CloudTAK


OpenTAKServer is compatible with CloudTAK, a fully featured, in-browser TAK client.

Notes


CloudTAK has only been tested using an FQDN with a trusted certificate (i.e. Let’s Encrypt). It may still work without an FQDN or trusted cert, but SSL is always required. For best results you should create a subdomain. For example, if your FQDN is example.com, your subdomain could be cloudtak.example.com.

If you need support, please ask in the OTS discord rather than contacting COTAK (the creators of CloudTAK).

Installation


This guide assume that you’re installing CloudTAK on the same server as OpenTAKServer.

Docker

Run these commands to install Docker on Ubuntu. If you’re not using Ubuntu, check the Docker docs on how to install for your distro.

sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update

sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

CloudTAK


  1. Clone the CloudTAK repo

git clone https://github.com/dfpc-coe/CloudTAK.git
cd CloudTAK
  1. Change API_URL in docker_compose.yml. It should be prefixed with https:// and should be changed to the IP or FQDN that you’ll use to access it. You should also remove :5000 at the end. It cannot be localhost unless you’re installing CloudTAK to the same computer you’ll be accessing it from.

  2. Configure the nginx proxy. Copy the config below and paste it to a new file at /etc/nginx/sites-available/cloudtak. You also need to change the server_name line to your FQDN.

server {

   root /var/www/html;

   # Add index.php to the list if you are using PHP
   index index.html index.htm index.nginx-debian.html;

   server_name cloudtak.example.com; # <------- Change this to your FQDN

   location / {

           proxy_pass http://localhost:5000; 
           proxy_ssl_verify off;
           proxy_ssl_session_reuse on;
           proxy_buffering off;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection "upgrade";
           #proxy_hide_header Authorization;
           #proxy_set_header Referer '';
           #proxy_set_header Origin '';
   }

listen 80;
}
  1. Create a symbolic link to enable the new nginx config file.

sudo ln -s /etc/nginx/sites-available/cloudtak /etc/nginx/sites-enabled/cloudtak
  1. Edit /etc/nginx/sites-available/ots_certificate_enrollment and add the following inside the server {} stanza.

        location /oauth {
                proxy_pass http://127.0.0.1:8081;
                proxy_http_version 1.1;
                proxy_set_header Host $host:8443;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Ssl-Cert $ssl_client_escaped_cert;
                proxy_set_header X-Forwarded-Proto $scheme;

        }
  1. Edit /etc/nginx/sites-available/ots_https and add this inside the listen 8443 server {}.

        location /files {
                proxy_pass http://127.0.0.1:8081;
                proxy_http_version 1.1;
                proxy_set_header Host $host:443;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Ssl-Cert $ssl_client_escaped_cert;
                proxy_set_header X-Forwarded-Proto $scheme;

        }
  1. Install certbot and nginx sudo apt install nginx certbot python3-certbot-nginx -y

  2. Get a cert from Let’s Encrypt sudo certbot --nginx

  3. Restart nginx sudo systemctl restart nginx

  4. Open a browser and enter your CloudTAK server’s URL, i.e. https://cloudtak.example.com