# TAK Server Docker Setup This directory contains a unified Docker configuration for running TAK Server components. ## Prerequisites You must have the official TAK Server Docker release archive. The archive should be in ZIP format and contain both `docker` and `tak` folders. ## Setup Instructions 1. **Build the Docker Image**: ```bash docker build -t takserver . ``` 2. **Run TAK Server**: ```bash docker run -d --name takserver \ -e TAK_MODE=server \ -v /path/to/your/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \ takserver ``` 3. **Run TAK Database**: ```bash docker run -d --name takserver-db \ -e TAK_MODE=database \ -v /path/to/your/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \ takserver ``` 4. **Alternative: Mount the archive directory** (for automatic latest version detection): ```bash # Mount the directory containing TAK archives docker run -d --name takserver \ -e TAK_MODE=server \ -v /path/to/tak-archives-directory:/tak-archive:ro \ takserver ``` ## How It Works - **Unified Image**: One Docker image serves both TAK Server and Database functions - **Mode Selection**: Use the `TAK_MODE` environment variable to choose between `server` (default) or `database` - **Runtime Extraction**: The container checks for and extracts the TAK archive on startup - **Automatic Version Detection**: If you mount a directory, the container will automatically find and use the latest TAK archive - **Flexibility**: The same image can be used with different TAK archive versions - **Persistence**: Once extracted, the TAK files persist in the container until it's removed ## File Structure Expected Your TAK Server archive should have this structure: ``` takserver-docker-5.4-RELEASE-19.zip ├── docker/ # Docker-related files (not used) └── tak/ # TAK Server files (this is what gets copied) ├── configureInDocker.sh ├── db-utils/ │ └── configureInDocker.sh └── ... (other TAK files) ``` ## Environment Variables - `TAK_MODE`: Set to `server` (default) or `database` to determine the container's function - `TAK_ARCHIVE_PATH`: Override the default TAK archive path (default: `/tak-archive/takserver-docker-5.4-RELEASE-19.zip`) ## Usage Notes - The TAK archive is mounted as read-only (`ro`) to prevent accidental modifications - **Server Mode**: Starts automatically with the `configureInDocker.sh init` command - **Database Mode**: Starts with the database configuration script - Logs will be written to `/opt/tak/logs/takserver.log` in server mode - The container will extract the TAK archive on first run and reuse the extracted files on subsequent runs ## Data Persistence To persist data across container restarts and updates, you should mount the following directories: ### TAK Server Data Volumes: - `/opt/tak/logs` - TAK Server logs - `/opt/tak/certs` - SSL certificates and keys - `/opt/tak/conf` - Configuration files - `/opt/tak/db-utils/pg_hba.conf` - PostgreSQL authentication configuration ### Database Data Volumes (when using TAK_MODE=database): - `/var/lib/postgresql/data` - PostgreSQL database files - `/opt/tak/db-utils/logs` - Database utility logs ### Example with Data Persistence: ```bash # TAK Server with persistent data docker run -d --name takserver \ -e TAK_MODE=server \ -v /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \ -v takserver-logs:/opt/tak/logs \ -v takserver-certs:/opt/tak/certs \ -v takserver-config:/opt/tak/conf \ takserver # TAK Database with persistent data docker run -d --name takserver-db \ -e TAK_MODE=database \ -v /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \ -v takserver-db-data:/var/lib/postgresql/data \ -v takserver-db-logs:/opt/tak/db-utils/logs \ takserver ``` ## Docker Compose Example ```yaml version: '3.8' services: takserver-db: image: takserver environment: - TAK_MODE=database volumes: - /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro - takserver-db-data:/var/lib/postgresql/data - takserver-db-logs:/opt/tak/db-utils/logs container_name: takserver-db takserver: image: takserver environment: - TAK_MODE=server volumes: - /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro - takserver-logs:/opt/tak/logs - takserver-certs:/opt/tak/certs - takserver-config:/opt/tak/conf container_name: takserver depends_on: - takserver-db volumes: takserver-db-data: takserver-db-logs: takserver-logs: takserver-certs: takserver-config: ``` ## Reverse Proxy with Custom SSL Certificate You can use a reverse proxy (like Nginx, Traefik, or Caddy) to terminate SSL with your own certificate instead of using TAK Server's built-in SSL. This is recommended for production deployments. ### Benefits: - Use your own SSL certificates (Let's Encrypt, corporate CA, etc.) - Centralized certificate management - Better security practices - Easier certificate renewal ### Basic Nginx Configuration Example: ```nginx upstream takserver { server takserver:8443; } server { listen 443 ssl http2; server_name your-domain.com; ssl_certificate /path/to/your/cert.pem; ssl_certificate_key /path/to/your/private.key; # SSL security settings ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; # Proxy to TAK Server location / { proxy_pass https://takserver; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Important for WebSocket connections proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # SSL verification settings for upstream proxy_ssl_verify off; proxy_ssl_session_reuse on; } } ``` ### Docker Compose with Nginx Reverse Proxy: ```yaml version: '3.8' services: # ... your existing takserver and takserver-db services ... nginx: image: nginx:alpine ports: - "443:443" - "80:80" volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro - /path/to/your/ssl-certs:/etc/nginx/ssl:ro depends_on: - takserver networks: - takserver-network ``` ### Configuration Notes: 1. **Remove External Port Mapping**: When using a reverse proxy, remove the port mappings from the `takserver` service in docker-compose.yml since the proxy will handle external access. 2. **Internal Communication**: TAK Server will still use its internal SSL certificate for communication between the reverse proxy and the container. 3. **Certificate Management**: Your reverse proxy handles the public-facing SSL certificate, while TAK Server's internal certificate is only used for proxy-to-container communication. 4. **WebSocket Support**: Ensure your reverse proxy configuration supports WebSocket upgrades for real-time features. 5. **Security Headers**: Consider adding security headers in your reverse proxy configuration for enhanced security. ### Alternative: Traefik with Automatic Let's Encrypt For automatic SSL certificate management, consider using Traefik: ```yaml # Add labels to your takserver service labels: - "traefik.enable=true" - "traefik.http.routers.takserver.rule=Host(`your-domain.com`)" - "traefik.http.routers.takserver.tls.certresolver=letsencrypt" - "traefik.http.services.takserver.loadbalancer.server.port=8443" - "traefik.http.services.takserver.loadbalancer.server.scheme=https" ```