Clarification on SSL/TLS encrypted secure connection

serguin7 months ago

Hello community! There are 2 specific questions regarding Secure Connection setup:

1- For the configuration mentioned above, should I add the following entries to the "traccar.xml" configuration file?
-protocol
-port
-webSocketPort
-geolocation provider
-ssl certificate file
-sslFileKey

Or is simply the guide published at: https://www.traccar.org/secure-connection/?

2- If I already have the <entry key='web.port'>80</entry> parameter, should I change it to the default value "8082" and then continue with the secure connection setup?

Anton Tananaev7 months ago
  1. Why are you asking this?
  2. Change it to 8082.
serguin7 months ago

Hello Anton, thank you for your answer, I ask point 1 because I have read in the documentation https://www.traccar.org/configuration-file/ that these entries are related in some way to SSL but I was not totally sure if it is necessary to add them.

sdntech7 months ago

I have the same question, @Serguin. Also, my web server is already running on port 80, just like yours. I am going to try AWS ACM with ALB and let's see if it works.
@Anton, why change to port 8082 when you are running it on the cloud? We need an additional 443 support that can be achieved by letsencrypt or cloud provider certificates combined with their load balancers, so reverting to port 8082 is not necessary in my opinion.

serguin7 months ago

Hello @sdntech, as @Anton said, I followed his instructions and removed the port entry "80" from my traccar.xml file so that it took the default "8082" and then I followed the guide published at https://www.traccar.org/secure-connection/ and everything worked correctly, thanks again @Anton you are the best.

Anton Tananaev7 months ago

If Traccar is using port 80, then it will be additional pain to set up web server to use another port for the certificate request. I'm not even sure it supports alternative ports.

sdntech7 months ago

As I mentioned, I am going to try with AWS ACM and I got it working.
Here is my setup, read right to left-

  • Traccar listening on Port 80 <-- Application load Balancer listening on port 443 <-- User Access via HTTPS

please see the snippet for https reply below

sdntech#05/19/24:~$curl https://safezzzz.in
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <meta name="theme-color" content="#1a237e" />
    <meta name="description" content="Traccar GPS Tracking System" />
    <link rel="icon" href="/favicon.ico" />
    <link rel="apple-touch-icon" href="/apple-touch-icon-180x180.png" sizes="180x180" />
    <link rel="manifest" href="/manifest.webmanifest" />
    <link rel="stylesheet" href="/styles.css">
    <title>Traccar</title>
    <script type="module" crossorigin src="/assets/index-KtPqO9zj.js"></script>
    <link rel="stylesheet" crossorigin href="/assets/index-bRgzYBc7.css">
  <link rel="manifest" href="/manifest.webmanifest"></head>
  <body>
    <noscript>Enable JavaScript to use <a href="https://www.traccar.org/">Traccar GPS Tracking System</a>.</noscript>
    <div id="root" class="root"></div>
  </body>
</html>
Anton Tananaev7 months ago

Yeah, but that's not we're discussing in this topic.

sdntech7 months ago

@Anton, True, I have no intention of hijacking the discussion. I just want to add value by sharing my knowledge so we can learn from each other, like a true community.
BTW, I really admire you helping us so much with your prompt response.

Anton Tananaev7 months ago

Sharing is of course welcome, but in this case you might confuse people who just want to follow the official documentation. If you want to share your setup, you should start a new topic.