Android Client SSL

box4 years ago

While attempting to apply SSL to my use of Traccar I have hit a road block. I have successfully configured the server web interface, however I am now having difficulty securing the client connection. The end goal is to use both Android as well as iOS devices, however I only have access to Android for testing right now.

I am running a lighttpd instance on the same server for another application so I am using HAProxy as both a proxy to run Traccar alongside it as well as to provide SSL termination. HAProxy is currently configured as follows:

Frontend                Backend
SSL port 443     >>>    SSL port 444       lighttpd
SSL port 550     >>>    port 8082          Traccar web interface
SSL port 55000   >>>    port 5055          Traccar client interface

As far as I can tell my HAProxy configuration appears to be functioning correctly. Navigating to https://mydomain via web browser correctly routes to the lighttpd server, and https://mydomain:550 correctly goes to the Traccar web interface. However, using https://mydomain:55000 in the Android client results in "Send Failed" errors being displayed. In addition I see no output in both HAProxy and Traccar logs.

Navigating to https://mydomain:55000 via a web browser results in a HTTP 400 error which I believe is expected. The HAProxy log indicates this interaction. The Traccar log reports a connection and displays two osmand HEX entries, afterward reporting the connection being reset by peer and then a disconnection. This leads me to believe my HAProxy configuration is correct and SSL termination is operating correctly.

If I disable SSL termination for port 55000 and change the server URL in the client to http://mydomain:55000, everything functions correctly. Additionally, I have substituted my static IP address in place of the domain with identical results between http and https.

A final troubleshooting step I performed was to reconfigure HAProxy to proxy between port 443 and port 5055 for Traccar. When using https://mydomain in the client I again see "Send Failed" errors but now see SSL handshake errors in the HAProxy log.

I am using Traccer Server Version 4.11 installed via the Linux installer. My Android client is version 6.5 running on Android version 9. I am using a near default Traccar configuration file with the only exception being the addition of "logger.enable" to have detailed logging.

Everything I am seeing leads me to believe the Traccar client is having an issue with using https and/or SSL. Whether it is a certificate specific issue, or something simpler I can't be sure. Is there any additional logging that I would be able to review, other than that provided in-app under status? Any additional troubleshooting steps I could try?

Thank you.

Anton Tananaev4 years ago

Make sure to test your SSL configuration with something like this:

https://www.ssllabs.com/ssltest/

For example, common problem is a missing certificate in the chain. Browser might be able to handle it correctly, but the app can throw an error.

box4 years ago

That is exactly what the issue was. My server was not sending the intermediate certificate which SSL Labs reported as needing an extra download. The browsers easily handle that, but the app of course did not. Extremely simple fix to reconfigure the certificate and it is now functioning correctly.

Thank you Anton for the link and your work on the project.