Tutorial: How to secure Traccar with SSL / HTTPS for free, using IIS and Let’s Encrypt on Windows Server

Freekers6 years ago

You have a typo in your 'Inbound Rule'.
You have 'localhost:8083' but by default it's 'localhost:8082'
Please check and verify if the port is correct.

Jose B6 years ago

I use localhost:8083 (the Port os correcto, ir né I am not using the default)

Freekers6 years ago

In your previous post you said "Using "http//mydomain:8082" {in the same moment in other tab, in the same browser, etc} I do not have this message.". So which one is it :) ?

Jose B6 years ago

Pls, consider https://localhost:8083 and http://localhost:8083, I mean, using the same URL: with HTTPS I have the message off websocket error

Freekers6 years ago

Ah, I see. When using HTTPS, remove the port, so just 'https://localhost'.
Kind regards.

Jose B6 years ago

did not work! If you are available, I could share my desktop with you

Regards
JB

Freekers6 years ago

Send me an email through the contact form on my website so we can plan a remote session.

Jose B6 years ago

Tks , I already did that on form of website.

Regards

JB (JBFelizberto@gmail.com)

Jose B6 years ago

Freek, I would like to say thank you a lot for all help. Everything is working perfectly

JB

Freekers6 years ago

Good to hear everything is working as it should now :) It was a bit of a puzzle, but I like a challenge! I will update my blog this weekend so that others know what has to be done to fix the websocket error.

cesaruben_ctes6 years ago

Hello, you could comment on how to solve the websocket error. Thank you

Freekers6 years ago

Sorry, I've been busy. I still need to update my blog, but here are the steps to fix the websocket error:

First of all, it looks like the problem only occurs in Google Chrome. If you open your Traccar in Internet Explorer, the problem does not occur, correct? Here is explained why: https://stackoverflow.com/a/50861413

Since we are redirecting an unsecure websocket to local host via our reverse proxy, we need to trick Chrome.
To do so, we need to clear the 'Sec-WebSocket'Extensionss' header on incoming requests. Here is how to do it:

  1. First add the server variable to IIS manager: Your site > URL Rewrite > View Server Variables… > Add: HTTP_SEC_WEBSOCKET_EXTENSIONS

  2. Add the variable to the inbound rule that forwards requests to Traccar. This is my rule in web.config:

                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:8082/{R:1}" />
                    <serverVariables>
                        <set name="HTTP_SEC_WEBSOCKET_EXTENSIONS" value="" />
                    </serverVariables>
                </rule>
  1. Restart IIS

However, you must have Application Request Routing 3.0. Version 2.5 will not work.
Again, I'll update my blog asap with more detailed steps & screenshots on how to fix the error.

parelius6 years ago

Thank you so much for this guide.
I have been ripping my hair off with this problem, and now its working.

Here is my final web.config:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
   <system.webServer>
      <rewrite>
         <outboundRules>
            <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
               <match filterByTags="A, Form, Img" pattern="^http(s)?://localhost:8082/(.*)" />
               <action type="Rewrite" value="http{R:1}://myhost.xx/{R:2}" />
            </rule>
            <preConditions>
               <preCondition name="ResponseIsHtml1">
                  <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
               </preCondition>
            </preConditions>
         </outboundRules>
         <rules>
            <rule name="ReverseProxyInboundRule1" stopProcessing="true">
               <match url="(.*)" />
               <action type="Rewrite" url="http://localhost:8082/{R:1}" />
               <serverVariables>
                  <set name="HTTP_SEC_WEBSOCKET_EXTENSIONS" value="" />
               </serverVariables>
            </rule>
         </rules>
      </rewrite>
      <urlCompression doStaticCompression="false" doDynamicCompression="false" />
      <httpRedirect enabled="false" destination="https://myhost.xx" exactDestination="false" httpResponseStatus="PermRedirect" />
   </system.webServer>
</configuration>
Turbovix6 years ago

Looking at the subject, I realized that there is no use of the HTTPS protocol, is there any reason for this?
Since you can use Let's Encrypt for this in a free way.

Freekers6 years ago

What do you mean, @Turbovix ? HTTPS is used.... it's a reverse proxy.