Enabling Encryption for Client access on setup with HTTPS enabled
Sorry, that should be:
ProxyPass /socket http://localhost:5055/ ProxyPassReverse /socket http://localhost:5055/
Your proxy config doesn't make any sense. First of all, Traccar Client port and web console port are two completely different things, so I don't understand proxying "/socket" to port 5055. It seems like you don't fully understand what you are doing. Secondly, it seems like you are keep using port 5055 directly on the phone, so your data doesn't even go through proxy.
Great, so what is the answer to my question then?
"How do you enable secure client access"
The answer is that you need to enable HTTPS proxy for port 5055.
Ok, but my question was how is that done? Have trawled through the forum without much joy.
I guess it would be something similar to what you already did:
ProxyPass / http://localhost:5055/ ProxyPassReverse / http://localhost:5055/
But then you have to configure devices to your your Apache port instead of sending data directly to Traccar.
So after hours of banging my head against the wall I figured this little tidbit out. You need to add an additional SSL Port to your /etc/apache2/ports.conf
Here is what I have in the ports.conf
Listen 80
<IfModule ssl_module>
Listen 443
Listen 4435
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
Also here is my traccar.conf file as well.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName traccar.servername.com
ServerAdmin it@email.com
DocumentRoot /var/www/html
ProxyPass /api/socket ws://localhost:8082/api/socket
ProxyPassReverse /api/socket ws://localhost:8082/api/socket
ProxyPass / http://localhost:8082/
ProxyPassReverse / http://localhost:8082/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/cert.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCertificateChainFile /etc/ssl/certs/CA.crt
</VirtualHost>
<VirtualHost *:4435>
ServerName traccar.servername.com
ServerAdmin it@email.com
DocumentRoot /var/www/html
ProxyPass / http://localhost:5055/
ProxyPassReverse / http://localhost:5055/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/cert.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCertificateChainFile /etc/ssl/certs/CA.crt
</VirtualHost>
</IfModule>
Hope this helps anyone trying to secure the client as well as the web portal.
I´m trying to set up HTTPS. Unfortunately after followinig the traccar secure connection tutorial (https://www.traccar.org/secure-connection) I can no longer reach traccar. Neither through public or private IP.
I´m new to both linux and traccar, so my skills are very limited. To be honest I have little knowledge what the commands/logs mean Any help is much appreciated!
Jul 06, 2017 12:26:35 AM org.rzo.yajsw.os.posix.PosixService getPid
INFO: wrapper pid file: /run/wrapper.traccar.pid
Jul 06, 2017 12:26:43 AM org.rzo.yajsw.os.posix.PosixService start
INFO: Starting traccar ...
YAJSW: yajsw-stable-12.08
OS : Linux/4.9.35-v7+/arm
JVM : Oracle Corporation/1.8.0_65//usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/32
************* STARTING traccar ***********************
Service traccar started
Jul 06, 2017 12:26:43 AM org.rzo.yajsw.os.posix.PosixService getPid
INFO: wrapper pid file: /run/wrapper.traccar.pid
Jul 06, 2017 12:26:44 AM org.rzo.yajsw.os.posix.PosixService getPid
INFO: wrapper pid file: /run/wrapper.traccar.pid
Jul 06, 2017 12:26:44 AM org.rzo.yajsw.os.posix.PosixService getPid
INFO: wrapper pid file: /run/wrapper.traccar.pid
Service traccar started
pi@Nespresso:/opt/traccar/logs $ tail -f tracker-server.log
2017-07-05 23:32:52 INFO: [5B8DE14B] disconnected
2017-07-05 23:32:52 INFO: [B9A26128] disconnected
2017-07-05 23:32:52 INFO: [ACFC953E] disconnected
2017-07-05 23:32:52 INFO: [1209D83D] disconnected
2017-07-05 23:32:52 INFO: [EEBA14F2] disconnected
2017-07-05 23:32:52 INFO: [5A476184] disconnected
2017-07-05 23:32:52 INFO: [D7670681] disconnected
2017-07-05 23:32:52 INFO: [11AE4A0C] disconnected
2017-07-05 23:32:52 INFO: [41F72239] disconnected
2017-07-05 23:32:52 INFO: [7D8C963E] disconnected
^Z
[5]+ Stopped tail -f tracker-server.log
