Nginx Proxy working!

Hoeky8 years ago

Here are the settings to get Traccar working in a Nginx proxy.

server {
    listen          IP:80;
    server_name     DOMAIN.COM;
location / {
        proxy_pass http://127.0.0.1:8082;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
location /api/socket {
        proxy_pass http://localhost:8082/api/socket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

}

Have fun with it!

Anton Tananaev8 years ago

Thanks for sharing this information.

renaud8 years ago

You should increase the timeouts for the socket connections, here is what I have but for https.


server {
        add_header      Cache-Control   no-cache;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload;";
        add_header x-frame-options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        listen 443;
        listen   [::]:443;

        expires 31d;
        ssl On;
        ssl_certificate fullcert_nokey.pem;
        ssl_certificate_key privkey.pem;
        server_name traccar.example.com;
        root /var/www/traccar;

        location / {
                proxy_pass http://127.0.0.1:8082/;
                proxy_set_header Host $host;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_buffering     off;
                proxy_connect_timeout 43200000;
                proxy_send_timeout    43200000;
                proxy_read_timeout    43200000;
                proxy_redirect off;
                proxy_set_header Proxy "";
        }
}
Zecman7 years ago

Hi all. I also would like to share my config. It is a bit more simple.

Before: Hosting multiple websites with nginx, SSL already set up. Traccar on the same machine as nginx.
After: Make Traccar available as a subfolder of an already existing domain.

Just add this section to your existing config:

      location /gps/ {
         proxy_pass http://127.0.0.1:8082/;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_read_timeout 600s;
      }

Put it right at the end of your server { ... <here>; } section. You do not need more if your server is already running and setup correctly. This works with nginx versions 1.3 and above

For security reasons I would also suggest, to change your Traccar's config file default.xml and add the following entry:
<entry key='web.address'>127.0.0.1</entry>
right below web.enalbe and above web.port.

This prevents users to directly connect to Traccar without the SSL from nginx.

Now you will be able to use Traccar with an url like https://<existing domain>/gps/

Anton: Maybe you want to add this to the general help section.

Anton Tananaev7 years ago

Thanks for sharing it, but I would prefer to keep this of forum for now to avoid maintenance overhead.

Petr Stastny7 years ago

I like the last config example and especially the idea of having a subfolder for traccar. Unfortunately we get HTTP 503 for /gps/api/socket when using the last configuration example. Any idea how to fix this?

192.168.100.93 - admin [09/Sep/2017:14:14:54 +0200] "GET /gps/api/socket HTTP/1.1" 503 99 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.113 Chrome/60.0.3112.113 Safari/537.36"

Adding a nginx configuration like this

location /gps/api/socket/ {
        proxy_pass http://localhost:8082/api/socket/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

only leads to HTTP 301 / Permanently moved for the /api/socket

192.168.100.93 - admin [09/Sep/2017:14:20:14 +0200] "GET /gps/api/socket HTTP/1.1" 301 184 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.113 Chrome/60.0.3112.113 Safari/537.36"

any further ideas how to fix this?

Zecman7 years ago

I tried a lot to get rid of any errors and warnings in the log and ended up with this:

      location /gps/ {
         proxy_set_header        Host                 $host;
         proxy_set_header        X-Forwarded-Host     $host;
         proxy_set_header        X-Forwarded-Server   $host;
         proxy_set_header        X-Real-IP            $remote_addr;
         proxy_set_header        X-Forwarded-For      $proxy_add_x_forwarded_for;
         
         proxy_set_header        Upgrade              $http_upgrade;
         proxy_set_header        Connection           "upgrade";
         proxy_http_version      1.1;
         
         proxy_cookie_path       /api /gps/api;

         proxy_redirect          http://127.0.0.1:8082/           /gps/;
         proxy_redirect          ws://127.0.0.1:8082/api/socket   /gps/api/socket;
         proxy_pass              http://127.0.0.1:8082/;

         proxy_read_timeout      600s;
      }

It's not as simple as my first post but works now very well for me. Also with the Android clients (tracker and management app).
Use <domain>.com/gps as server URL in the clients also.

Alejandro Rivas7 years ago

I dont understand why you add /api/socket

fmarkos5 years ago

apache vhost change to your domain / LAN-ip:

<VirtualHost *:443>
ServerName gps.mydomain.com

ProxyPass /api/socket ws://10.0.0.13:8082/api/socket
ProxyPassReverse /api/socket ws://10.0.0.13:8082/api/socket

ProxyPass / http://10.0.0.13:8082/
ProxyPassReverse / http://10.0.0.13:8082/

ErrorLog ${APACHE_LOG_DIR}/gps-ssl_error.log
CustomLog ${APACHE_LOG_DIR}/gps-ssl_access.log combined
LogLevel error
</VirtualHost>
Edilon Carvalho 5 years ago

how do i install this service on ubunto and what file should i change with the settings you mentioned above for traccar. Someone would have a step by step.

Edilon Carvalho 5 years ago

Where do I put these parameters?

Karol Switon4 years ago

You put this paramers here nano /etc/nginx/conf.d/default.conf .Here are the settings to get Traccar working in a Nginx proxy on my server.
Please remeber that diffrent devices use different ports.

        server {
        listen 5013 ssl http2;
        server_name [PUT HERE YOUR SERVER IP OR NAME];
        ssl_certificate /etc/nginx/ssl/cert.pem;
        ssl_certificate_key /etc/nginx/ssl/cert.key;

        location / {
        proxy_pass 0.0.0.0:8082;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
        location /api/socket {
        proxy_pass 0.0.0.0:8082/api/socket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

}
oharahay2 years ago

dear friends

tell me how to do it right to make a redirect for the modern path if traccar is located on a separate path /gps/ in the nginx config

104.28.xxx.xxx - - [27/May/2022:12:50:36 +0300] "GET /gps/ HTTP/1.1" 200 462 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15"
104.28.xxx.xxx - - [27/May/2022:12:50:36 +0300] "GET /gps/app.css HTTP/1.1" 200 1134 "https://mx3.sat.com/gps/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15"
104.28.xxx.xxx - - [27/May/2022:12:50:36 +0300] "GET /gps/load.js HTTP/1.1" 200 7834 "https://mx3.sat.com/gps/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15"

104.28.xxx.xxx - - [27/May/2022:12:50:36 +0300] "GET /modern/ HTTP/1.1" 404 266 "https://mx3.sat.com/gps/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15"
oharahay2 years ago

as an example, I took the config provided by Zecman in my last post

 location /gps/ {
         proxy_set_header        Host                 $host;
         proxy_set_header        X-Forwarded-Host     $host;
         proxy_set_header        X-Forwarded-Server   $host;
         proxy_set_header        X-Real-IP            $remote_addr;
         proxy_set_header        X-Forwarded-For      $proxy_add_x_forwarded_for;

         proxy_set_header        Upgrade              $http_upgrade;
         proxy_set_header        Connection           "upgrade";
         proxy_http_version      1.1;

         proxy_cookie_path       /api /gps/api;

         proxy_redirect          http://127.0.0.1:8083/           /gps/;
         proxy_redirect          ws://127.0.0.1:8083/api/socket   /gps/api/socket;
         proxy_pass              http://127.0.0.1:8083/;

         proxy_read_timeout      600s;
      }
dreamway2 years ago

@oharahay

I added rewrite directive before the redirection code and it works.

rewrite ^/modern(/.*)$ /gps/modern$1;
rewrite ^/api(/.*)$ /gps/api$1;

location /gps {
    ...
}