Skip to content

Commit

Permalink
Merge branch 'alphafox02-main' into main
Browse files Browse the repository at this point in the history
Merging updates from a fork
  • Loading branch information
FarrantAlex committed Mar 13, 2024
2 parents b88d8c1 + 952b8cf commit 398a60f
Show file tree
Hide file tree
Showing 7 changed files with 52 additions and 30 deletions.
58 changes: 41 additions & 17 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,20 +4,11 @@

This is a Docker wrapper for an official 'OG' TAK server from [TAK Product Center](https://tak.gov/) intended for beginners. It will give you a turnkey TAK server with SSL which works with ATAK, iTAK, WinTAK.

The key improvements are:

- Automatic configuration.
- Certificate generation.
- Secure password generation.
- Updates PostgreSQL 10 to PostgreSQL 14.
- Updates Debian 8 to Debian 11.

## IMPORTANT: Download the Official TAK Release

Before you can build this, you must download a **TAKSERVER-DOCKER-X.X-RELEASE**.

The scripts in this repository **have not** been checked against the **HARDENED** Docker release (`TAKSERVER-DOCKER-HARDENED-X.X-RELEASE`), so please **DO NOT** use them with that version of TAK Server.

Releases are now public at [https://tak.gov/products/tak-server](https://tak.gov/products/tak-server)

Please follow account registration process, and once completed go to the link above.
Expand All @@ -28,23 +19,23 @@ The integrity of the release will be checked at setup against the MD5/SHA1 check

## TAK Server Release Checksums

The size blew up after `4.6` due to `900GB` of DTED which was added to WebTAK.
*The size blew up after `4.6` due to `900GB` of DTED which was added to WebTAK and then shrank after 4.10 with a refactor*

| Release Filename | Bytes | MD5 Checksum | SHA1 Checksum |
| ------------------------------------- | ----------- | ---------------------------------- | ------------------------------------------ |
| `takserver-docker-4.6-RELEASE-26.zip` | `462381384` | `dc63cb315f950025707dbccf05bdf183` | `7ca58221b8d35d40df906144c5834e6d9fa85b47` |
| `takserver-docker-4.7-RELEASE-4.zip` | `759385093` | `5b011b74dd5f598fa21ce8d737e8b3e6` | `b688359659a05204202c21458132a64ec1ba0184` |
| `takserver-docker-4.7-RELEASE-18.zip` | `759410768` | `44b6fa8d7795b56feda08ea7ab793a3e` | `cd56406d3539030ab9b9b3fbae08b56b352b9b53` |
| `takserver-docker-4.7-RELEASE-20.zip` | `759389907` | `1cb0208c62d4551f1c3185d00a5fd8bf` | `f427ae3e860fddb8907047f157ada5764334c48d` |
| `takserver-docker-4.8-RELEASE-31.zip` | `772606000` | `c07f01d74960287bfc7dc08ecd6cbc3a` | `387ea4f593763d3adcfda5128a89dda4fd82e937` |
| `takserver-docker-4.10-RELEASE-50.zip`| `528MB` | `5068d5fd70cbc9ecf53f2259dc9383f7` | `177ed55a66ce8126424937dd3bc7375feb12d3eb` |
| `takserver-docker-4.6-RELEASE-26.zip` | `462MB` | `dc63cb315f950025707dbccf05bdf183` | `7ca58221b8d35d40df906144c5834e6d9fa85b47` |
| `takserver-docker-4.7-RELEASE-4.zip` | `759MB` | `5b011b74dd5f598fa21ce8d737e8b3e6` | `b688359659a05204202c21458132a64ec1ba0184` |
| `takserver-docker-4.7-RELEASE-18.zip` | `759MB` | `44b6fa8d7795b56feda08ea7ab793a3e` | `cd56406d3539030ab9b9b3fbae08b56b352b9b53` |
| `takserver-docker-4.7-RELEASE-20.zip` | `759MB` | `1cb0208c62d4551f1c3185d00a5fd8bf` | `f427ae3e860fddb8907047f157ada5764334c48d` |
| `takserver-docker-4.8-RELEASE-31.zip` | `772MB` | `c07f01d74960287bfc7dc08ecd6cbc3a` | `387ea4f593763d3adcfda5128a89dda4fd82e937` |
| `takserver-docker-4.10-RELEASE-50.zip`| `528MB` | `5068d5fd70cbc9ecf53f2259dc9383f7` | `177ed55a66ce8126424937dd3bc7375feb12d3eb` |

