TAK-SERVER
Installation Instructions
Instructional for installing TAK-SERVER RPM on Linux Virtual Server. (Written for Rocky8)
Download TAK-SERVER, Instructions, Scripts and Data Package Master Folder
Go to www.tak.gov and download Rocky8 version of TAK-Server onto your local machine
Go to http://maps.takserver.us to the TAK-SERVER folder or the resources page on this website or directly below and download the TAK SERVER SCRIPTS and the MASTER_SERVER_NAME_FOLDER_STRUCTURE onto your local machine.
.
**modify Script - RL8.9_tak5r69_install.sh to match the TAK Server version and release number**
**current version I am using is 5.2 release 41. You can modify as necessary**
**you have to modify the script file name AND you must go into the script and ensure the rmp file matches**
****some virtual machines are not restarting in time when the script runs to promote the admin user, new instructions if that happens below****
Launch local or virtual machine and get to the command line interface
Create a new user named atak
Set the password for the atak user
Enter password for atak user
you will get this message;
“BAD PASSWORD: The password contains the user name in some form”
it’s ok just paste atakatak again.
You will know you did it right when you get this message in return;
“all authentication tokens updated successfully.”
By creating this user named atak this also made a folder called atak under the home folder.
This will become important in a few more steps.
Make atak user ‘sudo user’
Switch from the Root user to the ATAK user
Copy scripts and TAK-SERVER RPM files into ATAK folder via FTP Client
Script - takUserCreateCerts_doNotRunAsRoot.sh
Script - createTakCerts.sh
Script - RL8.9_tak5.1r40_install.sh
Script - takserver_createLECerts.sh
Script - takserver_renewLECerts.sh
Script - promoteAdmin.sh
RPM Installer - takserver-5.1-RELEASE40.noarch.rpm
Now its time to install the TAK-SERVER
Get to the atak folder where all the scrips and tak server rpm file are
Queue up the TAK-SERVER install
Enter password if asked for atak user
Execute the TAK-SERVER installation
Edit the version and release number as neccessary
1st user prompt - will be for the atak user password for installing Java 17
2nd user prompt - install 1 package answer y
3rd User prompt - select java option choose - 1
The next step will start configuring the certificates.
Enter the following with NO SPACES (you can put whatever you want - press enter after each entry)
STATE:
CITY:
ORG:
ORG UNIT:
4th User Prompt - give a name for the Certificate Authority, has to be at least five characters
5th User Prompt - answer 'y' to the "Do you want me to move files around" question, it's for the intermediate signing CA
The script will restart TAK Server and give a 90 second countdown before it configures the intermediate-ca for use.
The script will restart the TAK Server again for 270 seconds to ensure the TAK Server is fully restarted prior to promoting the admin.pem certificate to the administrator role.
**** Sometimes this still is not enough time and the promotion of the admin cert may fail. If you try and access the server and your are forced to the webtak login page at port 8446 that means that the admin cert has not been promoted. Instructions below if this happens.
Enter password for atak user
Now your TAK-SERVER is complete
The Firewall was configured to allow TCP connections at port 8089;8443;8446
To login to your new TAK-Server instance you need to import the admin.p12 into your browser.
Another file you will need for building a datapackage for connection is the trust store-intermediate-ca.p12 file.
Move them both to you your local machine.
Firefox has been the easiest browser to work with in my experience.
To do this move browse to the root directory opt/tak/certs/files on the virtual machine and copy them to your to your local machine.
This script also made a copy of the admin cert and put it in the atak folder (the same folder you placed all the scripts and tak-server rpm file in)
In Firefox go to your settings and in the search bar type in Certificates
Click on View Certificates, then click on Your Certificates, click on Import and browse to wherever you stored the admin.p12 file then click OK.
You will notice Firefox will list the certificate by the ORG name you set up.
To get to your TAK-Server enter your ip address and port 8443; example https://ipaddresshere:8443
You will be prompted to choose your certificate - you only have to do this once.
If your run into the issue where you cant login into the admin portal and its forcing you to the webtak login page at port 8446 run the commands below.
Get to the atak folder where all the scripts are
Que up the promoteAdmin script
Enter password for atak user if asked
Execute script
You should get a return that looks like this if you are successful -
Creating user accounts using the TAK-Server web interface follow along on the video
Creating DataPackage for Connection for a TAK-Server that is using an IP address only follow along with the video.
Using LetsEncrypt to allow the TAK-Server to use a public facing domain.
Step 1 - Go to your domain host provider like godaddy.com etc. and add an A record to point to the IP addres of the TAK-Server
Go to the atak folder
Que up the LetsEncrypt Script
Enter password for atak user if asked
Execute script
There will be a series of prompts
enter an email where LetsEncrypt can get a hold of you
agree to terms of service - choose y
sharing of email choose y or no
Enter your domain name - example - tak1.mytakserver.com
Enter certificate name - example - tak1.maytakserver.com (I usually have them match)
On completion you will get a return like this -
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/swat1.taktical.net/fullchain.pem
Key is saved at: /etc/letsencrypt/live/swat1.taktical.net/privkey.pem
This certificate expires on 2024-06-29.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.
Next the script will make a cronjob which will automatically renew this certificate.
Now that you have the LetsEncryt going you have 2 options for connecting an ATAK client to the TAK-Server.
Option 1 - Create DataPackage for Connection
For an ATAK client to be able to connect to the server using the LetsEncrypt authority you will follow the same steps as using an IP address but just use your web address inlace of an IP address.
The easiest way to get the client onto the server is to create a DataPackage (a zipped file) with the truststore-intermediate-ca.p12 file, a manifest and a preference file with the web address.
When you downloaded the MASTER_SERVER_NAME_FOLDER_STRUCTURE it came with a boiler plate profile preference file and a manifest you can modify to reflect this information.
Once the datapackage is created you can share that out with the user’s unique username and password you created using the TAK-Server GUI.
The end user will download the data package onto their device, use the import feature in ATAK, upon import ATAK will prompt for the username and password.
Option 2 - Manual cert enrolment
The second option is the ATAK client can add a connection manually and enroll for a certificate.
To do that share the web address of the server i.e. tak1.mytakserver.com and the username and password you created on the TakServer web GUI.
From ATAK the user can add the takserver connection using the domain address and then choose enroll for certificate and then at prompt enter the username and password combo you issued to them.
I have included a pdf instructional for how to do this. You can share that with your end user.