Matomo MCP Server plugin: Bearer token auth fails because Authorization header is not available as HTTP_AUTHORIZATION

Hi Cloudron team,

I tested the official Matomo MCP Server plugin with the Cloudron Matomo app and ran into what looks like an Apache/PHP auth header issue.

Environment

• Cloudron: 9.1.7
• App: Matomo
• App package: org.piwik.cloudronapp@1.57.0
• Matomo: 5.10.0
• MCP plugin: McpServer 5.0.3
• Plugin source: https://github.com/matomo-org/plugin-McpServer
• Plugin requirement: Matomo >=5.8.0-rc1,<6.0.0-b1, PHP >=8.1.0

What I did

I installed the plugin into:

/app/data/plugins/McpServer
Then ran:

php /app/code/console plugin:install-or-update McpServer --no-interaction
php /app/code/console plugin:activate McpServer --no-interaction
php /app/code/console core:clear-caches
Matomo now sees the plugin:

McpServer | Optional | Activated
MCP is enabled in the plugin settings:

enable_mcp=1
maximum_mcp_access_level=view
raw_api_access_scope=none
Expected behavior
According to the Matomo plugin documentation, MCP clients authenticate by sending:

Authorization: Bearer <token_auth>
to:

/index.php?module=API&method=McpServer.mcp&format=mcp
A valid Matomo token_auth should therefore not be rejected with 401 by the MCP endpoint.

Actual behavior
Unauthenticated request:

401 Authentication required
This is expected and confirms that the MCP endpoint exists.

Authenticated request with a valid Matomo token_auth as Bearer token:

401 Authentication required
The same token works with the normal Matomo Reporting API, so the token itself is valid.

Likely cause
It looks like Apache/PHP inside the Cloudron Matomo app does not pass:

Authorization: Bearer ...
through as:

$_SERVER["HTTP_AUTHORIZATION"]
Matomo core supports Bearer token extraction from HTTP_AUTHORIZATION, and the MCP plugin seems to depend on that.

A common Apache fix would be something like:

SetEnvIf Authorization "^(.*)$" HTTP_AUTHORIZATION=$1
CGIPassAuth On
But in the Cloudron app container, /app/code and /etc/apache2/conf-enabled are read-only, so this cannot be patched persistently from inside the running app.

Request
Could the Cloudron Matomo package include the required Apache/PHP configuration so Authorization is passed through to PHP as HTTP_AUTHORIZATION?

That would make the official Matomo MCP Server plugin usable on Cloudron with Bearer token authentication.

Thanks!

Hi Cloudron team,

Matomo 5.10.0 on Cloudron is showing a system warning about MySQL 8.0 being end-of-life.

Environment

• Cloudron: 9.1.7
• App: Matomo
• App package: org.piwik.cloudronapp@1.57.0
• Matomo: 5.10.0
• Database shown by Matomo: MySQL 8.0.44

Matomo warning

Matomo reports that MySQL 8.0 has reached end-of-life and recommends moving to a supported database version.

As far as I understand, Matomo itself is packaged correctly and up to date in Cloudron. The warning is about the Cloudron-managed MySQL addon rather than the Matomo app container.

Question

Is there already a Cloudron roadmap or issue for upgrading the MySQL addon from 8.0.x to MySQL 8.4 LTS?

I do not want to manually modify the MySQL container or do any unsupported database upgrade, since this is clearly Cloudron platform/addon territory.

Why this matters

• Matomo now surfaces the MySQL 8.0 EOL warning in system checks.
• Other MySQL-backed apps may start surfacing similar warnings.
• MySQL 8.4 LTS seems to be the natural long-term target.

Any guidance on the planned upgrade path would be appreciated.

Thanks!