CloudTAK
OpenTAKServer is compatible with CloudTAK, a fully featured, in-browser TAK client.
Notes
CloudTAK has only been tested using an FQDN with a trusted certificate (i.e. Let’s Encrypt). It may still work without an FQDN or trusted cert, but SSL is always required.
For best results you should create a subdomain. For example, if your FQDN is example.com
, your subdomain could be cloudtak.example.com
.
If you need support, please ask in the OTS discord rather than contacting COTAK (the creators of CloudTAK).
Installation
This guide assume that you’re installing CloudTAK on the same server as OpenTAKServer.
Docker
Run these commands to install Docker on Ubuntu. If you’re not using Ubuntu, check the Docker docs on how to install for your distro.
sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
CloudTAK
Clone the CloudTAK repo
git clone https://github.com/dfpc-coe/CloudTAK.git
cd CloudTAK
Change
API_URL
in docker_compose.yml. It should be prefixed withhttps://
and should be changed to the IP or FQDN that you’ll use to access it. You should also remove:5000
at the end. It cannot be localhost unless you’re installing CloudTAK to the same computer you’ll be accessing it from.Configure the nginx proxy. Copy the config below and paste it to a new file at
/etc/nginx/sites-available/cloudtak
. You also need to change theserver_name
line to your FQDN.
server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name cloudtak.example.com; # <------- Change this to your FQDN
location / {
proxy_pass http://localhost:5000;
proxy_ssl_verify off;
proxy_ssl_session_reuse on;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#proxy_hide_header Authorization;
#proxy_set_header Referer '';
#proxy_set_header Origin '';
}
listen 80;
}
Create a symbolic link to enable the new nginx config file.
sudo ln -s /etc/nginx/sites-available/cloudtak /etc/nginx/sites-enabled/cloudtak
Edit
/etc/nginx/sites-available/ots_certificate_enrollment
and add the following inside theserver {}
stanza.
location /oauth {
proxy_pass http://127.0.0.1:8081;
proxy_http_version 1.1;
proxy_set_header Host $host:8443;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Ssl-Cert $ssl_client_escaped_cert;
proxy_set_header X-Forwarded-Proto $scheme;
}
Edit
/etc/nginx/sites-available/ots_https
and add this inside the listen 8443server {}
.
location /files {
proxy_pass http://127.0.0.1:8081;
proxy_http_version 1.1;
proxy_set_header Host $host:443;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Ssl-Cert $ssl_client_escaped_cert;
proxy_set_header X-Forwarded-Proto $scheme;
}
Install certbot and nginx
sudo apt install nginx certbot python3-certbot-nginx -y
Get a cert from Let’s Encrypt
sudo certbot --nginx
Restart nginx
sudo systemctl restart nginx
Open a browser and enter your CloudTAK server’s URL, i.e. https://cloudtak.example.com