Tutorial: How to secure Traccar with SSL / HTTPS for free, using IIS and Let’s Encrypt on Windows Server

Turbovix4 years ago

Yes, I realized that this is a reverse proxy, however you could already have used the occasion and have installed and configured the use of HTTPS protocol.

Freekers4 years ago

I don't understand what you mean by 'used the occasion and have installed and configured the use of HTTPS protocol.' Please elaborate.

Sascha 3 years ago

Hello,
I have implemented everything exactly as in the descriptions and get the websocke error with every browser over https.
Can someone help me?

greetingss

Deichsel3 years ago

Hello,
I have installed Windows Server 2019 Standard, IIS 10, url rewrite 2.1, application request routing 3.0 and followed your description but get also the web socket error with firefox and internet explorer. The additional configuration with the HTTP_SEC_WEBSOCKET_EXTENSIONS variable will not fix the problem. So whta can I do or can you help me to fix this?

regards from germany!

Lukáš Hladík3 years ago

The sloution for https and wss connection i found:

First add the server variable to IIS manager: Your site > URL Rewrite > View Server Variables… > Add: HTTP_SEC_WEBSOCKET_EXTENSIONS

Then add the variable to the inbound rule that forwards requests to Traccar. This is my rule in web.config:

  <rules>
    <!-- if you want to use https only -->
    <rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
       <match url="(.*)" />
       <conditions>
          <add input="{HTTPS}" pattern="^OFF$" />
       </conditions>
       <action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
    </rule>
    <!-- the trick is here -->
    <rule name="Forward to Traccar" stopProcessing="true">
       <match url="(.*)" />
       <action type="Rewrite" url="http://localhost:8082/{R:0}" logRewrittenUrl="true" />
       <serverVariables>
          <set name="HTTP_SEC_WEBSOCKET_EXTENSIONS" value="" />
       </serverVariables>
    </rule>
  </rules>

You can also add the variable to the inbound rule with IIS-Manager, but it forces you to enter a value. You still end up with editing web.config to clear the value.

Thomas Nelson2 months ago

Following the instructions here the modern interface still didnt work. Here is my final config that got the websocket working as well.
NOTE: You must install the websocket protocol feature in IIS via Add Roles and Features.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
   <system.webServer>
      <rewrite>
         <outboundRules>
            <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" enabled="true" stopProcessing="true">
               <match filterByTags="A, Form, Img" pattern="^http(s)?://localhost:8082/(.*)" />
               <action type="Rewrite" value="http{R:1}://yourdomain.com/{R:2}" />
            </rule>

            <preConditions>
               <preCondition name="ResponseIsHtml1">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
               </preCondition>
            </preConditions>
         </outboundRules>
         <rules>
                <clear />
                <rule name="Web Socket Reverse" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="ws://yourdomain.com*" ignoreCase="true" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
                    <action type="Rewrite" url="ws://localhost:8082{R:1}" appendQueryString="false" logRewrittenUrl="true" />
                    <serverVariables>
                        <set name="HTTP_SEC_WEBSOCKET_EXTENSIONS" value="" />
                    </serverVariables>
                </rule>
                <rule name="Web Socket SSH Reverse" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="wss://yourdomain.com*" ignoreCase="true" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
                    <action type="Rewrite" url="wss://localhost:8082{R:1}" appendQueryString="false" logRewrittenUrl="true" />
                    <serverVariables>
                        <set name="HTTP_SEC_WEBSOCKET_EXTENSIONS" value="" />
                    </serverVariables>
                </rule>
            <rule name="ReverseProxyInboundRule1" stopProcessing="false">
               <match url="(.*)" />
               <action type="Rewrite" url="http://localhost:8082/{R:1}" />
                    <serverVariables>
                        <set name="HTTP_SEC_WEBSOCKET_EXTENSIONS" value="" />
            </serverVariables>
            </rule>
         </rules>
      </rewrite>
      <urlCompression doStaticCompression="false" doDynamicCompression="false" />
      <httpRedirect enabled="false" destination="https://yourdomain.com" exactDestination="false" httpResponseStatus="PermRedirect" />
        <tracing>
            <traceFailedRequests>
                <add path="*">
                    <traceAreas>
                        <add provider="WWW Server" areas="Rewrite" verbosity="Verbose" />
                    </traceAreas>
                    <failureDefinitions timeTaken="00:00:00" statusCodes="200-399" />
                </add>
            </traceFailedRequests>
        </tracing>
   </system.webServer>
</configuration>