Osmand SSL not an ssl tls record - web and others work ok

Soporte6 months ago

Using Apache I could set traccar web (on port 8092 ) to load ok using https

Using this configuration

Server: gps.myhiddenserver.com

Teltonika and chinese trackers works ok, so the web platform

Its just android client, that I cant put to work ok, I think I'm almost there, But I need some help from you to point the error.

file:

/etc/httpd/conf.d/gps.myhiddenserver.com.conf
<VirtualHost *:80>
    ServerName gps.myhiddenserver.com
    
    # redireccionar todo a la conexion segura
    Redirect / https://gps.myhiddenserver.com/

    ErrorLog /var/log/httpd/gps.myhiddenserver.com-error.log
    CustomLog /var/log/httpd/gps.myhiddenserver.com-access.log combined
    
    # lo de abajo fue agregado por el bot de lets encrypt
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =gps.myhiddenserver.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>

file:

/etc/httpd/conf.d/gps.myhiddenserver.com-le-ssl.conf
<IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost *:443>
    ServerName gps.myhiddenserver.com
    # ServerAlias gps.myhiddenserver.com
    DocumentRoot /var/www/gps.myhiddenserver.com/html

    <Directory /var/www/gps.myhiddenserver.com/html>
        Options -Indexes +FollowSymLinks
        AllowOverride All
    </Directory>

    ErrorLog /var/log/httpd/gps.myhiddenserver.com-error.log
    CustomLog /var/log/httpd/gps.myhiddenserver.com-access.log combined

    # redireccionar a traccar 

        ProxyPass /api/socket ws://localhost:8092/api/socket
        ProxyPassReverse /api/socket ws://localhost:8092/api/socket

        ProxyPass / http://localhost:8092/
        ProxyPassReverse / http://localhost:8092/

    # redireccionar a traccar

    ProxyPass / http://localhost:4435/
        ProxyPassReverse / http://localhost:4435/

    # fin redireccionar a traccar

SSLCertificateFile /etc/letsencrypt/live/gps.myhiddenserver.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/gps.myhiddenserver.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
SSLUseStapling on
</VirtualHost>
</IfModule>

file:

traccar.xml

....

        <entry key='filter.enable'>true</entry>
        <entry key='filter.maxSpeed'>110</entry>
        <entry key='filter.duplicate'>true</entry>
    <entry key='filter.zero'>true</entry>
    <entry key='filter.duplicate'>true</entry>
    <entry key='filter.distance'>90</entry>
    <entry key='filter.future'>86400</entry>

    <entry key='filter.invalid'>true</entry>
    <entry key='filter.skipAttributes.enable'>true</entry>
    <entry key='filter.skipAttributes'>alarm,ignition,result</entry>

    <entry key='web.sanitize'>false</entry>
    <entry key='web.url'>https://myhiddenserver.com</entry>

    <entry key="coordinates.filter">true</entry>
        <entry key="coordinates.minError">50</entry>

    <entry key='web.port'>8092</entry>

    <entry key='osmand.port'>4435</entry>
    <entry key='osmand.ssl'>true</entry>

....

traccar client url points to:

https://gps.myhiddenserver.com:4435

Also tried with:

https://gps.myhiddenserver.com
https://myhiddenserver.com

As you can see in the log, port 4435 is open, Algo, 80, 443, 5027, 5001, and 5055 (if needed)