pi@Nespresso:/opt/traccar/logs $ sudo nmap 192.168.0.148
Starting Nmap 6.47 ( http://nmap.org ) at 2017-07-06 00:27 CEST
Nmap scan report for 192.168.0.148
Host is up (0.000047s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 3.28 seconds
/etc/apache2 ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
Listen 4435
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet/etc/apache2/sites-available: traccar.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName 185.XXX.XXX.XXX
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ProxyPass /api/socket ws://localhost:8082/api/socket
ProxyPassReverse /api/socket ws://localhost:8082/api/socket
ProxyPass / http://localhost:8082/
ProxyPassReverse / http://localhost:8082/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
</IfModule>/opt/traccar/conf traccar.xml
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE properties SYSTEM 'http://java.sun.com/dtd/properties.dtd'>
<properties>
<!--
This is the main configuration file. All your configuration parameters should be placed in this file.
Default configuration parameters are located in the "default.xml" file. You should not modify it to avoid issues
with upgrading to a new version. Parameters in the main config file override values in the default file. Do not
remove "config.default" parameter from this file unless you know what you are doing.
For list of available parameters see following page: https://www.traccar.org/configuration-file/
-->
<entry key="config.default">./conf/default.xml</entry>
<entry key='database.driver'>org.h2.Driver</entry>
<entry key='database.url'>jdbc:h2:./data/database</entry>
<entry key='database.user'>sa</entry>
<entry key='database.password'></entry>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName 185.XXX.XXX.XXX
ServerAdmin XXXw@gmail.com
DocumentRoot /var/www/html
ProxyPass /api/socket ws://localhost:8082/api/socket
ProxyPassReverse /api/socket ws://localhost:8082/api/socket
ProxyPass / http://localhost:8082/
ProxyPassReverse / http://localhost:8082/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/cert.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCertificateChainFile /etc/ssl/certs/CA.crt
</VirtualHost>
<VirtualHost *:4435>
ServerName 185.XXX.XXX.XXX
ServerAdmin XXXw@gmail.com
DocumentRoot /var/www/html
ProxyPass / http://localhost:5055/
ProxyPassReverse / http://localhost:5055/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/cert.crtAny help regarding this matter is much appreciated
Kind regards
Why are you putting Apache configuration into Traccar? Settings up SSL proxy has actually nothing to do with Traccar. Don't change any Traccar configuration!!! You just have to configure Apache. There is plenty of information on internet on how to do it.
Ok, new clean image and installed both traccar and Apache from scratch. Both tutorials according to the traccar site Still no luck. However I´m now reaching the Apache2 Debian Default Page "It works" when entering the address and port for my traccar server.
The apache conf into traccar.xml was a mistake and has been rectified. For more experienced guys my problem is probably easily fixed, but for me I´m stuck. I´m not posting questions here frivolously, I have searched internet seriously. I just don´t understand what to change to make it work. We all have been there haven´t we?
These are my exact conf files in Apache, any help deciphering and suggestions regarding changes is much appreciated! More files cvan be provided if needed.
etc/apache2/sites-enabled/traccar.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName localhost
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ProxyPass /api/socket ws://localhost:8082/api/socket
ProxyPassReverse /api/socket ws://localhost:8082/api/socket
ProxyPass / http://localhost:8082/
ProxyPassReverse / http://localhost:8082/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
</IfModule>etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noetetc/apache2/apache2.conf
...
Any help is much appreciated!
Maybe also this can help deciphering whats wrong..
