oci/takserver
2
0
Fork 0
generated from oci/template
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

it builds, and hopefully runs?
All checks were successful
Build Docker Image on Commit / build-and-publish (push) Successful in 2m53s
Details

Browse source
This commit is contained in:
Merith-TK 2025-07-05 03:36:34 +01:00
parent ba547a2130
commit d7a6b77e57
13 changed files with 1382 additions and 519 deletions
Download patch file Download diff file Expand all files Collapse all files

402
README.md
View file

@ -1,242 +1,224 @@
# TAK Server Docker Setup
# TAK Server Hybrid Docker Container
This directory contains a unified Docker configuration for running TAK Server components.
This Docker container combines both the TAK server and PostgreSQL database functionality into a single container. It automatically detects and uses the latest TAK server release from the mounted volume.
## ⚠️ IMPORTANT: TAK Server Files Required
**This container does NOT include TAK server files due to licensing restrictions.** You must provide your own TAK server release files obtained through proper channels:
1. Download TAK server files from the official TAK.gov website
2. Obtain through proper military/government channels
3. Purchase through authorized distributors
**You must have a valid license to use TAK server software.**
## Prerequisites
You must have the official TAK Server Docker release archive. The archive should be in ZIP format and contain both `docker` and `tak` folders.
1. **Valid TAK Server License**: You must have proper licensing/authorization to use TAK server
2. **TAK Server Files**: Download `takserver-docker-X.Y-RELEASE-Z.zip` from official sources
3. **Docker & Docker Compose**: Installed on your system
## Setup Instructions
1. **Build the Docker Image**:
```bash
docker build -t takserver .
```
### Step 1: Obtain TAK Server Files
- Download the TAK server Docker release from official channels
- Place the `takserver-docker-X.Y-RELEASE-Z.zip` file in the `takserver-release/` directory
- The container will automatically detect and use the latest version
2. **Run TAK Server**:
```bash
docker run -d --name takserver \
-e TAK_MODE=server \
-v /path/to/your/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
takserver
```
3. **Run TAK Database**:
```bash
docker run -d --name takserver-db \
-e TAK_MODE=database \
-v /path/to/your/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
takserver
```
4. **Alternative: Mount the archive directory** (for automatic latest version detection):
```bash
# Mount the directory containing TAK archives
docker run -d --name takserver \
-e TAK_MODE=server \
-v /path/to/tak-archives-directory:/tak-archive:ro \
takserver
```
## How It Works
- **Unified Image**: One Docker image serves both TAK Server and Database functions
- **Mode Selection**: Use the `TAK_MODE` environment variable to choose between `server` (default) or `database`
- **Runtime Extraction**: The container checks for and extracts the TAK archive on startup
- **Automatic Version Detection**: If you mount a directory, the container will automatically find and use the latest TAK archive
- **Flexibility**: The same image can be used with different TAK archive versions
- **Persistence**: Once extracted, the TAK files persist in the container until it's removed
## File Structure Expected
Your TAK Server archive should have this structure:
### Step 2: File Structure
```
takserver-docker-5.4-RELEASE-19.zip
├── docker/ # Docker-related files (not used)
└── tak/ # TAK Server files (this is what gets copied)
├── configureInDocker.sh
├── db-utils/
│ └── configureInDocker.sh
└── ... (other TAK files)
/docker/services/tak/
├── Dockerfile # Hybrid container
├── entrypoint.sh # Main container entrypoint
├── scripts/ # Helper scripts
│ ├── tak-version.sh # TAK version detection
│ ├── db-setup.sh # Database setup
│ └── healthcheck.sh # Health monitoring
├── docker-compose.yml # Docker Compose configuration
├── README.md # This documentation
├── build.sh # Build script
├── validate.sh # Setup validation script
├── original-files/ # Original Dockerfile templates
└── takserver-release/ # Place your TAK server files here
└── takserver-docker-X.Y-RELEASE-Z.zip # Your TAK server files
```
## Features
- **Hybrid Architecture**: Combines TAK server and PostgreSQL database in one container
- **Automatic Version Detection**: Finds the latest `takserver-docker-X.Y-RELEASE-Z.zip` file
- **Semantic Versioning**: Uses semantic version sorting to determine the latest release
- **Complete Setup**: Includes PostGIS extension for spatial data support
- **Runtime TAK Setup**: TAK server files are processed at container startup (licensing compliant)
- **User-Provided Files**: No TAK server files included in the image
## Usage
### Option 1: Using Docker Compose (Recommended)
**First, ensure you have TAK server files in the correct directory:**
```bash
# Verify your TAK server files
ls -la takserver-release/
# Should show: takserver-docker-X.Y-RELEASE-Z.zip
# Build and start the hybrid container
docker-compose up -d
# View logs to monitor startup
docker-compose logs -f tak-hybrid
# Stop the container
docker-compose down
```
### Option 2: Using Docker directly
```bash
# Build the image
docker build -t tak-hybrid .
