Secure Connection

Traccar serves web interface and API using regular HTTP protocol, which does not use any encryption. This guide provides instructions on how to configure Traccar to use secure HTTPS protocol with SSL/TLS encryption of all traffic. Examples are for Ubuntu Linux, but the general idea can be applied to all platforms. For Windows configuration using IIS check this forum thread.

Traccar does not support secure connection out of the box, but a proxy server can be used to tunnel all requests through a secure connection. In this guide we will use Apache server with a proxy module.

First, install the latest version of Apache server and enable required modules:

sudo add-apt-repository ppa:ondrej/apache2
sudo apt-get install ssl-cert apache2
sudo a2enmod ssl proxy_http proxy_wstunnel rewrite
sudo service apache2 restart

Next, add a new site configuration:

sudo nano /etc/apache2/sites-available/traccar.conf

Content for the site configuration (replace demo.traccar.org with your domain):

<VirtualHost *:80>
  ServerName demo.traccar.org
  Redirect / https://demo.traccar.org/
</VirtualHost>
<IfModule mod_ssl.c>
        <VirtualHost _default_:443>

                ServerName demo.traccar.org
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html

                ProxyPass /api/socket ws://localhost:8082/api/socket
                ProxyPassReverse /api/socket ws://localhost:8082/api/socket

                ProxyPass / http://localhost:8082/
                ProxyPassReverse / http://localhost:8082/

                SSLEngine on
                SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
                SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

        </VirtualHost>
</IfModule>

Next, disable the default site and enable the newly added configuration:

sudo a2dissite 000-default
sudo a2ensite traccar
sudo service apache2 restart

To get a valid SSL certificate you have to have a domain name. Check our documentation on how register and to configure a custom domain name with Traccar. If you don't own a domain name yet, we recommend Namesilo with consistently low prices both for new domains and renewals.

After a domain name is configured and pointing to the server you can generate a free SSL certificate for your server using Let's Encrypt:

sudo apt install certbot python3-certbot-apache
sudo certbot --apache

Follow the instructions from Certbot. Once the process is complete, you should have your server available via an HTTPS connection.

Traccar in subdirectory (non root path)

This part is only needed if you want to make your server available in a non root path. For example:

https://demo.traccar.org/gps/

Generally we recommend to avoid this and use a subdomain for Traccar instead.

If you want Traccar to be in a subdirectory, in additional to proxying requests, you also need to adjust cookies path. Here is a proxy configuration example:

ProxyRequests off

ProxyPass /gps/api/socket ws://localhost:8082/api/socket
ProxyPassReverse /gps/api/socket ws://localhost:8082/api/socket

ProxyPass /gps/ http://localhost:8082/
ProxyPassReverse /gps/ http://localhost:8082/
ProxyPassReverseCookiePath / /gps/

Redirect permanent /gps /gps/

Note that you also need to recompile the modern app for it to work correctly on a new path.