How to setup Owntracks with Traefik reverse proxy (HTTP mode) in only 3 minutes

Owntracks is one of the few open-source location tracking apps that are available for both Android and iOS. It’s a great way to track your location and share it with others.

For the Traefik setup, see Simple Traefik docker-compose setup with Lets Encrypt Cloudflare DNS-01 & TLS-ALPN-01 & HTTP-01 challenges

First, create docker-compose.yml

services:
  otrecorder:
    image: owntracks/recorder
    volumes:
      - ./otrecorder_config:/config
      - ./otrecorder_store:/store
    environment:
      OTR_HOST: "mosquitto"
      OTR_USER: "otrecorder"
      OTR_PASS: "${MOSQUITTO_OTRECODER_PASSWORD}"
    depends_on:
      - mosquitto
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.owntracks.rule=Host(`owntracks.mydomain.com`)"
      - "traefik.http.routers.owntracks.entrypoints=websecure"
      - "traefik.http.routers.owntracks.tls.certresolver=cloudflare-ec384"
      - "traefik.http.routers.owntracks.tls.domains[0].main=mydomain.com"
      - "traefik.http.routers.owntracks.tls.domains[0].sans=*.mydomain.com"
      - "traefik.http.services.owntracks.loadbalancer.server.port=8083"
      - "traefik.http.middlewares.owntracks-compress.compress=true"
      - "traefik.http.routers.owntracks.middlewares=owntracks-compress,owntracks-auth"
      - "traefik.http.middlewares.owntracks-auth.basicauth.users=owntracks:$$apr1$$WE6pu5/y$90pvQQXZrTlFRpQGAKb15.

    restart: unless-stopped

  mosquitto:
    image: eclipse-mosquitto
    volumes:
      - ./mosquitto_data:/mosquitto/data
      - ./mosquitto_logs:/mosquitto/logs
      - ./mosquitto_config:/mosquitto/config
    restart: unless-stopped

Remember to replace mydomain.com with your actual domain!

You can use any certificate configuration. This example uses the DNS-01 challenge so we can obtain a wildcard certificate for *.mydomain.com (which can be shared with other subdomains). If you don’t need wildcard certificates, you can use the ALPN-01 challenge instead (HTTP-01 also works, but I always recommend ALPN-01 since it works so seamlessly with Traefik).

Creating the basic auth hashed password

Here, you need to replace the basic auth information with your own password ! This is a global password for the entire Owntracks instance.

Run

htpasswd -c /dev/stdout owntracks

Enter the password twice, it will output the following

New password: 
Re-type new password: 
Adding password for user owntracks
owntracks:$apr1$WE6pu5/y$90pvQQXZrTlFRpQGAKb15.

You need to replace every $ by $$ ! Do not forget this step!

Initializing Mosquitto

Mosquitto also needs a random password, which will be saved in .env. However in this configuration, we dont expose Mosquitto.

Create init.sh which mostly initializes Mosquitto.

#!/bin/sh
# Init script for Owntracks with Docker setup
mkdir -p mosquitto_config
cat << 'EOF' > mosquitto_config/mosquitto.conf
persistence true
persistence_location /mosquitto/data/
log_dest file /mosquitto/logs/mosquitto.log

listener 1883
## Authentication ##
# allow_anonymous false
password_file /mosquitto/config/mosquitto.passwd
EOF

# Generate random MQTT password
echo "MOSQUITTO_OTRECODER_PASSWORD=$(pwgen 30 1)" > .env

# Initialize Mosquitto password file
source .env
echo "${MOSQUITTO_OTRECODER_PASSWORD}"
docker-compose run mosquitto mosquitto_passwd -b -c /mosquitto/config/mosquitto.passwd otrecorder ${MOSQUITTO_OTRECODER_PASSWORD}
docker-compose run mosquitto chown root:root /mosquitto/config/mosquitto.passwd /mosquitto/config/mosquitto.conf
docker-compose run mosquitto chmod 0700 /mosquitto/config/mosquitto.conf
mkdir -p mosquitto_config
cat << 'EOF' > mosquitto_config/mosquitto.conf
persistence true
persistence_location /mosquitto/data/
log_dest file /mosquitto/logs/mosquitto.log

listener 1883
## Authentication ##
# allow_anonymous false
password_file /mosquitto/config/mosquitto.passwd
EOF

# Generate random MQTT password
echo "MOSQUITTO_OTRECODER_PASSWORD=$(pwgen 30 1)" > .env

# Initialize Mosquitto password file
source .env
echo "${MOSQUITTO_OTRECODER_PASSWORD}"
docker-compose run mosquitto mosquitto_passwd -b -c /mosquitto/config/mosquitto.passwd otrecorder ${MOSQUITTO_OTRECODER_PASSWORD}
docker-compose run mosquitto chown root:root /mosquitto/config/mosquitto.passwd /mosquitto/config/mosquitto.conf
docker-compose run mosquitto chmod 0700 /mosquitto/config/mosquitto.conf

Now run init.sh:

bash init.sh

Setting up autostart

Now I recommend to setup systemd-based autostart for your instance. Create a systemd service for your docker-compose project in 10 seconds :

curl -fsSL https://techoverflow.net/scripts/create-docker-compose-service.sh | sudo bash /dev/stdin

This will also start Owntracks immediately.

App setup

In the app, you need to configure it to HTTP mode and set an URL such as

https://owntracks.my-domain.com/pub

Don’t forget the /pub at the end!

Set the username and password to owntracks and the password you set up using htpasswd earlier.

For browser access, you can use https://owntracks.my-domain.com/ to access the web interface. As user, use owntracks and the password you set up using htpasswd earlier.

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow

Buy me a coffee