cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
04b1f33fc5
openbsd-ports/geo/traccar/pkg
History
sthen b72385bec1 Update to traccar-4.7, from Renaud Allard. First run after updating will 
be a little slower to start as it applies schema updates (adds a missing
index that was responsible for slow reports).

Point at login.conf fd limits in the pkg-readme, written by Renaud at
my request (I discovered them the hard way ;) with a little tweak by me.
2020-01-22 21:39:07 +00:00
..
DESCR
PLIST Update to traccar-4.7, from Renaud Allard. First run after updating will 2020-01-22 21:39:07 +00:00
README Update to traccar-4.7, from Renaud Allard. First run after updating will 2020-01-22 21:39:07 +00:00
traccar.rc

README 

+-----------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------

Web Interface
=============

The default configuration makes traccar UI listen on localhost only.
The recommended way to access the service from the outside world is to use a
reverse proxy with SSL enabled.

The following is an example using nginx as an SSL reverse proxy:

server {
	add_header Cache-Control no-cache;
	add_header x-frame-options SAMEORIGIN;
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";

	listen	443;
	listen	[::]:443;

	expires 31d;
	ssl On;
	ssl_certificate fullcert_nokey.pem;
	ssl_certificate_key privkey.pem;

	location / {
		proxy_pass http://127.0.0.1:8082/;
		proxy_set_header Host $host;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_buffering     off;
		proxy_connect_timeout 1d;
		proxy_send_timeout    1d;
		proxy_read_timeout    1d;
		proxy_redirect off;
		proxy_set_header Proxy "";
		proxy_cookie_path /api "/api; secure; HttpOnly";
	}
}

Open Network Ports
==================

By default, traccar will listen on many network ports. Each tracker protocol
requires its own open port. So you should really block those ports using pf and
only allow the protocols you actually use.

You can also restrict the open ports by altering the default.xml file and remove
all the protocols you don't use. However, the default.xml file will change on
almost every revision, so if you do that you should do it on a copy of
default.xml and reference that copy in traccar.xml configuration file. Also, you
should ensure that at every upgrade, you track the changes in default.xml as
the file contains important informations about SQL queries. This is definitely
more complex than firewalling the unused ports.

File-descriptor limits
======================

The default file-descriptor limit is likely to be too small for non-trivial
use of traccar. One file handle is needed for every open file, listening port
or active network connection.

To raise the open file descriptor limit for traccar, add the following to
the login.conf(5) file:

	traccar:\
		:openfiles=4096:\
		:tc=daemon:

Rebuild the login.conf.db file if necessary:

	# [ -f /etc/login.conf.db ] && cap_mkdb /etc/login.conf