lets test and push

2025-07-04 02:34:05 +01:00 · 2025-07-04 02:34:05 +01:00 · ba547a2130
commit ba547a2130
parent 8657a734af
7 changed files with 584 additions and 37 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,242 @@
+# TAK Server Docker Setup
+
+This directory contains a unified Docker configuration for running TAK Server components.
+
+## Prerequisites
+
+You must have the official TAK Server Docker release archive. The archive should be in ZIP format and contain both `docker` and `tak` folders.
+
+## Setup Instructions
+
+1. **Build the Docker Image**:
+   ```bash
+   docker build -t takserver .
+   ```
+
+2. **Run TAK Server**:
+   ```bash
+   docker run -d --name takserver \
+     -e TAK_MODE=server \
+     -v /path/to/your/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
+     takserver
+   ```
+
+3. **Run TAK Database**:
+   ```bash
+   docker run -d --name takserver-db \
+     -e TAK_MODE=database \
+     -v /path/to/your/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
+     takserver
+   ```
+
+4. **Alternative: Mount the archive directory** (for automatic latest version detection):
+   ```bash
+   # Mount the directory containing TAK archives
+   docker run -d --name takserver \
+     -e TAK_MODE=server \
+     -v /path/to/tak-archives-directory:/tak-archive:ro \
+     takserver
+   ```
+
+## How It Works
+
+- **Unified Image**: One Docker image serves both TAK Server and Database functions
+- **Mode Selection**: Use the `TAK_MODE` environment variable to choose between `server` (default) or `database`
+- **Runtime Extraction**: The container checks for and extracts the TAK archive on startup
+- **Automatic Version Detection**: If you mount a directory, the container will automatically find and use the latest TAK archive
+- **Flexibility**: The same image can be used with different TAK archive versions
+- **Persistence**: Once extracted, the TAK files persist in the container until it's removed
+
+## File Structure Expected
+
+Your TAK Server archive should have this structure:
+```
+takserver-docker-5.4-RELEASE-19.zip
+├── docker/           # Docker-related files (not used)
+└── tak/              # TAK Server files (this is what gets copied)
+    ├── configureInDocker.sh
+    ├── db-utils/
+    │   └── configureInDocker.sh
+    └── ... (other TAK files)
+```
+
+## Environment Variables
+
+- `TAK_MODE`: Set to `server` (default) or `database` to determine the container's function
+- `TAK_ARCHIVE_PATH`: Override the default TAK archive path (default: `/tak-archive/takserver-docker-5.4-RELEASE-19.zip`)
+
+## Usage Notes
+
+- The TAK archive is mounted as read-only (`ro`) to prevent accidental modifications
+- **Server Mode**: Starts automatically with the `configureInDocker.sh init` command
+- **Database Mode**: Starts with the database configuration script
+- Logs will be written to `/opt/tak/logs/takserver.log` in server mode
+- The container will extract the TAK archive on first run and reuse the extracted files on subsequent runs
+
+## Data Persistence
+
+To persist data across container restarts and updates, you should mount the following directories:
+
+### TAK Server Data Volumes:
+- `/opt/tak/logs` - TAK Server logs
+- `/opt/tak/certs` - SSL certificates and keys
+- `/opt/tak/conf` - Configuration files
+- `/opt/tak/db-utils/pg_hba.conf` - PostgreSQL authentication configuration
+
+### Database Data Volumes (when using TAK_MODE=database):
+- `/var/lib/postgresql/data` - PostgreSQL database files
+- `/opt/tak/db-utils/logs` - Database utility logs
+
+### Example with Data Persistence:
+
+```bash
+# TAK Server with persistent data
+docker run -d --name takserver \
+  -e TAK_MODE=server \
+  -v /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
+  -v takserver-logs:/opt/tak/logs \
+  -v takserver-certs:/opt/tak/certs \
+  -v takserver-config:/opt/tak/conf \
+  takserver
+
+# TAK Database with persistent data
