This is a Docker wrapper for an official 'OG' TAK server from TAK Product Center intended for beginners. It will give you a turnkey TAK server with SSL which works with ATAK, iTAK, WinTAK.

Before you can build this, you must download a TAKSERVER-DOCKER-X.X-RELEASE.

Releases are now public at https://tak.gov/products/tak-server

Please follow account registration process, and once completed go to the link above.

The integrity of the release will be checked at setup against the MD5/SHA1 checksums in this repo. THESE MUST MATCH. If they do not match, DO NOT proceed unless you trust the release.

The size blew up after 4.6 due to 900GB of DTED which was added to WebTAK and then shrank after 4.10 with a refactor

• Debian-based operating system, such as Debian or Ubuntu
• Docker with compose (https://docs.docker.com/engine/install/ubuntu/ or https://docs.docker.com/engine/install/debian/)
• A TAK server release
• 4GB memory
• Network connection
• unzip and netstat utilities

Please use the below link to see a short video on a complete setup of TAK Server.

TAK Server install (Docker)

Fetch the dependencies, then clone the git repository and cd into the directory

sudo apt update
sudo apt install net-tools unzip zip
git clone https://github.com/Cloud-RF/tak-server.git
cd tak-server

First, set up Docker's apt repository. These steps are already completed on the WarDragon. Open a terminal and run the following commands:

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a r /etc/apt/keyrings/docker.gpg

# Add the repository to Apt sources:
echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

# Install the Docker packages.
# To install the latest version, run:
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

IT IS NOT RECOMMENDED TO RUN PRIVILEGED CONTAINERS ON THE DOCKER HOST.

These scripts assume you don't need to sudo for docker and docker-compose. As such it is assumed that your user account is a member of the docker group as is indicated during the correct installation of Docker. This will allow you to run docker commands without sudo.

For more information please consult the official installation documentation provided by Docker.

To test if you are able to run docker commands without sudo you can test with the following command:

docker run hello-world

The script will auto-detect your architecture and use the ARM Docker file if the architecture is determined to be arm64.

You should copy your downloaded TAKSERVER-DOCKER-X.X-RELEASE ZIP file to the tak-server directory.

Assuming that your current working directory is the tak-server as cloned previously, you can then proceed to run the setup.sh script.

chmod  x scripts/setup.sh
./scripts/setup.sh

The setup.sh script will populate configuration files, start up TAK server with a PostgreSQL database via Docker compose and generate the required certificates. There will be prompts and some input required from the user such as certificate names. At the end of the setup the user will be given random passwords and a link to access the web interface where further settings can be applied.

For more information on using TAK server refer to the documentation on the TAK Product Center GitHub.

TAK server needs the following port numbers to operate. Services already using these will cause a problem which the script will detect and offer a resolution for.

• 5432
• 8089
• 8443
• 8444
• 8446
• 9500
• 9001

If you are going to expose these ports be careful. Not all of them run secure protocols. For peace of mind, and for working through firewalls and NAT routers run this on a VPN like OpenVPN or NordVPN.

If your TAK Server was able to successfully be installed then you should see in your console a similar message:

Import the admin.p12 certificate from this folder to your browser as per the README.md file
Login at https://10.0.0.6:8443 with your admin account. No need to run the /setup step as this has been done.
Certificates and *CERT DATA PACKAGES* are in tak/certs/files 

Setup script sponsored by CloudRF.com - "The API for RF"

---------PASSWORDS----------------

Admin user name: admin
Admin password: <Your password here>
Postgresql password: <Your password here>

---------PASSWORDS----------------

MAKE A NOTE OF YOUR PASSWORDS. THEY WON'T BE SHOWN AGAIN.
Docker containers should automatically start with the docker service from now on.

The login to the web interface requires the certificate created during setup. The certificate needs to be uploaded to the browser first. The name of this certificate is the one which you have typed after specifying the State, City, and Company during the certificate creation.

Default certificate name is admin.p12. The certificates names can be checked by:

docker exec -it tak-server-tak-1 ls -hal /opt/tak/certs/files 

The admin.p12 certificate needs to be copied from ./tak/certs/files/ and installed in a web browser for you to be able to administer your TAK Server. This not only provides TLS transport security with mutual authentication (Client > Server, Server > Client) but it proves your identity and saves you having to type a tedious password each time.