# Run the container (replace /path/to/tak/files with your actual path)
docker run -d \
--name tak-hybrid \
-p 5432:5432 \
-p 8080:8080 \
-p 8443:8443 \
-p 8444:8444 \
-v /path/to/tak/files:/takserver-zip:ro \
-v tak-data:/opt/tak/data \
-v tak-logs:/opt/tak/logs \
tak-hybrid
```
## TAK Server Release Files
Place your TAK server release files in the `takserver-release/` directory. The container will automatically detect and use the latest version based on semantic versioning.
**Supported filename format**: `takserver-docker-X.Y-RELEASE-Z.zip`
Examples:
- `takserver-docker-5.4-RELEASE-19.zip`
- `takserver-docker-5.5-RELEASE-1.zip`
- `takserver-docker-6.0-RELEASE-5.zip`
## Ports
- **5432**: PostgreSQL database
- **8080**: TAK server web interface (HTTP)
- **8443**: TAK server web interface (HTTPS)
- **8444**: TAK server certificate enrollment
- **8446**: TAK server API
## Database Configuration
The container automatically sets up PostgreSQL with:
- Database: `cot`
- User: `martiuser`
- Password: `password`
- PostGIS extension enabled
## Environment Variables
- `TAK_MODE`: Set to `server` (default) or `database` to determine the container's function
- `TAK_ARCHIVE_PATH`: Override the default TAK archive path (default: `/tak-archive/takserver-docker-5.4-RELEASE-19.zip`)
The following environment variables can be customized in the docker-compose.yml:
## Usage Notes
- `POSTGRES_DB`: Database name (default: cot)
- `POSTGRES_USER`: Database user (default: martiuser)
- `POSTGRES_PASSWORD`: Database password (default: password)
- The TAK archive is mounted as read-only (`ro`) to prevent accidental modifications
- **Server Mode**: Starts automatically with the `configureInDocker.sh init` command
- **Database Mode**: Starts with the database configuration script
- Logs will be written to `/opt/tak/logs/takserver.log` in server mode
- The container will extract the TAK archive on first run and reuse the extracted files on subsequent runs
## Helper Scripts
## Data Persistence
To persist data across container restarts and updates, you should mount the following directories:
### TAK Server Data Volumes:
- `/opt/tak/logs` - TAK Server logs
- `/opt/tak/certs` - SSL certificates and keys
- `/opt/tak/conf` - Configuration files
- `/opt/tak/db-utils/pg_hba.conf` - PostgreSQL authentication configuration
### Database Data Volumes (when using TAK_MODE=database):
- `/var/lib/postgresql/data` - PostgreSQL database files
- `/opt/tak/db-utils/logs` - Database utility logs
### Example with Data Persistence:
The container includes several helper scripts for management and troubleshooting:
### TAK Version Detection (`/scripts/tak-version.sh`)
```bash
# TAK Server with persistent data
docker run -d --name takserver \
-e TAK_MODE=server \
-v /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
-v takserver-logs:/opt/tak/logs \
-v takserver-certs:/opt/tak/certs \
-v takserver-config:/opt/tak/conf \
takserver
# Find latest TAK release
docker exec tak-hybrid /scripts/tak-version.sh /takserver-zip latest
# TAK Database with persistent data
docker run -d --name takserver-db \
-e TAK_MODE=database \
-v /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
-v takserver-db-data:/var/lib/postgresql/data \
-v takserver-db-logs:/opt/tak/db-utils/logs \
takserver
# List all available releases
docker exec tak-hybrid /scripts/tak-version.sh /takserver-zip list
# Get version from specific file
docker exec tak-hybrid /scripts/tak-version.sh /takserver-zip version /takserver-zip/takserver-docker-5.4-RELEASE-19.zip
```
## Docker Compose Example
### Database Setup (`/scripts/db-setup.sh`)
```bash
# Full database setup
docker exec tak-hybrid /scripts/db-setup.sh setup
```yaml
version: '3.8'
services:
takserver-db:
image: takserver
environment:
- TAK_MODE=database
volumes:
- /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro
- takserver-db-data:/var/lib/postgresql/data
- takserver-db-logs:/opt/tak/db-utils/logs
container_name: takserver-db
# Test database connection
docker exec tak-hybrid /scripts/db-setup.sh test
takserver:
image: takserver
environment:
- TAK_MODE=server
volumes:
- /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro
- takserver-logs:/opt/tak/logs
- takserver-certs:/opt/tak/certs
- takserver-config:/opt/tak/conf
container_name: takserver
depends_on:
- takserver-db
volumes:
takserver-db-data:
takserver-db-logs:
takserver-logs:
takserver-certs:
takserver-config:
# Print database configuration
docker exec tak-hybrid /scripts/db-setup.sh config
```
## Reverse Proxy with Custom SSL Certificate
### Health Monitoring (`/scripts/healthcheck.sh`)
```bash
# Run all health checks
docker exec tak-hybrid /scripts/healthcheck.sh all
You can use a reverse proxy (like Nginx, Traefik, or Caddy) to terminate SSL with your own certificate instead of using TAK Server's built-in SSL. This is recommended for production deployments.
