting loaded and nothing works. No errors in logs though.
Possible Solution
Temporary workaround is to run the Matomo from different directory (/var/www/html). In this case Matomo works just fine.
Steps to Reproduce (for Bugs)
Context
Your Environment