On 14/12/2018 19:05, Landry Breuil wrote:
Here's a slightly cleaned up one. Comments inline, new tar.gz attached.This version starts fine on 6.3 (yeah; i know) in a quick test, proxyfied by nginx. Now i need to figure out this websocket stuff and how to push some data to it.
For nginx in https mode:
location / {
proxy_pass http://127.0.0.1:8082/;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
proxy_connect_timeout 43200000;
proxy_send_timeout 43200000;
proxy_read_timeout 43200000;
proxy_redirect off;
proxy_set_header Proxy "";
proxy_cookie_path /api "/api; secure; HttpOnly";
}
the worrying thing: the java process listens on 169 tcp ports and 34 udp ports. this feels crazy, so i'll have to look into upstream docs.
Ports are in default.xml. The problem (that has been extensively discussed with the main dev) is that it's not trivial to make overrides in traccar.xml to only listen on requested ports. But this may happen in a later version. In fact there is one port for each protocol, and those may be be in tcp or udp depending on the device and its config. I firewall those I don't use.
: -@newuser _traccar:824:_traccar:daemon:Traccar user:${PREFIX}/share/traccar/:/sbin/nologin : +@newuser _traccar:824:_traccar:daemon:Traccar user:${PREFIX}/share/traccar:/sbin/nologinIs this $HOME necessary so that it finds its assets or var/empty would be better ? minimal testing here seems to show its fine with /var/empty but if there are valid reasons for it..
I have more or less hardcoded the assets in the patch for default.xml. I haven't tested it extensively with /var/empty, but it could indeed be changed.
smime.p7s
Description: S/MIME Cryptographic Signature