/var/log/apache2/error.log
[Thu Jul 06 22:52:08.642920 2017] [mpm_event:notice] [pid 6272:tid 1996349440] AH00489: Apache/2.4.10 (Raspbian) configured -- resuming normal operations
[Thu Jul 06 22:52:08.643279 2017] [core:notice] [pid 6272:tid 1996349440] AH00094: Command line: '/usr/sbin/apache2'
[Thu Jul 06 22:53:15.985676 2017] [mpm_event:notice] [pid 6272:tid 1996349440] AH00491: caught SIGTERM, shutting down
[Thu Jul 06 22:53:17.377208 2017] [mpm_event:notice] [pid 6516:tid 1995689984] AH00489: Apache/2.4.10 (Raspbian) OpenSSL/1.0.1t configured -- resuming normal operations
[Thu Jul 06 22:53:17.377580 2017] [core:notice] [pid 6516:tid 1995689984] AH00094: Command line: '/usr/sbin/apache2'
[Thu Jul 06 22:55:24.097572 2017] [mpm_event:notice] [pid 6516:tid 1995689984] AH00491: caught SIGTERM, shutting down
[Thu Jul 06 22:55:25.441041 2017] [ssl:warn] [pid 6657:tid 1996279808] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Thu Jul 06 22:55:25.484033 2017] [ssl:warn] [pid 6658:tid 1996279808] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Thu Jul 06 22:55:25.486923 2017] [mpm_event:notice] [pid 6658:tid 1996279808] AH00489: Apache/2.4.10 (Raspbian) OpenSSL/1.0.1t configured -- resuming normal operations
[Thu Jul 06 22:55:25.487047 2017] [core:notice] [pid 6658:tid 1996279808] AH00094: Command line: '/usr/sbin/apache2'
[Fri Jul 07 00:09:36.402046 2017] [mpm_event:notice] [pid 6658:tid 1996279808] AH00491: caught SIGTERM, shutting down
[Fri Jul 07 00:09:37.720095 2017] [ssl:warn] [pid 8260:tid 1996234752] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jul 07 00:09:37.764264 2017] [ssl:warn] [pid 8261:tid 1996234752] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jul 07 00:09:37.767120 2017] [mpm_event:notice] [pid 8261:tid 1996234752] AH00489: Apache/2.4.10 (Raspbian) OpenSSL/1.0.1t configured -- resuming normal operations
[Fri Jul 07 00:09:37.767245 2017] [core:notice] [pid 8261:tid 1996234752] AH00094: Command line: '/usr/sbin/apache2'
[Fri Jul 07 00:33:36.335069 2017] [mpm_event:notice] [pid 8261:tid 1996234752] AH00491: caught SIGTERM, shutting down
[Fri Jul 07 00:33:37.660026 2017] [ssl:warn] [pid 8431:tid 1996374016] AH01909: traccar.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jul 07 00:33:37.703486 2017] [ssl:warn] [pid 8432:tid 1996374016] AH01909: traccar.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jul 07 00:33:37.706696 2017] [mpm_event:notice] [pid 8432:tid 1996374016] AH00489: Apache/2.4.10 (Raspbian) OpenSSL/1.0.1t configured -- resuming normal operations
[Fri Jul 07 00:33:37.706832 2017] [core:notice] [pid 8432:tid 1996374016] AH00094: Command line: '/usr/sbin/apache2'
[Fri Jul 07 00:35:20.130578 2017] [mpm_event:notice] [pid 8432:tid 1996374016] AH00491: caught SIGTERM, shutting down
[Fri Jul 07 00:35:21.454170 2017] [ssl:warn] [pid 8553:tid 1995841536] AH01909: traccar:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jul 07 00:35:21.497669 2017] [ssl:warn] [pid 8554:tid 1995841536] AH01909: traccar:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jul 07 00:35:21.500521 2017] [mpm_event:notice] [pid 8554:tid 1995841536] AH00489: Apache/2.4.10 (Raspbian) OpenSSL/1.0.1t configured -- resuming normal operations
[Fri Jul 07 00:35:21.500642 2017] [core:notice] [pid 8554:tid 1995841536] AH00094: Command line: '/usr/sbin/apache2'
[Fri Jul 07 00:37:09.919858 2017] [mpm_event:notice] [pid 8554:tid 1995841536] AH00491: caught SIGTERM, shutting down
