Tutorial: How to secure Traccar with SSL / HTTPS for free, using IIS and Let’s Encrypt on Windows Server

Turbovix4 years ago

Yes, I realized that this is a reverse proxy, however you could already have used the occasion and have installed and configured the use of HTTPS protocol.

Freekers4 years ago

I don't understand what you mean by 'used the occasion and have installed and configured the use of HTTPS protocol.' Please elaborate.

Sascha 4 years ago

Hello,
I have implemented everything exactly as in the descriptions and get the websocke error with every browser over https.
Can someone help me?

greetingss

Deichsel4 years ago

Hello,
I have installed Windows Server 2019 Standard, IIS 10, url rewrite 2.1, application request routing 3.0 and followed your description but get also the web socket error with firefox and internet explorer. The additional configuration with the HTTP_SEC_WEBSOCKET_EXTENSIONS variable will not fix the problem. So whta can I do or can you help me to fix this?

regards from germany!

Lukáš Hladík4 years ago

The sloution for https and wss connection i found:

First add the server variable to IIS manager: Your site > URL Rewrite > View Server Variables… > Add: HTTP_SEC_WEBSOCKET_EXTENSIONS

Then add the variable to the inbound rule that forwards requests to Traccar. This is my rule in web.config:

  <rules>
    <!-- if you want to use https only -->
    <rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
       <match url="(.*)" />
       <conditions>
          <add input="{HTTPS}" pattern="^OFF$" />
       </conditions>
       <action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
    </rule>
    <!-- the trick is here -->
    <rule name="Forward to Traccar" stopProcessing="true">
       <match url="(.*)" />
       <action type="Rewrite" url="http://localhost:8082/{R:0}" logRewrittenUrl="true" />
       <serverVariables>
          <set name="HTTP_SEC_WEBSOCKET_EXTENSIONS" value="" />
       </serverVariables>
    </rule>
  </rules>

You can also add the variable to the inbound rule with IIS-Manager, but it forces you to enter a value. You still end up with editing web.config to clear the value.

Thomas Nelson6 months ago

Following the instructions here the modern interface still didnt work. Here is my final config that got the websocket working as well.
NOTE: You must install the websocket protocol feature in IIS via Add Roles and Features.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
   <system.webServer>
      <rewrite>
         <outboundRules>
            <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" enabled="true" stopProcessing="true">
               <match filterByTags="A, Form, Img" pattern="^http(s)?://localhost:8082/(.*)" />
               <action type="Rewrite" value="http{R:1}://yourdomain.com/{R:2}" />
            </rule>

            <preConditions>
               <preCondition name="ResponseIsHtml1">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
               </preCondition>
            </preConditions>
         </outboundRules>
         <rules>
                <clear />
                <rule name="Web Socket Reverse" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="ws://yourdomain.com*" ignoreCase="true" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
                    <action type="Rewrite" url="ws://localhost:8082{R:1}" appendQueryString="false" logRewrittenUrl="true" />
                    <serverVariables>
                        <set name="HTTP_SEC_WEBSOCKET_EXTENSIONS" value="" />
                    </serverVariables>
                </rule>
                <rule name="Web Socket SSH Reverse" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="wss://yourdomain.com*" ignoreCase="true" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
                    <action type="Rewrite" url="wss://localhost:8082{R:1}" appendQueryString="false" logRewrittenUrl="true" />
                    <serverVariables>
                        <set name="HTTP_SEC_WEBSOCKET_EXTENSIONS" value="" />
                    </serverVariables>
                </rule>
            <rule name="ReverseProxyInboundRule1" stopProcessing="false">
               <match url="(.*)" />
               <action type="Rewrite" url="http://localhost:8082/{R:1}" />
                    <serverVariables>
                        <set name="HTTP_SEC_WEBSOCKET_EXTENSIONS" value="" />
            </serverVariables>
            </rule>
         </rules>
      </rewrite>
      <urlCompression doStaticCompression="false" doDynamicCompression="false" />
      <httpRedirect enabled="false" destination="https://yourdomain.com" exactDestination="false" httpResponseStatus="PermRedirect" />
        <tracing>
            <traceFailedRequests>
                <add path="*">
                    <traceAreas>
                        <add provider="WWW Server" areas="Rewrite" verbosity="Verbose" />
                    </traceAreas>
                    <failureDefinitions timeTaken="00:00:00" statusCodes="200-399" />
                </add>
            </traceFailedRequests>
        </tracing>
   </system.webServer>
</configuration>
tedi.sky993 months ago

hi..
I use windows server 2016
traccar version 5.3
localhost:8082
I succeed use iis from localhost:8082 to mydomain.com
but when we login to the web mydomain.com
I didnt see GPS/ car icon on the map.
how to fix this ? thanks before guys

irfan atatuzun16 days ago

Traccar web notifications are not working with port 80 or 443 after iis reverse proxy. Web notifications only work when default port 8082 is used. Any suggestions how to resolve this issue while using iis reverse proxy ?

irfan atatuzun7 days ago

problem solved.
follow this link its not being mentioned in this post but has to be done in order to make pop ups work

https://www.oxygenxml.com/doc/versions/24.1.0/ug-waCustom/topics/WA-websocket.html