OK, here is a better one with the service listening on 127.0.0.1 by default. The README has been corrected to reflect this and the other cosmetic changes. And also the versioning corrected.
Index: Makefile
===================================================================
RCS file: /cvs/ports/geo/traccar/Makefile,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 Makefile
--- Makefile 16 Dec 2018 15:09:58 -0000 1.1.1.1
+++ Makefile 17 Dec 2018 12:01:17 -0000
@@ -2,6 +2,7 @@
COMMENT = modern GPS tracking platform
V = 4.2
+REVISION = 0
PKGNAME = traccar-${V}
DISTNAME = traccar-other-${V}
EXTRACT_SUFX = .zip
Index: patches/patch-conf_default_xml
===================================================================
RCS file: /cvs/ports/geo/traccar/patches/patch-conf_default_xml,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 patch-conf_default_xml
--- patches/patch-conf_default_xml 16 Dec 2018 15:09:58 -0000 1.1.1.1
+++ patches/patch-conf_default_xml 17 Dec 2018 12:01:17 -0000
@@ -1,18 +1,17 @@
-$OpenBSD: patch-conf_default_xml,v 1.1.1.1 2018/12/16 15:09:58 landry Exp $
-
Index: conf/default.xml
--- conf/default.xml.orig
+++ conf/default.xml
-@@ -12,7 +12,7 @@
+@@ -12,7 +12,8 @@
<entry key='web.enable'>true</entry>
<entry key='web.port'>8082</entry>
- <entry key='web.path'>./web</entry>
++ <entry key='web.address'>127.0.0.1</entry>
+ <entry key='web.path'>${LOCALBASE}/share/traccar/web</entry>
<entry key='web.cacheControl'>max-age=3600,public</entry>
<entry key='geocoder.enable'>false</entry>
-@@ -20,7 +20,7 @@
+@@ -20,7 +21,7 @@
<entry key='logger.enable'>true</entry>
<entry key='logger.level'>info</entry>
@@ -21,7 +20,7 @@ Index: conf/default.xml
<entry key='filter.enable'>true</entry>
<entry key='filter.future'>86400</entry>
-@@ -30,9 +30,10 @@
+@@ -30,17 +31,16 @@
<entry key='processing.computedAttributes.enable'>true</entry>
<entry key='processing.engineHours.enable'>true</entry>
@@ -30,10 +29,10 @@ Index: conf/default.xml
<entry key='notificator.types'>web,mail</entry>
+ <entry key='templates.rootPath'>${LOCALBASE}/share/traccar/templates</entry>
-
- <entry key='server.statistics'>https://www.traccar.org/analytics/</entry>
-
-@@ -40,7 +40,7 @@
+
+- <entry key='server.statistics'>https://www.traccar.org/analytics/</entry>
+-
+ <entry key='commands.queueing'>true</entry>
<entry key='database.ignoreUnknown'>true</entry>
<entry key='database.generateQueries'>true</entry>
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/geo/traccar/pkg/PLIST,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 PLIST
--- pkg/PLIST 16 Dec 2018 15:09:58 -0000 1.1.1.1
+++ pkg/PLIST 17 Dec 2018 12:01:17 -0000
@@ -12,6 +12,7 @@
@mode
@owner
@group
+share/doc/pkg-readmes/${PKGSTEM}
share/traccar/
share/traccar/conf/
share/traccar/conf/default.xml
Index: pkg/README
===================================================================
RCS file: pkg/README
diff -N pkg/README
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ pkg/README 17 Dec 2018 12:01:17 -0000
@@ -0,0 +1,58 @@
+
++-----------------------------------------------------------------------
+| Running ${PKGSTEM} on OpenBSD
++-----------------------------------------------------------------------
+
+Web Interface
+=============
+
+The default configuration makes traccar UI listen on localhost only.
+The recommended way to access the service from the outside world is to use a
+reverse proxy with SSL enabled.
+
+The following is an example using nginx as an SSL reverse proxy:
+
+server {
+ add_header Cache-Control no-cache;
+ add_header x-frame-options SAMEORIGIN;
+ add_header X-Content-Type-Options nosniff;
+ add_header X-XSS-Protection "1; mode=block";
+
+ listen 443;
+ listen [::]:443;
+
+ expires 31d;
+ ssl On;
+ ssl_certificate fullcert_nokey.pem;
+ ssl_certificate_key privkey.pem;
+
+ location / {
+ proxy_pass http://127.0.0.1:8082/;
+ proxy_set_header Host $host;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_buffering off;
+ proxy_connect_timeout 1d;
+ proxy_send_timeout 1d;
+ proxy_read_timeout 1d;
+ proxy_redirect off;
+ proxy_set_header Proxy "";
+ proxy_cookie_path /api "/api; secure; HttpOnly";
+ }
+}
+
+Open Network Ports
+==================
+
+By default, traccar will listen on many network ports. Each tracker protocol
+requires its own open port. So you should really block those ports using pf and
+only allow the protocols you actually use.
+
+You can also restrict the open ports by altering the default.xml file and remove
+all the protocols you don't use. However, the default.xml file will change on
+almost every revision, so if you do that you should do it on a copy of
+default.xml and reference that copy in traccar.xml configuration file. Also, you
+should ensure that at every upgrade, you track the changes in default.xml as
+the file contains important informations about SQL queries. This is definitely
+more complex than firewalling the unused ports.
smime.p7s
Description: S/MIME Cryptographic Signature
