I want api response only when calling from one of my domains, tested web.origin in traccar.xml with no luck (restarted, service and os).
compiled server with intellij and at least response header changed to the configured domain (edited corsResponseFilter.java
) in line 39:
private static final String ORIGIN_ALL = "http://myserverdomain.com";
I've configured apache to redirect web interface to a secure connection, and everything is working ok;
But still responding to any domain, could you help me how to achieve that ?
Request
HTTP/1.1 200 OK
Date: Thu, 13 Oct 2022 20:06:55 GMT
Server: Jetty(10.0.12)
Strict-Transport-Security: max-age=31536000
Content-Type: application/json
access-control-allow-headers: origin, content-type, accept, authorization
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: http://myhiddendomainname.com
Content-Length: 576
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
From
GET /api/server HTTP/1.1
Host: myhiddendomainname.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Connection: keep-alive
Cookie: JSESSIONID=node01457p4sfsenn1d8isc8dm4gem371.node0
Apache conf to secure connection
ServerName gps.myhiddendomainname.com
# ServerAlias gps.myhiddendomainname.com
DocumentRoot /var/www/gps.myhiddendomainname.com/html
#<Directory /var/www/gps.myhiddendomainname.com/html>
# Options -Indexes +FollowSymLinks
# AllowOverride All
#</Directory>
ProxyPass /api/socket ws://localhost:9862/api/socket
ProxyPassReverse /api/socket ws://localhost:9862/api/socket
ProxyPass / http://localhost:9862/
ProxyPassReverse / http://localhost:9862/
ErrorLog /var/log/httpd/gps.myhiddendomainname.com-error.log
CustomLog /var/log/httpd/gps.myhiddendomainname.com-access.log combined
SSLCertificateFile /etc/letsencrypt/live/gps.myhiddendomainname.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/gps.myhiddendomainname.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
SSLUseStapling on
PS: traccar 5.4 Rocky 8, apache.
I want api response only when calling from one of my domains, tested web.origin in traccar.xml with no luck (restarted, service and os).
compiled server with intellij and at least response header changed to the configured domain (edited
corsResponseFilter.java
) in line 39:I've configured apache to redirect web interface to a secure connection, and everything is working ok;
But still responding to any domain, could you help me how to achieve that ?
Request
From
Apache conf to secure connection
PS: traccar 5.4 Rocky 8, apache.