opnsense HAproxy and traccar
If you got this in your config in your HAproxy it might be the issue:
# Backend: trac_backend (traccar backend)
backend trac_backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
http-reuse safe
server trac_server 192.168.1111.111:35000 ssl192.168.????.111:35000
Appreciate the response!
Great catch!
Unfortunately, that was a only a typo here in trying to make the IPs easier to read. The config in haproxy does not have that typo.
Hello again - I think there are some bugs with the HAproxy at the moment with OPNSense, so I went the nginx route instead.
I was able to configure the UI in OPNSense and the traccar.mydomain.com is working from the Internet.
I have added a device to test, but it shows up offline in the traccar portal despite the nginx logs appearing to work as shown below.
Any ideas on what I've done wrong?
18/Feb/2024:00:21:16 -0500 xxx.xxx.103.13 - 302 138 Dalvik/2.1.0 (Linux; U; Android 13; SM-N986U1 Build/TP1A.220624.014) - POST /?id=12345×tamp=1708233675&lat=xx.1817833&lon=-xx.504514&speed=0.0&bearing=0.0&altitude=xx.70000076293945&accuracy=16.277999877929688&batt=47.0 HTTP/1.1
18/Feb/2024:00:21:16 -0500 xxx.xxx.103.13 - 302 138 Dalvik/2.1.0 (Linux; U; Android 13; SM-N986U1 Build/TP1A.220624.014) - POST /?id=12345×tamp=1708233645&lat=xx.1817672&lon=-xx.5045086&speed=0.0&bearing=0.0&altitude=xx.60000228881836&accuracy=16.398000717163086&batt=47.0 HTTP/1.1Normally you would point your device (galaxy note 20) to traccar port 5055 (osmand)
And logicly make sure the port is open from the internet.
Thanks. I created another config in nginx for Port 5055 at traccarclient.mydomain.com.
I then configured the client to go to that server. Seems to be the same behavior.
I am able to access the admin UI without issue via traccar.mydomain.com
traccar.estadt.me with public IP - > nginx for https and reverse proxy - > internal server 192.xxx.xxx.xxx:32400
What would need to be different for the client connection on port 5055?
If you open your firewall to allow acces to port 5055 on traccar server that has nothing to do with nginx.
Ah, sorry, I misunderstood your post.
The firewall should have access to the server and all ports by default.
There are no specific rules for any of the other services running on the same 192.xxx.xxx.xxx server (including port 32500 for the admin UI).
I will double check the firewall logs, but assuming that is not the case, any ideas why the successful 302s for the traccar client?
Assuming something is not right with the nginx config as nothing is being blocked.
I am only a beginner and am not understanding why the GET requests return 200 and work without issue, but the POSTs are returning 302 and potentially are not making it to the backend traccar server in the correct fashion.
I tried to change the logs to severe in the traccar.xml to see if I could get any more information, but unfortunately, that resulted in the logfile not being created until I reverted back to info.
to get better logging, switched over to caddy - simple configuration which has the admin UI working (aka manager).
traccar.mydomain.com is easily accessible from the Internet after logging in
configured the android client to point to the traccar.mydomain.com
caddy logs show:
"info","ts":"2024-02-18T18:27:25Z","logger":"http.log.access.5564f6a8-789f-4797-9148-2156943d5128","msg":"handled request","request":{"remote_ip":"166.xxx.xxx.xxx","remote_port":"64896","client_ip":"166.xxx.xxx.xxxx","proto":"HTTP/1.1","method":"POST","host":"traccar.mydomain.com","uri":"/?id=12345×tamp=1708280659&lat=xx.181772&lon=-xx.5044574&speed=0.0&bearing=0.0&altitude=xx.70000076293945&accuracy=100.0&batt=68.0","headers":{"User-Agent":["Dalvik/2.1.0 (Linux; U; Android 13; SM-N986U1 Build/TP1A.220624.014)"],"Connection":["keep-alive"],"Accept-Encoding":["gzip"],"Content-Length":["0"],"Via":["HTTP/1.1 zway2amcuc01ism001.wnsnet.attws.com"],"Content-Type":["application/x-www-form-urlencoded"]}},"bytes_read":0,"user_id":"","duration":0.000040073,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://traccar.mydomain.com/?id=12345×tamp=1708280659&lat=xx.181772&lon=-xx.5044574&speed=0.0&bearing=0.0&altitude=xx.70000076293945&accuracy=100.0&batt=68.0"],"Content-Type":[]}}ran a netstat on the server and 5055 is being listened to - is there a GET vs POST configuration issue I need to correct?
it started working - I didn't make any changes ... hmmmm, something changed somehow, but do not know what - glad it is working now
Hello all - I am hoping to get some help.
I have an opnsense firewall with a configured HAProxy to handle SSL of my own domain (mydomain.com).
Traccar is presently running on a windows box where a plex server is also running.
I have been successful in configuring the plex server with the HAproxy, but when trying to do the same thing with traccar, I end up getting a 503.
e.g.
plex.mydomain.com works well with SSL handled properly via the cert for *.mydomain.com via Let's Encrypt CA
trac.mydomain.com SSL is valid like plex.mydomain.com, but I receive a 503
the traccar.xml has the following (are other params needed?):
HAProxy is configured as such: