Forget aout Life360. OwnTracks on TrueNAS: Your Private Location Server

Andrzej Majewski Written in Serwer www, Linux EN, Nginx, OwnTracks EN, Uncategorized

Linux devotee and Bournemouth-based IT expert, obsessed with homelabbing, server performance, and elegant Python code.

Table of Contents

Toggle

Nowadays, many people use location tracking apps like Life360 to know where family members are. They are convenient, but they involve giving your location data to a third-party company. OwnTracks is an open-source alternative that allows you to create your own private location server, giving you full control over your data.

In this guide, we’ll show you how to install and configure OwnTracks on a TrueNAS SCALE server using the “Custom App” feature. We’ll focus on the simpler HTTP communication mode, which has proven less problematic in container environments than MQTT with WebSockets. We’ll also configure secure external access using Nginx Proxy Manager and Cloudflare.

OwnTracks vs. Life360: A Brief Comparison

Before we start, it’s worth understanding the key differences:

OwnTracks:

• Pros:
  • Privacy: Your location data is stored only on your server. No one else has access to it.
  • Control: Full control over the server, data, and how it’s used.
  • Free and Open Source: No subscription fees, the source code is open.
  • Flexibility: Can be integrated with other home automation systems (e.g., Home Assistant).
• Cons:
  • Requires Your Own Server: You need to own and manage a server (like TrueNAS).
  • Configuration: Installation and setup require some technical knowledge (which you’ll gain in this guide!).
  • Lacks Some Social Features: Less polished interface and lacks some features known from Life360 (e.g., driving reports, crash detection – although this might also be a privacy advantage).

Life360:

• Pros:
  • Ease of Use: Very simple installation and setup.
  • Rich Features: Additional options like crash detection, driving reports, SOS buttons.
  • Doesn’t Require Your Own Server: Everything runs in the cloud.
• Cons:
  • Privacy: Your location data is stored and processed by a third-party company, which may analyse or share it.
  • Costs: Many advanced features require a paid subscription.
  • Lack of Control: You depend on the company’s privacy policy and service operation.

If you value privacy and already have a TrueNAS server, OwnTracks is an excellent choice.

Prerequisites

Before you start, make sure you have:

1. TrueNAS SCALE System: This guide is for the SCALE version.
2. An Internet Domain: You’ll need your own domain (e.g., yourdomain.com).
3. Access to Domain DNS Management: We’ll use Cloudflare in this guide.
4. Nginx Proxy Manager: Installed and running as an app on TrueNAS.
5. Public IP Address: Or a configured Dynamic DNS (DDNS).
6. (Recommended) Port Forwarding: Ports 80 and 443 forwarded to the IP address of your Nginx Proxy Manager on your local network.

Step 1: Installing Components on TrueNAS

In this setup, we need two applications running as containers:

1. Mosquitto: The MQTT broker. Although we’ll use HTTP mode for sending data from phones, owntracks/recorder still requires a connection to an MQTT broker for its internal operation. We’ll configure it to allow anonymous connections from the local network.
2. OwnTracks Recorder: The application that receives data (via HTTP) and provides the web interface with the map.

Installing Mosquitto

1. Go to Apps: In the TrueNAS interface, navigate to Apps.
2. Find Mosquitto: Search for the Mosquitto app (usually available in the TrueCharts catalogue) and click Install.
3. Mosquitto Configuration:
   • Application Name: e.g., mosquitto
   • Eclipse Mosquitto Configuration:
     • Timezone: Select your time zone.
     • Enable Persistence: Tick this to keep data between restarts.
     • Allow Anonymous: Tick this. Since Mosquitto won’t be exposed externally, and communication with OwnTracks Recorder happens on the local network, we can simplify the setup by allowing anonymous connections.
   • User and Group Configuration: You can leave the defaults (e.g., 568).
   • Network Configuration:
     • Broker Port: Ensure the Port Number is 1883. Do not expose this port externally (don’t forward it on your router or configure it in NPM).
     • Web Sockets Port: You can leave the default or disable it. It’s not needed for this configuration.
   • Storage Configuration:
     • Configure Host Path for Mosquitto Data Storage and Mosquitto Config Storage, having created appropriate datasets beforehand (e.g., /mnt/YOUR_POOL/apps/mosquitto/data and /mnt/YOUR_POOL/apps/mosquitto/config). Ensure the apps group has write permissions for them.
   • (Skip) The Security Configuration section or adding users is not needed if you ticked Allow Anonymous.
   • Resources Configuration: Set low limits, Mosquitto is very lightweight:
     • Limits CPUs: 0.25
     • Memory (in MB): 128
   • Click Install. After a moment, the mosquitto app should show as Running.

Installing OwnTracks Recorder (Custom App)

1. Select Custom App: Go back to Apps -> Discover Apps -> Custom App.
2. Basic Configuration:
   • Application Name: owntracks
3. Image Configuration:
   • Repository: owntracks/recorder
   • Tag: latest
   • Pull Policy: Pull image if not already present...
4. Container Configuration:
   • Timezone: Select your time zone.
   • Environment Variables: Click Addfour times to add the variables:
     • For connecting to Mosquitto (anonymous mode):
       • Name: OTR_MQTT_HOSTValue: Enter the IP address of your TrueNAS server (e.g., 192.168.0.13). Not localhost!
       • Name: OTR_MQTT_PORTValue: 1883
       • (Remove/Do Not Add) OTR_MQTT_USER and OTR_MQTT_PASS are not needed.
     • For HTTP /pub authentication:
       • Name: OTR_USERValue: Choose a username for HTTP (e.g., admin_owntracks). Important: Use only letters and numbers!
       • Name: OTR_PASSValue: Choose a strong password for HTTP. Important: Use only letters and numbers! Avoid special characters.
   • Restart Policy: Change to Always.
5. Network Configuration:
   • Click Add next to Ports.
   • Container Port: 8083
   • Node Port: e.g., 38083 (make sure it’s free).
   • Protocol: TCP
6. Storage Configuration:
   • Create Datasets: /mnt/YOUR_POOL/apps/owntracks/config and /mnt/YOUR_POOL/apps/owntracks/store.
   • Set Permissions: The apps group must have write permission.
   • Add Volumes:
     • /config -> Host Path to the config dataset.
     • /store -> Host Path to the store dataset.
7. Resources Configuration:
   • Enable Resource Limits: Ticked.
   • Limits CPUs: 0.5 or 1.
   • Memory (in MB): 256 or 512.
8. (Optional) Portal Configuration: Configure as before, using the Node Port (e.g., 38083).*
9. Installation: Click Install. The owntracks app should start and connect anonymously to mosquitto. Check the logs of both apps to ensure there are no Connection refused errors. You should see a connection without a username in the Mosquitto logs.

Step 2: Cloudflare Configuration

Ensure you have an A DNS record for the subdomain you want to use (e.g., owntracks), pointing to your public IP address. Crucially:

• Proxy status: Must be set to DNS only (grey cloud). If it’s orange (“Proxied”), you might encounter connection issues or need to set the Cloudflare SSL/TLS mode to “Full (Strict)”.

Step 3: Nginx Proxy Manager (NPM) Configuration

The configuration remains the same as before:

1. Create an Access List (Access Lists) with a user and password to protect the map.
2. Create a Proxy Host:
   • Details: Domain (owntracks.yourdomain.com), Scheme http, Forward IP (TrueNAS IP), Forward Port (38083), enable Block Common Exploits and Websockets Support.
   • SSL: Select a valid certificate (preferably via DNS Challenge), enable Force SSL, HTTP/2, HSTS.
   • Access List: Select the access list you created.
   • Save.

Step 4: Mobile App Configuration (iOS/Android)

The mobile app configuration also remains the same:

1. Download and install the OwnTracks app.
2. Connection Settings:
   • Mode: HTTP.
   • URL: https://owntracks.yourdomain.com/pub
   • Authentication: Enabled.
   • UserID: The username from OTR_USER.
   • Password: The password from OTR_PASS (only letters/numbers).
3. Identification Settings:
   • UserID: Unique name for the person (e.g., john).
   • DeviceID: Unique name for the device (e.g., johns_phone).
   • (Optional) TrackerID (tid): Short identifier (e.g., J).
4. Save Settings.

Step 5: Choosing the Monitoring Mode

The OwnTracks app offers several location reporting modes, differing in update frequency and battery consumption. You can adjust these in the mobile app settings (usually under Preferences -> Reporting or similar):

• Significant Location Change Mode:
  • How it works: Relies on the phone’s OS (iOS/Android) to notify the app about significant location changes (e.g., changing mobile towers). The OS decides what is “significant”.
  • Pros: Most battery-efficient. Ideal if you don’t need real-time tracking, just general movement information.
  • Cons: Updates can be infrequent and less precise. Location might not update for long periods if the phone doesn’t deem the change “significant”.
• Move Mode:
  • How it works: Uses the phone’s motion sensors (accelerometer) to detect movement. When movement is detected, it checks GPS more frequently and sends updates. When stationary, it enters a power-saving mode.
  • Pros: Good compromise between accuracy and battery usage. Provides more frequent updates during travel.
  • Cons: Uses more battery than Significant Change mode, especially with frequent movement.
• Manual Mode:
  • How it works: Sends a location update only when you manually press the “Publish” button in the app.
  • Pros: Full control over when your location is shared. Minimal battery drain related to tracking.
  • Cons: No automatic tracking. Requires user interaction.

Choose the mode based on your needs. For most users, Move Mode offers the best balance.

Security Aspects

Since you’re hosting your own location server, security is crucial. Here’s how we’ve addressed it in this setup:

1. Transport Encryption (TLS/SSL):
   • Using Nginx Proxy Manager with a Let’s Encrypt certificate ensures all communication happens over HTTPS, protecting data from eavesdropping in transit.
   • Enable Force SSL in NPM.
2. Endpoint Authentication (/pub):
   • The OTR_USER and OTR_PASS variables in the owntracks/recorder container enable HTTP Basic Auth, requiring a login and password to send data.
   • Use a strong password without special characters.
3. Map Access Protection:
   • The Access List in Nginx Proxy Manager adds a second authentication layer required just to view the map.
4. Local Mosquitto Communication:
   • The Mosquitto broker is configured to accept anonymous connections, but it is not exposed externally. Only the owntracks/recorder container on the same internal TrueNAS network can access it, minimising risk.
5. Data Control:
   • Your data never leaves your server. You have full control.
6. (Optional) End-to-End Encryption (Payload Encryption):
   • You can enable payload encryption in the mobile app (Secret encryption key). Data will be stored encrypted on the server. This requires manual decryption client-side or in integrated systems.

Information about Quick Setup

The OwnTracks documentation mentions an installation method called “Quick Setup”. This is a set of scripts primarily designed for rapidly deploying a complete OwnTracks environment (MQTT + Recorder) on a standard VPS server (e.g., Debian, Ubuntu).

Why didn’t we use Quick Setup on TrueNAS?

• Container Management: TrueNAS SCALE has its own integrated application (container) management system. Using “Custom App” and official apps (like Mosquitto from TrueCharts) provides better integration with the TrueNAS UI, resource management, updates, and storage in a way native to the system.
• Flexibility: The “Custom App” method offers more control over the configuration of individual components and resources.
• Environment: Quick Setup scripts are optimised for typical Linux systems on a VPS, not the specific environment of TrueNAS SCALE.

Installation via “Custom App” and catalogue apps is more suitable for TrueNAS SCALE.

Adding Family Members

Repeat Step 4 on the family member’s phone:

• Use the same details in the Connection section (URL, OTR_USER, OTR_PASS).
• Set unique values in the Identification section (UserID, DeviceID, TrackerID).

Troubleshooting

• App not connecting (HTTP):
  • Check the URL (/pub!), UserID, Password (no special chars!).
  • Check Cloudflare DNS record status (“DNS only”).
  • Check owntracks container logs and mobile app logs.
• Connection refused errors in owntracks logs:
  • Ensure the Mosquitto container is running.
  • Check that OTR_MQTT_HOST and OTR_MQTT_PORT in the owntracks config point to the correct TrueNAS IP and port (1883). Ensure there are no OTR_MQTT_USER or OTR_MQTT_PASS variables.
• Cannot see map (401, 403 error):
  • Log in to the map using the credentials from the Access List in NPM.
• Cannot see map (502, 504 error):
  • Check if the owntracks container is running.
  • Check the Proxy Host configuration in NPM.

Summary

Congratulations! You’ve configured your own private OwnTracks location server on TrueNAS. The simplified Mosquitto configuration with anonymous local access, combined with HTTP communication and Nginx Proxy Manager security, provides a convenient and secure solution. Enjoy having control over your location data!

Andrzej Majewski

My fascination with technology began during my IT studies at the University of Zielona Góra. Since relocating to the UK in 2015 and settling permanently in Bournemouth, I’ve turned that passion into a career dedicated to high-performance infrastructure. I am a Linux enthusiast at heart, a commitment that extends from my professional work at SolutionsInc to my extensive personal homelab. Whether I’m managing complex server architectures via ISPConfig, building VoIP systems with Phones Rescue, or developing automation tools in Python, I thrive on the challenge of crafting efficient, open-source solutions. In 2015, I moved to the UK permanently to expand my professional horizons. Since then, I have established and grown three specialist brands: SolutionsInc (focused on ERPNext systems), SolutionsWeb (bespoke WordPress development and hosting), and Phones Rescue (professional FreePBX-based VoIP solutions).With over 20 years of hands-on technical experience, I pride myself on bridging the gap between complex engineering and practical business efficiency for my clients.