### Benefits:
- Use your own SSL certificates (Let's Encrypt, corporate CA, etc.)
- Centralized certificate management
- Better security practices
- Easier certificate renewal
### Basic Nginx Configuration Example:
```nginx
upstream takserver {
server takserver:8443;
}
server {
listen 443 ssl http2;
server_name your-domain.com;
ssl_certificate /path/to/your/cert.pem;
ssl_certificate_key /path/to/your/private.key;
# SSL security settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# Proxy to TAK Server
location / {
proxy_pass https://takserver;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Important for WebSocket connections
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# SSL verification settings for upstream
proxy_ssl_verify off;
proxy_ssl_session_reuse on;
}
}
# Check specific components
docker exec tak-hybrid /scripts/healthcheck.sh postgres
docker exec tak-hybrid /scripts/healthcheck.sh database
docker exec tak-hybrid /scripts/healthcheck.sh tak-process
```
### Docker Compose with Nginx Reverse Proxy:
## Troubleshooting
```yaml
version: '3.8'
services:
# ... your existing takserver and takserver-db services ...
nginx:
image: nginx:alpine
ports:
- "443:443"
- "80:80"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- /path/to/your/ssl-certs:/etc/nginx/ssl:ro
depends_on:
- takserver
networks:
- takserver-network
### Check container logs
```bash
docker-compose logs tak-hybrid
```
### Configuration Notes:
1. **Remove External Port Mapping**: When using a reverse proxy, remove the port mappings from the `takserver` service in docker-compose.yml since the proxy will handle external access.
2. **Internal Communication**: TAK Server will still use its internal SSL certificate for communication between the reverse proxy and the container.
3. **Certificate Management**: Your reverse proxy handles the public-facing SSL certificate, while TAK Server's internal certificate is only used for proxy-to-container communication.
4. **WebSocket Support**: Ensure your reverse proxy configuration supports WebSocket upgrades for real-time features.
5. **Security Headers**: Consider adding security headers in your reverse proxy configuration for enhanced security.
### Alternative: Traefik with Automatic Let's Encrypt
For automatic SSL certificate management, consider using Traefik:
```yaml
# Add labels to your takserver service
labels:
- "traefik.enable=true"
- "traefik.http.routers.takserver.rule=Host(`your-domain.com`)"
- "traefik.http.routers.takserver.tls.certresolver=letsencrypt"
- "traefik.http.services.takserver.loadbalancer.server.port=8443"
- "traefik.http.services.takserver.loadbalancer.server.scheme=https"
### Access the container shell
```bash
docker-compose exec tak-hybrid /bin/bash
```
### Verify PostgreSQL is running
```bash
docker-compose exec tak-hybrid pg_isready -U martiuser -d cot
```
### Check TAK server status
```bash
docker-compose exec tak-hybrid ps aux | grep tak
```
## Error Handling
The container includes comprehensive error checking:
### Missing TAK Server Files
```
ERROR: No TAK server files found!
Please mount a directory containing takserver-docker-X.Y-RELEASE-Z.zip files to /takserver-zip
```
**Solution**: Ensure you have properly mounted the directory containing your TAK server files.
### Invalid File Format
```
ERROR: No takserver-docker-X.Y-RELEASE-Z.zip file found in /takserver-zip/
Please ensure you have a file matching the pattern: takserver-docker-X.Y-RELEASE-Z.zip
```
**Solution**: Verify your TAK server file follows the correct naming convention.
### Licensing Compliance
This container design ensures license compliance by:
- **Not redistributing TAK server files**
- **Requiring users to provide their own licensed files**
- **Processing files only at runtime**
- **Clear documentation of licensing requirements**
## Legal Notice
TAK server software is subject to export control regulations and licensing requirements. Users are responsible for:
- Obtaining proper licenses/authorization
- Compliance with export control laws
- Following all applicable regulations
- Ensuring authorized use only
This container does not include or redistribute any TAK server software files.