Hello all,
I am unsure what to search for in the forum, so I am forced to ask this question.
I have set up traccar now on FreeBSD (server with public IP) and I am using supervisor to start/stop/restart it. All that is fine.
I have a web UI behind Apache reverse proxy. That too is loading fine. I serve the web UI via SSL, with a valid letsencrypt certificate.
root@gw:/opt/traccar/logs # egrep -v '^$|^.*#' /usr/local/etc/apache24/Includes/traccar.cf
<VirtualHost *:80>
ServerName tc.mydomain
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://tc.mydomain/$1 [L,R=301]
</VirtualHost>
<VirtualHost *:443>
ServerName tc.mydomain
DocumentRoot /opt/traccar
ProxyPreserveHost On
ProxyRequests Off
ProxyTimeout 120
CustomLog /var/log/apache2/traccar-access.log combined
ErrorLog /var/log/apache2/traccar-error.log
LogLevel warn
LogFormat "%h %l %u %t %{Host}i \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %V %p" combined
ProxyPass /api/socket ws://localhost:8082/api/socket
ProxyPassReverse /api/socket ws://localhost:8082/api/socket
ProxyPass "/" "http://localhost:8082/"
ProxyPassReverse "/" "http://localhost:8082/"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/usr/local/etc/letsencrypt/live/tc.mydomain/fullchain.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/tc.mydomain/privkey.pem"
SSLCACertificatePath "/usr/local/etc/letsencrypt/live/tc.mydomain"
</VirtualHost>
I use PF firewall and opened it to allow a port range between 5000 and 5100 (5000><5100). This is where my confusion begins.
root@gw:/opt/traccar/logs # sockstat -l | grep :5055 | less
root java 85260 849 tcp4 *:5055 *:*
Plus I have lots of port 5xxx open:
root@gw:/opt/traccar/logs # sockstat -l | grep :5
root java 85260 652 tcp4 *:5211 *:*
root java 85260 653 tcp4 *:5031 *:*
...
root java 85260 929 tcp4 *:5102 *:*
root java 85260 930 tcp4 *:5073 *:*
Is just allowing the port range enough or do I need to forward the ports to the application somehow?
I have installed the Android client app on my phone and configured the server URL as https://my-tc-domain:5055, but on the webUI, it shows that my device is Offline.
If it matters, I have a snipped of the tracker-server.log file at: https://pastebin.ubuntu.com/p/kQJDy5J6hh/
Any help will be appreciated.
When I do 'telnet IP-of-server 5055', I actually get connected. When I do a 'get /', then what I end up with is:
HTTP/1.1 400 Bad Request
content-length: 0
What test should I run to diagnose?
So, the port is accessible. If possible, I can provide you will access privately.
We have several troubleshooting guides you can follow.
Responding to myself - when I configure the client with HTTP instead of HTTPS, then it is able to connect.
Is this expected? Does that mean that on the client side, no encryption takes place?
Not sure I understand the question. If you configure HTTPS, there will be encryption. If not, there won't be.
My question is about the Android Traccar client. When I configure Server URL as HTTPS://FQDN:5055
, it does not work - meaning the device doesn't register on the system.
When I change Server URL to HTTP://FQDN:5055
, then I see the device registered on the system, hence my question: Does the client not support HTTPS?
The client app supports both. Obviously for HTTPS to work you have to enable it on the server side.
Thanks for the very timely responses.
I am looking at https://www.traccar.org/configuration-file/ and TBH, I'd have been happy if examples or the options were given, and a little bit more detail added.
I am unable to figure out what I should add to traccar.xml to enable devices to use Server URL with HTTPS.
It has nothing to do with Traccar configuration. You have to configure an external proxy.
Hello all,
I am unsure what to search for in the forum, so I am forced to ask this question.
I have set up traccar now on FreeBSD (server with public IP) and I am using supervisor to start/stop/restart it. All that is fine.
I have a web UI behind Apache reverse proxy. That too is loading fine. I serve the web UI via SSL, with a valid letsencrypt certificate.
I use PF firewall and opened it to allow a port range between 5000 and 5100 (5000><5100). This is where my confusion begins.
Plus I have lots of port 5xxx open:
Is just allowing the port range enough or do I need to forward the ports to the application somehow?
I have installed the Android client app on my phone and configured the server URL as https://my-tc-domain:5055, but on the webUI, it shows that my device is Offline.
If it matters, I have a snipped of the tracker-server.log file at: https://pastebin.ubuntu.com/p/kQJDy5J6hh/
Any help will be appreciated.