Manager custom URL issue
I have similar issues with the traccar manager app and therefore append my post here.
My server is running fine, it's accessible via the web interface at https://www.jotelha.de/gps/ with valid let's encrypt certificates, configured for appearing below the /gps subdirectory and redirecting insecure connections as described at https://www.traccar.org/secure-connection/. The traccar manager Android app just won't connect, no matter what kind of URL variant I try.
The actual configuration can be found at https://github.com/jotelha/traccar-docker/tree/httpd, in particular the modified apache2 config files at https://github.com/jotelha/traccar-docker/tree/httpd/compose/local/httpd/usr/local/apache2/conf.
Any hint towards a possible source of the issue appreciated. Thanks!
A little bit more information for discussion:
The manager app queries the subdirectory /api/server ( see https://github.com/traccar/traccar-manager-android/blob/3b90adaf353363e900a3afad0a97ab6d8fe57c3b/app/src/main/java/org/traccar/manager/StartFragment.java#L69) and looking at this API interface on my server https://jotelha.de/gps/api/server yields the JSON document
{"id":1,"attributes":{},"registration":true,"readonly":false,"deviceReadonly":false,"map":null,"bingKey":null,"mapUrl":null,"latitude":0.0,"longitude":0.0,"zoom":0,"twelveHourFormat":false,"forceSettings":false,"coordinateFormat":null,"limitCommands":false,"poiLayer":null,"version":"4.10"}while looking at the official demo server's response at http://demo.traccar.org/api/server yields
{"id":1,"attributes":{},"registration":true,"readonly":false,"deviceReadonly":false,"map":"","bingKey":"","mapUrl":"http://mt0.google.com/vt/lyrs=m&hl=es&x={x}&y={y}&z={z}&s=Ga","latitude":51.507222,"longitude":-0.1275,"zoom":6,"twelveHourFormat":false,"forceSettings":false,"coordinateFormat":"","limitCommands":false,"poiLayer":"","version":"4.10"}The response headers compare as follows:
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/json
Date: Mon, 10 Aug 2020 19:29:01 GMT
Keep-Alive: timeout=5, max=100
Server: Jetty(9.4.30.v20200611)
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.7,de;q=0.3
Connection: keep-alive
Host: jotelha.de
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0against
Content-Length: 370
Content-Type: application/json
Date: Mon, 10 Aug 2020 19:34:57 GMT
Server: Jetty(9.4.30.v20200611)
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.7,de;q=0.3
Connection: keep-alive
Host: demo.traccar.org
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
I don't really see any issues. I guess the best option would be to debug the Manager code and see why it fails.
Debugged it in Android studio, turned out to be a beginner's error on the server's configuration:
Traccar Manager throws a complaint about the SSL certificate chain
W/StartFragment: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:362)
at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:841)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.access$100(ConscryptEngineSocket.java:714)
at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:238)
at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:217)
at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:196)
at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:153)
at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:116)
at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:186)
at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:128)
at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:97)
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:289)
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:232)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:465)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:411)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:248)
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:211)
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:30)
at org.traccar.manager.StartFragment$1.doInBackground(StartFragment.java:72)
at org.traccar.manager.StartFragment$1.doInBackground(StartFragment.java:63)
at android.os.AsyncTask$3.call(AsyncTask.java:394)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:305)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:661)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:510)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:428)
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:356)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:161)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:250)
at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1644)
at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:568)
W/StartFragment: at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)
... 28 more
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
... 41 moreand that was due to the server (let's encrypt certificates pulled by certbot) pointing to the bare certificate (cert.pem) instead of the full chain (fullchain.pem), see https://certbot.eff.org/docs/using.html#where-are-my-certificates. Only needed https://github.com/jotelha/traccar-docker/commit/9f24513dfe23a69137adabe49673cb69a6c6ee45 in the server's config, now working. Somehow, standard browsers did not complain.
Interesting. What version of Android do you have?
I have installed traccar on my website with different links and one of these links is the traccar itself. When I use the format
https://www.mydomain.comfor the server input into the manager, the page opens, but I have to navigate to the proper tab and then everything works well.When I use the direct link to the server
https://www.mydomain.com/traccar.htmlwhen specifying the server link in the manager, I get the 'Server connection failed" error.Any help is greatly appreciated.
Thank you