# TAK Server Docker Setup

This directory contains a unified Docker configuration for running TAK Server components.

## Prerequisites

You must have the official TAK Server Docker release archive. The archive should be in ZIP format and contain both `docker` and `tak` folders.

## Setup Instructions

1. **Build the Docker Image**:
   ```bash
   docker build -t takserver .
   ```

2. **Run TAK Server**:
   ```bash
   docker run -d --name takserver \
     -e TAK_MODE=server \
     -v /path/to/your/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
     takserver
   ```

3. **Run TAK Database**:
   ```bash
   docker run -d --name takserver-db \
     -e TAK_MODE=database \
     -v /path/to/your/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
     takserver
   ```

4. **Alternative: Mount the archive directory** (for automatic latest version detection):
   ```bash
   # Mount the directory containing TAK archives
   docker run -d --name takserver \
     -e TAK_MODE=server \
     -v /path/to/tak-archives-directory:/tak-archive:ro \
     takserver
   ```

## How It Works

- **Unified Image**: One Docker image serves both TAK Server and Database functions
- **Mode Selection**: Use the `TAK_MODE` environment variable to choose between `server` (default) or `database`
- **Runtime Extraction**: The container checks for and extracts the TAK archive on startup
- **Automatic Version Detection**: If you mount a directory, the container will automatically find and use the latest TAK archive
- **Flexibility**: The same image can be used with different TAK archive versions
- **Persistence**: Once extracted, the TAK files persist in the container until it's removed

## File Structure Expected

Your TAK Server archive should have this structure:
```
takserver-docker-5.4-RELEASE-19.zip
├── docker/           # Docker-related files (not used)
└── tak/              # TAK Server files (this is what gets copied)
    ├── configureInDocker.sh
    ├── db-utils/
    │   └── configureInDocker.sh
    └── ... (other TAK files)
```

## Environment Variables

- `TAK_MODE`: Set to `server` (default) or `database` to determine the container's function
- `TAK_ARCHIVE_PATH`: Override the default TAK archive path (default: `/tak-archive/takserver-docker-5.4-RELEASE-19.zip`)

## Usage Notes

- The TAK archive is mounted as read-only (`ro`) to prevent accidental modifications
- **Server Mode**: Starts automatically with the `configureInDocker.sh init` command
- **Database Mode**: Starts with the database configuration script
- Logs will be written to `/opt/tak/logs/takserver.log` in server mode
- The container will extract the TAK archive on first run and reuse the extracted files on subsequent runs

## Data Persistence

To persist data across container restarts and updates, you should mount the following directories:

### TAK Server Data Volumes:
- `/opt/tak/logs` - TAK Server logs
- `/opt/tak/certs` - SSL certificates and keys
- `/opt/tak/conf` - Configuration files
- `/opt/tak/db-utils/pg_hba.conf` - PostgreSQL authentication configuration

### Database Data Volumes (when using TAK_MODE=database):
- `/var/lib/postgresql/data` - PostgreSQL database files
- `/opt/tak/db-utils/logs` - Database utility logs

### Example with Data Persistence:

```bash
# TAK Server with persistent data
docker run -d --name takserver \
  -e TAK_MODE=server \
  -v /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
  -v takserver-logs:/opt/tak/logs \
  -v takserver-certs:/opt/tak/certs \
  -v takserver-config:/opt/tak/conf \
  takserver

# TAK Database with persistent data
docker run -d --name takserver-db \
  -e TAK_MODE=database \
  -v /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
  -v takserver-db-data:/var/lib/postgresql/data \
  -v takserver-db-logs:/opt/tak/db-utils/logs \
  takserver
```

## Docker Compose Example

```yaml
version: '3.8'
services:
  takserver-db:
    image: takserver
    environment:
      - TAK_MODE=database
    volumes:
      - /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro
      - takserver-db-data:/var/lib/postgresql/data
      - takserver-db-logs:/opt/tak/db-utils/logs
    container_name: takserver-db

  takserver:
    image: takserver
    environment:
      - TAK_MODE=server
    volumes:
      - /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro
      - takserver-logs:/opt/tak/logs
      - takserver-certs:/opt/tak/certs
      - takserver-config:/opt/tak/conf
    container_name: takserver
    depends_on:
      - takserver-db

volumes:
  takserver-db-data:
  takserver-db-logs:
  takserver-logs:
  takserver-certs:
  takserver-config:
```

## Reverse Proxy with Custom SSL Certificate

You can use a reverse proxy (like Nginx, Traefik, or Caddy) to terminate SSL with your own certificate instead of using TAK Server's built-in SSL. This is recommended for production deployments.

### Benefits:
- Use your own SSL certificates (Let's Encrypt, corporate CA, etc.)
- Centralized certificate management
- Better security practices
- Easier certificate renewal

### Basic Nginx Configuration Example:

```nginx
upstream takserver {
    server takserver:8443;
}

server {
    listen 443 ssl http2;
    server_name your-domain.com;
    
    ssl_certificate /path/to/your/cert.pem;
    ssl_certificate_key /path/to/your/private.key;
    
    # SSL security settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    
    # Proxy to TAK Server
    location / {
        proxy_pass https://takserver;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # Important for WebSocket connections
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
        # SSL verification settings for upstream
        proxy_ssl_verify off;
        proxy_ssl_session_reuse on;
    }
}
```

### Docker Compose with Nginx Reverse Proxy:

```yaml
version: '3.8'

services:
  # ... your existing takserver and takserver-db services ...

  nginx:
    image: nginx:alpine
    ports:
      - "443:443"
      - "80:80"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - /path/to/your/ssl-certs:/etc/nginx/ssl:ro
    depends_on:
      - takserver
    networks:
      - takserver-network
```

### Configuration Notes:

1. **Remove External Port Mapping**: When using a reverse proxy, remove the port mappings from the `takserver` service in docker-compose.yml since the proxy will handle external access.

2. **Internal Communication**: TAK Server will still use its internal SSL certificate for communication between the reverse proxy and the container.

3. **Certificate Management**: Your reverse proxy handles the public-facing SSL certificate, while TAK Server's internal certificate is only used for proxy-to-container communication.

4. **WebSocket Support**: Ensure your reverse proxy configuration supports WebSocket upgrades for real-time features.

5. **Security Headers**: Consider adding security headers in your reverse proxy configuration for enhanced security.

### Alternative: Traefik with Automatic Let's Encrypt

For automatic SSL certificate management, consider using Traefik:

```yaml
# Add labels to your takserver service
labels:
  - "traefik.enable=true"
  - "traefik.http.routers.takserver.rule=Host(`your-domain.com`)"
  - "traefik.http.routers.takserver.tls.certresolver=letsencrypt"
  - "traefik.http.services.takserver.loadbalancer.server.port=8443"
  - "traefik.http.services.takserver.loadbalancer.server.scheme=https"
```