Skip to content

Server Fast Start

Jump to bottom
Konstantin edited this page Nov 5, 2023 · 7 revisions

How to install GoATAK server

Docker

You can run minimal server as easy as

docker run -p 8088:8088 -p 8080:8080 -p 8999:8999 kdudkov/goatak_server:latest

now you cat connect to your server using your server ip address, just set Streaming protocol tcp and port 8999 in Advanced Options

TCP only fast start server

  • download server_*.zip for your architecture from releases page
  • unzip it to destination folder
  • run goatac_server
  • that's all!

now you cat connect to your server using your server ip address, just set Streaming protocol tcp and port 8999 in Advanced Options

TLS setup

for secure installation you need:

  • server cert for user certificate check and enrollment
  • domain name and trusted https certificate (f.e. from letsencrypt) for it to enroll and check user certificates and admin access

server configuretion steps

To make certificates, you will need openssl library. On OSX you can install it using brew install openssl

  • first, download server_*.zip for your architecture from releases page to some folder and unzip it
  • cd certs; ./make_ca.sh. This step creates cacert.pem, cacert.key and truststore.p12 files
  • make_server_cert.sh <your_domain_name>. This creates server.key and server.pem for your server

now edit your goatak_server.yml configuration file:

---
admin_addr: "127.0.0.1:8080"
api_addr: ":8443"
cert_addr: "127.0.0.1:8447"
tcp_addr: "127.0.0.1:8999"
udp_addr: "127.0.0.1:8999"
ssl_addr: ":8089"
log: true

me:
  lat: 0
  lon: 0
  zoom: 6

ssl:
  ca: cert/cacert.pem
  cert: cert/server.pem
  key: cert/server.key
  use_ssl: true

https proxy configuration

add hginx, traefik or other proxy to simplify intergation with letsencrypt.

exampe nginx config (/etc/nginx/sites-availabled/default) all certbot data is in snippets/certbot.conf file

server {
	listen 80 default_server;
	listen [::]:80 default_server;

	server_name .takserver.ru;

	root /var/www/html;

	location / {
		try_files $uri @redirect;
	}

	location @redirect {
		return 301 https://$host$request_uri;
	}
}

server {
	listen 443 ssl default_server;
	listen [::]:443 ssl ipv6only=on default_server;
	include snippets/certbot.conf;

	root /var/www/html;

	server_name <your_domain_name>;

	location / {
		try_files $uri $uri/ =404;
	}
}

server {
	listen 8446 ssl http2;
	server_name <your_domain_name>;

	include snippets/certbot.conf;

	location / {
		access_log /var/log/nginx/atak-cert.log;
		proxy_pass http://127.0.0.1:8447;
	}
}

firewall

open ports on firewall:

  • 8443 web api
  • 8446 enrollment api
  • 8089 tcp stream

next steps

User management

Clone this wiki locally