Nginx Alias configuration
Here is documentation for Apache:
https://www.traccar.org/secure-connection/
I guess you should do something similar for nginx.
This solution works. At least for me. You might want to add it to the docs?
server {
listen 80;
server_name demo.traccar.org;
return 301 https://demo.traccar.org$request_uri;
}
server {
add_header Strict-Transport-Security max-age=63072000;
listen 443 ssl http2; # use http2 on nginx 1.9, if old change to spdy (or leave empty)
server_name demo.traccar.org;
root /var/www/html;
index index.html index.htm;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_dhparam /etc/ssl/dhparam.pem; # Build as per docs
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # drop SSLv3 (POODLE vulnerability)
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
# Security features
if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
return 403;
}
if ($http_user_agent ~* msnbot|scrapbot) {
return 403;
}
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
# Traccar Setup
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect http://demo.traccar.org:8082/ /;
proxy_redirect ws://demo.traccar.org:8082/api/socket /api/socket;
proxy_pass http://localhost:8082/;
proxy_set_header Host $host;
}
}
Actually this is a proper configuration:
server {
listen 80;
server_name demo.traccar.org demo.traccar.org;
return 301 https://demo.traccar.org$request_uri;
}
server {
add_header Strict-Transport-Security max-age=63072000;
#client_max_body_size 200M;
listen 443 ssl http2;
server_name demo.traccar.org;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # drop SSLv3 (POODLE vulnerability)
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
# Security features
if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
return 403;
}
if ($http_user_agent ~* msnbot|scrapbot) {
return 403;
}
# Traccar Setup
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect http://localhost:8082/ /;
proxy_redirect ws://localhost:8082/api/socket /api/socket;
proxy_pass http://localhost:8082/;
}
}
Fine tuned a little..
hello
I'm trying to use your configuration but with another location. some request pass with 200 code but some other do not pass (401 or 404) don't know why. here is my modified conf :
location /traccar/ {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect http://127.0.0.1:8082/ /traccar/;
proxy_redirect ws://127.0.0.1:8082/api/socket /traccar/api/socket;
proxy_pass http://127.0.0.1:8082/;
access_log /var/log/nginx/traccar-access.log;
error_log /var/log/nginx/traccar-error.log;
}==> /var/log/traccar-access.log <==
127.0.0.1 - - "GET /traccar/api/session?_dc=1488918321721 HTTP/1.1" 404 71 "https://***/traccar/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
127.0.0.1 - - "POST /traccar/fake-login.html HTTP/1.1" 404 101 "https://***/traccar/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
127.0.0.1 - - "GET /traccar/api/groups?_dc=1488918328392&page=1&start=0&limit=25 HTTP/1.1" 401 81 "https://***/traccar/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
127.0.0.1 - - "GET /traccar/api/attributes/aliases?_dc=1488918328395&page=1&start=0&limit=25 HTTP/1.1" 401 81 "https://***/traccar/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
127.0.0.1 - - "GET /traccar/api/geofences?_dc=1488918328394&page=1&start=0&limit=25 HTTP/1.1" 401 81 "https://***/traccar/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
127.0.0.1 - - "GET /traccar/api/devices?_dc=1488918328404&page=1&start=0&limit=25 HTTP/1.1" 401 81 "https://***/traccar/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
127.0.0.1 - - "GET /traccar/api/socket HTTP/1.1" 503 99 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
127.0.0.1 - - "GET /traccar/api/positions?_dc=1488918328440 HTTP/1.1" 401 81 "https://***/traccar/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
127.0.0.1 - - "GET /traccar/api/devices?_dc=1488918328440 HTTP/1.1" 401 81 "https://***/traccar/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"I will appreciate your help.
I've some news :)
first, my config is not working because of using location /traccar in my config. the cookie don't know it and use /api instead of /traccar/api.
to resolve this, you can add a rewrite rule :
proxy_cookie_path /api /traccar/api;
this will not resolve everything, the file app.min.js contain hardcoded path :
new WebSocket(b+"//"+window.location.host+c+"api/socket");
b.onclose=function() {
Ext.toast(Strings.errorSocket,Strings.errorTitle,"br");
Ext.Ajax.request({
url:"api/devices",
success:function(b) {
a.updateDevices(Ext.decode(b.responseText))
}
});
please can you add a config properties to specify a a root path for all requests ?
It looks like you are using outdated version of Traccar.
I'm using the 3.10 version
There is no hardcoded path in version 3.10.
ok, do you have an idea why I'm getting this error :failed: Error during WebSocket handshake: Unexpected response code: 200
I can only guess that your proxy configuration is incorrect.
I'm trying to use traccar under an alias directory in my webserver as I need to secure it with HTTPS. The problem is that I have a certificate only for my domain so I have to use https://mydomain.com/track as address. I use nginx 1.9 with the following configuration:
location /track/ { proxy_redirect http://mydomain.com:8082/ https://mydomain.com/track/; proxy_pass http://localhost:8082/; proxy_set_header Host $host; }The error I am getting in console is the following:
Failed to load resource: the server responded with a status of 404 (),
https://mydomain.com/l10n/en.json?_dc=1458724365411
So the nginx config is not redirecting properly.
Any help is appreciated.