[Fri Jul 07 00:37:11.230046 2017] [ssl:warn] [pid 8676:tid 1995677696] AH01909: 185.147.237.177:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jul 07 00:37:11.273160 2017] [ssl:warn] [pid 8677:tid 1995677696] AH01909: 185.147.237.177:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jul 07 00:37:11.276048 2017] [mpm_event:notice] [pid 8677:tid 1995677696] AH00489: Apache/2.4.10 (Raspbian) OpenSSL/1.0.1t configured -- resuming normal operations
[Fri Jul 07 00:37:11.276167 2017] [core:notice] [pid 8677:tid 1995677696] AH00094: Command line: '/usr/sbin/apache2'
[Fri Jul 07 00:39:23.547338 2017] [mpm_event:notice] [pid 8677:tid 1995677696] AH00493: SIGUSR1 received. Doing graceful restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
[Fri Jul 07 00:39:23.599444 2017] [ssl:warn] [pid 8677:tid 1995677696] AH01909: 185.147.237.177:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jul 07 00:39:23.600006 2017] [mpm_event:notice] [pid 8677:tid 1995677696] AH00489: Apache/2.4.10 (Raspbian) OpenSSL/1.0.1t configured -- resuming normal operations
[Fri Jul 07 00:39:23.600045 2017] [core:notice] [pid 8677:tid 1995677696] AH00094: Command line: '/usr/sbin/apache2'
[Fri Jul 07 00:41:34.529014 2017] [mpm_event:notice] [pid 8677:tid 1995677696] AH00493: SIGUSR1 received. Doing graceful restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
[Fri Jul 07 00:41:34.574682 2017] [ssl:warn] [pid 8677:tid 1995677696] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jul 07 00:41:34.575334 2017] [mpm_event:notice] [pid 8677:tid 1995677696] AH00489: Apache/2.4.10 (Raspbian) OpenSSL/1.0.1t configured -- resuming normal operations
[Fri Jul 07 00:41:34.575387 2017] [core:notice] [pid 8677:tid 1995677696] AH00094: Command line: '/usr/sbin/apache2'Again, any help is much appreciated!
It seems like you have an issue with your certificate. Anyway, I would recommend to ask on Apache forums. Your issue is NOT with Traccar.
Dear Anton.
What am I doing wrong?
I have been following your tutorial: https://www.traccar.org/secure-connection/
I have the certificates and everything ok, but when I open the URL mydomain.com I see the "Debian Apache2 Debian Default Page" instead the automatically redirect to mydomain.com:8082 with https.
Thanks
ortigonover,
I know this is an old post but the issue is with Apache conf file example in the Traccar Https Tutorial. In the Apache conf file, delete "DocumentRoot /var/www/html", save the file then sudo service apache2 restart. That specific line directs inbound request to that directory instead of proxying it to the Traccar server. And as you don't have any index.html or whatever php file, then it defaults to the web server.
The issue is not related to the Traccar server itself........it is instead related to the Traccar staff who wrote that guide.
Hope this help others as the Traccar https tutorial has not been updated......in the last 2 years.
Server has HTTPS enabled via the proxy method, we then tried adding an Android client with encryption enabled which gave the following errors:
So we disabled encryption on the client and it was able to connect correctly via 5055:
We then made the following addition to "/etc/apache2/sites-available/traccar.conf"
And restarted Apache, re-enabled encryption on the client and everything looks good. But checking the logs we now get:
And after a few minutes the client goes into an "unknown" state. So what is the correct method for allowing clients to connect with encryption given the site is setup with HTTPS?
Thanks!