## Requirements

- Debian-based operating system, such as Debian or Ubuntu
- Docker with `compose` (https://docs.docker.com/engine/install/ubuntu/ or https://docs.docker.com/engine/install/debian/)
- A TAK server release
- 2GB memory
- 4GB memory
- Network connection
- `unzip` and `netstat` utilities

Expand All @@ -65,6 +56,30 @@ git clone https://github.com/Cloud-RF/tak-server.git
cd tak-server
```

### Setup Docker's apt repository

First, set up Docker's apt repository. These steps are already completed on the WarDragon. Open a terminal and run the following commands:

```bash
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

# Add the repository to Apt sources:
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

# Install the Docker packages.
# To install the latest version, run:
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
```

### Docker Security

**IT IS NOT RECOMMENDED TO RUN PRIVILEGED CONTAINERS ON THE DOCKER HOST.**
Expand Down Expand Up @@ -228,6 +243,15 @@ You can find ready made data packages in the `tak/certs/files` directory. You ne

This will add a server, certificates and a user account. You will still need to create this user with the matching name for example, `user1`, in your TAK server user management dashboard and assign them to a common group.

## Federated TAK server

If you would like to federate TAK servers you will need to exchange ca.pem files between servers. On this docker setup, I find that I have to manually import the ca.pem from the command line as the webui seems unable to add
the it to the fed truststore. Typically the fed-truststore is located in the project directory at tak-server/tak/certs/files. You'll likely find the ca.pem in that location as well, location may vary depending on install method.

```bash
keytool -importcert -file ca.pem -keystore fed-truststore.jks -alias "tak"
```

### Transferring Your ZIP files Via HTTP

If you like to live dangerously, you can run a script to serve the `.zip` files on TCP port `12345`, for example, http://0.0.0.0:12345. This launches a mini Python web server and serves the content of the `share` folder which will contain your certificates. Note that sharing certificates via insecure protocols is not secure.
Expand Down
4 changes: 2 additions & 2 deletions docker-compose.arm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ services:
- tak-database
ports:
- 5432:5432
restart: always
restart: unless-stopped
tak:
build:
context: .
Expand All @@ -34,7 +34,7 @@ services:
tak:
depends_on:
- db
restart: always
restart: unless-stopped
volumes:
db_data:
networks:
Expand Down
4 changes: 2 additions & 2 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ services:
- tak-database
ports:
- 5432:5432
restart: always
restart: unless-stopped
tak:
build:
context: .
Expand All @@ -34,7 +34,7 @@ services:
tak:
depends_on:
- db
restart: always
restart: unless-stopped
volumes:
db_data:
networks:
Expand Down
3 changes: 1 addition & 2 deletions docker/amd64/Dockerfile.takserver
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
FROM openjdk:17-jdk-bullseye
RUN apt update && \
apt-get install -y emacs-nox net-tools netcat vim
RUN apt update && apt-get install -y emacs-nox net-tools netcat vim

ENTRYPOINT ["/bin/bash", "-c", "/opt/tak/configureInDocker.sh init &>> /opt/tak/logs/takserver.log"]
5 changes: 2 additions & 3 deletions docker/amd64/Dockerfile.takserver-db
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
FROM postgres:15
FROM postgres:15.1

# this is slow - updates all packages

RUN apt-get update && apt install -y postgresql-15-postgis-3
RUN apt-get update && apt install -y postgresql-15-postgis-3 openjdk-17-jdk


ENTRYPOINT ["/bin/bash", "-c", "/opt/tak/db-utils/configureInDocker.sh"]
4 changes: 2 additions & 2 deletions docker/arm64/Dockerfile.takserver
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
FROM openjdk:11-jdk-bullseye
FROM openjdk:17-jdk-bullseye
RUN apt update && \
apt-get install -y emacs-nox net-tools netcat vim

ENTRYPOINT ["/bin/bash", "-c", "/opt/tak/configureInDocker.sh init &>> /opt/tak/logs/takserver.log"]
ENTRYPOINT ["/bin/bash", "-c", "/opt/tak/configureInDocker.sh init &>> /opt/tak/logs/takserver.log"]
4 changes: 2 additions & 2 deletions scripts/cleanup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,5 @@ rm -rf tak
rm -rf /tmp/takserver

# Comment me out to save yourself rebuilding........
docker image rm tak-server_db --force
docker image rm tak-server_tak --force
docker image rm tak-server-db --force
docker image rm tak-server-tak --force

0 comments on commit 398a60f

Please sign in to comment.