2024-06-25 15:10:45  INFO: [T83b12a4f] error - not an SSL/TLS record: 504f5354202f3f69643d3738393435362674696d657374616d703d31373139333432363432266c61743d2d32352e34393535383334266c6f6e3d2d35342e363635323832322673706565643d302e302662656172696e673d302e3026616c7469747564653d3232332e33393939393338393634383433382661636375726163793d31322e3331303030303431393631363726626174743d34332e3020485454502f312e310d0a557365722d4167656e743a2044616c76696b2f322e312e3020284c696e75783b20553b20416e64726f69642031343b2043504832363033204275696c642f555031412e3233303632302e303031290d0a582d466f727761726465642d486f73743a206770732e6770736d6178666c65742e636f6d0d0a582d466f727761726465642d466f723a203139302e3130342e3137362e3139300d0a4163636570742d456e636f64696e673a20677a69700d0a582d466f727761726465642d5365727665723a206770732e6770736d6178666c65742e636f6d0d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a5669613a20312e312072322e6770736d6178666c65742e636f6d0d0a582d466f727761726465642d466f723a205b303a303a303a303a303a303a303a315d0d0a582d466f727761726465642d50726f746f3a20687474700d0a582d466f727761726465642d486f73743a206c6f63616c686f73743a383039320d0a582d466f727761726465642d5365727665723a205b303a303a303a303a303a303a303a315d0d0a486f73743a206c6f63616c686f73743a343433350d0a436f6e74656e742d4c656e6774683a20300d0a0d0a - NotSslRecordException (...)
2024-06-25 15:10:45  INFO: [T83b12a4f] disconnected
2024-06-25 15:11:16  INFO: [Tee79ce48] connected
2024-06-25 15:11:16  INFO: [Tee79ce48] error - not an SSL/TLS record: 504f5354202f3f69643d3738393435362674696d657374616d703d31373139333432363432266c61743d2d32352e34393535383334266c6f6e3d2d35342e363635323832322673706565643d302e302662656172696e673d302e3026616c7469747564653d3232332e33393939393338393634383433382661636375726163793d31322e3331303030303431393631363726626174743d34332e3020485454502f312e310d0a557365722d4167656e743a2044616c76696b2f322e312e3020284c696e75783b20553b20416e64726f69642031343b2043504832363033204275696c642f555031412e3233303632302e303031290d0a582d466f727761726465642d486f73743a206770732e6770736d6178666c65742e636f6d0d0a582d466f727761726465642d466f723a203139302e3130342e3137362e3139300d0a4163636570742d456e636f64696e673a20677a69700d0a582d466f727761726465642d5365727665723a206770732e6770736d6178666c65742e636f6d0d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a5669613a20312e312072322e6770736d6178666c65742e636f6d0d0a582d466f727761726465642d466f723a205b303a303a303a303a303a303a303a315d0d0a582d466f727761726465642d50726f746f3a20687474700d0a582d466f727761726465642d486f73743a206c6f63616c686f73743a383039320d0a582d466f727761726465642d5365727665723a205b303a303a303a303a303a303a303a315d0d0a486f73743a206c6f63616c686f73743a343433350d0a436f6e74656e742d4c656e6774683a20300d0a0d0a - NotSslRecordException (...)
2024-06-25 15:11:16  INFO: [Tee79ce48] disconnected
2024-06-25 15:11:47  INFO: [T95ac283f] connected
2024-06-25 15:11:47  INFO: [T95ac283f] error - not an SSL/TLS record: 504f5354202f3f69643d3738393435362674696d657374616d703d31373139333432363432266c61743d2d32352e34393535383334266c6f6e3d2d35342e363635323832322673706565643d302e302662656172696e673d302e3026616c7469747564653d3232332e33393939393338393634383433382661636375726163793d31322e3331303030303431393631363726626174743d34332e3020485454502f312e310d0a557365722d4167656e743a2044616c76696b2f322e312e3020284c696e75783b20553b20416e64726f69642031343b2043504832363033204275696c642f555031412e3233303632302e303031290d0a582d466f727761726465642d486f73743a206770732e6770736d6178666c65742e636f6d0d0a582d466f727761726465642d466f723a203139302e3130342e3137362e3139300d0a4163636570742d456e636f64696e673a20677a69700d0a582d466f727761726465642d5365727665723a206770732e6770736d6178666c65742e636f6d0d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a5669613a20312e312072322e6770736d6178666c65742e636f6d0d0a582d466f727761726465642d466f723a205b303a303a303a303a303a303a303a315d0d0a582d466f727761726465642d50726f746f3a20687474700d0a582d466f727761726465642d486f73743a206c6f63616c686f73743a383039320d0a582d466f727761726465642d5365727665723a205b303a303a303a303a303a303a303a315d0d0a486f73743a206c6f63616c686f73743a343433350d0a436f6e74656e742d4c656e6774683a20300d0a0d0a - NotSslRecordException (...)
2024-06-25 15:11:47  INFO: [T95ac283f] disconnected

apache log from myhiddenserver.com

my hidden ip is: 123.123.123.123

[root@r2 logs]# tail -n 50 gps.myhiddenserver.com-error.log
[Tue Jun 25 13:35:30.017580 2024] [proxy:error] [pid 36186:tid 140130866120448] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8092 (localhost) failed
[Tue Jun 25 13:35:30.017645 2024] [proxy_http:error] [pid 36186:tid 140130866120448] [client 123.123.123.123:50174] AH01114: HTTP: failed to make connection to backend: localhost, referer: https://gps.myhiddenserver.com/
[Tue Jun 25 13:35:30.180258 2024] [proxy:error] [pid 36186:tid 140130975160064] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8092 (localhost) failed
[Tue Jun 25 13:35:30.180297 2024] [proxy_http:error] [pid 36186:tid 140130975160064] [client 123.123.123.123:50175] AH01114: HTTP: failed to make connection to backend: localhost, referer: https://gps.myhiddenserver.com/
[Tue Jun 25 13:35:30.889477 2024] [proxy:error] [pid 36186:tid 140131008730880] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8092 (localhost) failed
[Tue Jun 25 13:35:30.889512 2024] [proxy_http:error] [pid 36186:tid 140131008730880] [client 123.123.123.123:50177] AH01114: HTTP: failed to make connection to backend: localhost, referer: https://gps.myhiddenserver.com/
[Tue Jun 25 13:35:30.991236 2024] [proxy:error] [pid 36184:tid 140131213678336] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8092 (localhost) failed
[Tue Jun 25 13:35:30.991284 2024] [proxy_http:error] [pid 36184:tid 140131213678336] [client 123.123.123.123:50178] AH01114: HTTP: failed to make connection to backend: localhost, referer: https://gps.myhiddenserver.com/

log show error, but I don't know where to start for fixing it

Some help from you would be appreciated

Track-trace6 months ago

From your log you can see this.

POST /?id=789456×tamp=1719342642&lat=-25.4955834&lon=-54.6652822&speed=0.0&bearing=0.0&altitude=223.39999389648438&accuracy=12.3100004196167&batt=43.0 HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 14; CPH2603 Build/UP1A.230620.001)
X-Forwarded-Host: gps.gpsmaxflet.com
X-Forwarded-For: 190.104.176.190
Accept-Encoding: gzip
X-Forwarded-Server: gps.gpsmaxflet.com
Content-Type: application/x-www-form-urlencoded
Via: 1.1 r2.gpsmaxflet.com
X-Forwarded-For: [0:0:0:0:0:0:0:1]
X-Forwarded-Proto: http
X-Forwarded-Host: localhost:8092
X-Forwarded-Server: [0:0:0:0:0:0:0:1]
Host: localhost:4435
Content-Length: 0
Track-trace6 months ago

In your traccar client app on your android phone just point the server url to: https://gps.gpsmaxflet.com

Anton Tananaev6 months ago

It seems like you're trying to use port 4435 as HTTPS even though it's not HTTPS.