Using the TAK Server installation binaries or Docker images provided by TAK.gov, the installTAK script provides a one-command installation solution for all TAK enthusiasts to get a TAK Server up and running in minutes on a freshly installed operating system.
A video walk-through can be found here.
All operating systems were tested with a minimal installation unless specifically annotated differently.
- Rocky Linux 8
- Rocky Linux 9
- Red Hat Enterprise Linux (RHEL) 8 [Not Hardened]
- Red Hat Enterprise Linux (RHEL) 9 [Not Hardened]
- Ubuntu Server 22 LTS
- Ubuntu Server 24 LTS
- Docker version 24
- PhotonOS w/ Docker Installed
- Raspbian Desktop (64-bit) on Raspberry Pi 5 w/ 8GB RAM
- Ubuntu 22/24 LTS on Raspberry Pi 5 w/ 8GB RAM
NOTE: Ubuntu Long Term Support (TLS) versions tested only, all other versions may not work.
To install the installTAK script from the source use the following commands to install the repository to a folder of your choice:
git clone https://github.com/myTeckNetCode/installTAK.git ./installTAK --recurse-submodulesThe above command will install the installTAK script in the current directory in a new folder called installTAK. After the repository has been cloned navigate to the installTAK directory.
cd installTAK
If you have not done so already, head to TAK.gov, download the TAK Server installation files, and place them in this newly created installTAK directory.
Run the following command to display the installation arguments:
./installTAKRunning installTAK alone will display the intended command usage. For example is the takserver-5.3-RELEASE4.noarch.rpm and takserver-public-gpg.key are in the installTAK directory run the following:
./installTAK takserver-5.3-RELEASE4.noarch.rpmFor Ubuntu/Debian systems ensure to download the deb_policy.pol and place it in the installTAK directory.
To enable FIPS Certificates append --fips at the end of the command. Custom certificates with stronger algorithms will be generated for use on systems with FIPS enabled. ATAK may not support certificates generated with these stronger algorithms. Use at your own discretion.
./installTAK takserver-5.3-RELEASE4.noarch.rpm --fipsInstallation from ZIP requires external repository contents. Download the installTAK.zip and then download the tak-server-systemd.zip from here.
- Extract the installTAK.zip
- Extract tak-server-systemd.zip into the installTAK directory created
Final directory tree should look like this:
installTAK
├───lib
│ └───img
└───tak-server-systemd
└───etc
└───systemd
└───system
script usage: installTAK [path to TAK Server installer [rpm | deb | zip ]]
# RPM
./installTAK takserver-*.noarch.rpm# Ubuntu/Raspberry-Pi
./installTAK takserver-*_ALL.deb# Docker/Container
./installTAK takserver-docker-*.zipThe installTAK script will detect the operating system it is being run against to determine the prerequisites needed to install the TAK Server. After the prerequisites have been installed, it will install the takserver binary or container. Following a complete installation or deployment of the TAK Server or container the TAK Server wizard will run to complete the remaining steps.
In the following prompt, enter the certificate information associated with your organization. All fields are required, City names with spaces are okay here.
If you wish to change the default certificate password, you have the option to do it here.
If you select yes to change the default certificate password, enter your new password here.
Enter the name for your Root Certificate Authority (CA); otherwise, if you leave this blank a random name will be generated for you.
Enter the name of your Intermediate Certificate Authority (CA), this certificate is used to sign and issue certificates on behalf of the root CA; otherwise, if you leave this blank a random name will be generated for you.
Certificate enrollment allows you as the TAK Administrator to pass a preconfigured data package (enrollmentDP.zip) to users/clients that will prompt the user for credentials needed to authenticate to the TAK Server. Credentials are managed in the Manage Users UI of the TAK Server. Selecting yes here will open TCP Port 8446 inbound for enrollment.
Enabling TAK Server Federation allows you to share data that is owned by the TAK Server to other TAK Servers. Selecting yes here will open TCP Port 9001 for inbound TAK Federation.
By default the TAK Server accepts connections over SSL/TLS. Additionally, the TAK Server supports the QUIC protocol. Select the appropriate connection type for this TAK Server.
The following prompt provides the configuration summary. Review this prompt for accuracy, select Confirm to commit all changes or select Reset Wizard to run through the TAK Wizard again.
If you selected yes to enable certificate auto-enrollment, you will be presented with an input to name this TAK Server description connection. This will be displayed on the TAK Clients as the friendly name.
If your TAK Server is public facing and has a registered Domain Name and associated record you can select yes to enter the FQDN information here. Otherwise, selecting no will use the ip address for connections.
If you selected yes that this TAK Server supports FQDN Connections, you will be asked how this TAK Server will be trusted. If you or your organization have a registered Domain Name, select Local.
Selecting Local will not create a certificate signing request as the local csr can be used or a local one be generated manually. Click here learn more about using a third-party certificate signer. By default, the TAK Server IP Address is displayed.
Selecting Let's Encrypt will utilize Let's Encrypt as the public Certificate Authority and will begin the public certificate signing request and issuance.
Before continuing with the Let's Encrypt configuration ensure that you allow TCP port 80 into your network by either enabling port forwarding in your router to the TAK Server or cloud service provider (CSP). Consult your CSP for specific instructions.
Enter the public host record for this TAK Server. This is commonly associated to the Host Record created in the Domain Name System (DNS) Server or your DNS cloud provider. Additionally, enter an email to associate this host record; by default this email will not be shared with Let's Encrypt or Certbot however is a requirement in the certificate request.
The following prompt provides the configuration summary. Review this prompt for accuracy, select Confirm to commit all changes or select Reset Wizard to run through the Let's Encrypt Wizard again.
After successful installation the local installTAK repo will delete itself since its only meant to run once. The TAK Server installation binary and dependencies will be included. Based on your responses to the TAK Setup Wizard the following files will be created in the current users Linux home directory (/home/$USER) or if root (/root).
- Certificate Auto-Enrollment
- Yes: enrollmentDP.zip
- No: caCert.p12
- webadmin.p12
Following the execution of the installTAK the webadmin.p12 is created by default. This is the TAK Server administrator certificate used to administer the TAK Server from the browser. This file needs to be copied from the TAK Server to your local workstation. Most modern operating systems come with secure shell (ssh) installed by default. If you don't feel comfortable with the command line interface (CLI) tools like WinSCP are available.
To copy files from Linux using SCP run the following command:
Syntax: scp @:~/webadmin.p12
scp [email protected]:~/webadmin.p12 .Note: There is a period (.) and a space following the .p12 file extension. This denotes the current working directory the terminal/shell is in.
# [Windows] This will copy the webadmin.p12 to the current user's downloads directory
scp [email protected]:~/webadmin.p12 %userprofile%\Downloads