• Go to "Settings" --> "Privacy and Security" --> "Security" --> "Manage Certificates"
• Navigate to "Your certificates"
• Press "Import" button and choose your .p12 file (Default password is atakatak)

The web UI should be now accessible via the address given below.

• Go to "Settings" --> "Privacy & Security" --> scroll down to "Certificates" section.
• Click the button "View Certificates"
• Choose "Your Certificates" section and "Import" your .p12 certificate (Default password is atakatak)
• Choose the "Authorities" section
• Locate "TAK" line, there should be your certificate name displayed underneath it
• Click your certificate name and press button "Edit Trust"
• TICK the box with "This certificate can identify web sites" statement, then click "OK"

The web UI should be now accessible via the address given below.

The web user interface can be only accessed via SSL on port 8443.

The login prompt will not show up as the server authenticates the user based on the uploaded certificate.

The user interface is available at the below address and on all other NICs. Check your firewall as you may not want this exposed on a public NIC.

https://localhost:8443

Make sure you are in the main tak-server directory and append the -d flag to run the process in the background.

cd tak-server
docker compose up -d

Make sure you are in the main tak-server directory.

cd tak-server
docker compose down

You can access a shell in the running Docker container with this command:

docker exec -it tak-server-tak-1 tail -f /opt/tak/logs/takserver.log

To tail the server log from OUTSITE the container as the tak folder is mapped:

tail -f ./tak/logs/takserver.log

sudo ./scripts/cleanup.sh

This script will stop the TAK Server container, remove the mapped database volume and remove the folder tak which is created in the project root directory (cloned from GitHub) during the setup process.

WARNING - If you have data in an existing TAK database container it will be lost.

If you've never setup ATAK with a server before you need server and user certificates. You can load these manually as .p12 files or the easier way is with a .zip data package and a manifest.

You can find ready made data packages in the tak/certs/files directory. You need to copy these to your device's SD card then import the .zip into ATAK / iTAK with the "Import" function and choose "Local SD".

This will add a server, certificates and a user account. You will still need to create this user with the matching name for example, user1, in your TAK server user management dashboard and assign them to a common group.

If you would like to federate TAK servers you will need to exchange ca.pem files between servers. On this docker setup, I find that I have to manually import the ca.pem from the command line as the webui seems unable to add the it to the fed truststore. Typically the fed-truststore is located in the project directory at tak-server/tak/certs/files. You'll likely find the ca.pem in that location as well, location may vary depending on install method.

keytool -importcert -file ca.pem -keystore fed-truststore.jks -alias "tak"

If you like to live dangerously, you can run a script to serve the .zip files on TCP port 12345, for example, http://0.0.0.0:12345. This launches a mini Python web server and serves the content of the share folder which will contain your certificates. Note that sharing certificates via insecure protocols is not secure.

./scripts/shareCerts.sh
Serving HTTP on 0.0.0.0 port 12345 (http://0.0.0.0:12345/) ...
10.0.0.5 - - [23/Nov/2022 15:49:52] "GET / HTTP/1.1" 200 -
10.0.0.5 - - [23/Nov/2022 15:49:54] "GET /user1-10.0.0.3.dp.zip HTTP/1.1" 200 

Stop the script with Ctrl-C once done to stop randoms fetching your certificates.

See Frequently Asked Questions.

Please feel free to open merge requests. A beginner's guide to GitHub.com is here:

https://www.freecodecamp.org/news/how-to-make-your-first-pull-request-on-github-3/

Thanks to the TAK product center for open-sourcing and maintaining all things TAK.

Thanks to James Wu 'wubar' on GitLab/Discord for publishing the Docker wrapper on which this was built.

Thanks to protectionist dinosaurs, on both sides of the pond, who are threatened by TAK's open source model for the motivation :p

• TAK server on TAK.gov
• ATAK-CIV on Google Play
• iTak on Apple App store
• WinTAK-CIV on TAK.gov