+docker run -d --name takserver-db \
+  -e TAK_MODE=database \
+  -v /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
+  -v takserver-db-data:/var/lib/postgresql/data \
+  -v takserver-db-logs:/opt/tak/db-utils/logs \
+  takserver
+```
+
+## Docker Compose Example
+
+```yaml
+version: '3.8'
+services:
+  takserver-db:
+    image: takserver
+    environment:
+      - TAK_MODE=database
+    volumes:
+      - /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro
+      - takserver-db-data:/var/lib/postgresql/data
+      - takserver-db-logs:/opt/tak/db-utils/logs
+    container_name: takserver-db
+
+  takserver:
+    image: takserver
+    environment:
+      - TAK_MODE=server
+    volumes:
+      - /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro
+      - takserver-logs:/opt/tak/logs
+      - takserver-certs:/opt/tak/certs
+      - takserver-config:/opt/tak/conf
+    container_name: takserver
+    depends_on:
+      - takserver-db
+
+volumes:
+  takserver-db-data:
+  takserver-db-logs:
+  takserver-logs:
+  takserver-certs:
+  takserver-config:
+```
+
+## Reverse Proxy with Custom SSL Certificate
+
+You can use a reverse proxy (like Nginx, Traefik, or Caddy) to terminate SSL with your own certificate instead of using TAK Server's built-in SSL. This is recommended for production deployments.
+
+### Benefits:
+- Use your own SSL certificates (Let's Encrypt, corporate CA, etc.)
+- Centralized certificate management
+- Better security practices
+- Easier certificate renewal
+
+### Basic Nginx Configuration Example:
+
+```nginx
+upstream takserver {
+    server takserver:8443;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name your-domain.com;
+    
+    ssl_certificate /path/to/your/cert.pem;
+    ssl_certificate_key /path/to/your/private.key;
+    
+    # SSL security settings
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    
+    # Proxy to TAK Server
+    location / {
+        proxy_pass https://takserver;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # Important for WebSocket connections
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # SSL verification settings for upstream
+        proxy_ssl_verify off;
+        proxy_ssl_session_reuse on;
+    }
+}
+```
+
+### Docker Compose with Nginx Reverse Proxy:
+
+```yaml
+version: '3.8'
+
+services:
+  # ... your existing takserver and takserver-db services ...
+
+  nginx:
+    image: nginx:alpine
+    ports:
+      - "443:443"
+      - "80:80"
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf:ro
+      - /path/to/your/ssl-certs:/etc/nginx/ssl:ro
+    depends_on:
+      - takserver
+    networks:
+      - takserver-network
+```
+
+### Configuration Notes:
+
+1. **Remove External Port Mapping**: When using a reverse proxy, remove the port mappings from the `takserver` service in docker-compose.yml since the proxy will handle external access.
+
+2. **Internal Communication**: TAK Server will still use its internal SSL certificate for communication between the reverse proxy and the container.
+
+3. **Certificate Management**: Your reverse proxy handles the public-facing SSL certificate, while TAK Server's internal certificate is only used for proxy-to-container communication.
+
+4. **WebSocket Support**: Ensure your reverse proxy configuration supports WebSocket upgrades for real-time features.
+
+5. **Security Headers**: Consider adding security headers in your reverse proxy configuration for enhanced security.
+
+### Alternative: Traefik with Automatic Let's Encrypt
+
+For automatic SSL certificate management, consider using Traefik:
+
+```yaml
+# Add labels to your takserver service
+labels:
+  - "traefik.enable=true"
+  - "traefik.http.routers.takserver.rule=Host(`your-domain.com`)"
+  - "traefik.http.routers.takserver.tls.certresolver=letsencrypt"
+  - "traefik.http.services.takserver.loadbalancer.server.port=8443"
+  - "traefik.http.services.takserver.loadbalancer.server.scheme=https"
+```