diff --git a/CoreConfig.xml b/CoreConfig.xml
index 80e8ca3..a64aa9e 100644
--- a/CoreConfig.xml
+++ b/CoreConfig.xml
@@ -17,7 +17,7 @@
-
+
diff --git a/docker/amd64/Dockerfile.takserver-db b/docker/amd64/Dockerfile.takserver-db
index b50a38b..02ee596 100644
--- a/docker/amd64/Dockerfile.takserver-db
+++ b/docker/amd64/Dockerfile.takserver-db
@@ -1,8 +1,8 @@
-FROM postgres:14.4
+FROM postgres:15
# this is slow - updates all packages
-RUN apt-get update && apt install -y postgresql-14-postgis-3
+RUN apt-get update && apt install -y postgresql-15-postgis-3
ENTRYPOINT ["/bin/bash", "-c", "/opt/tak/db-utils/configureInDocker.sh"]
diff --git a/docker/arm64/Dockerfile.takserver-db b/docker/arm64/Dockerfile.takserver-db
index cdefedd..ac54d18 100644
--- a/docker/arm64/Dockerfile.takserver-db
+++ b/docker/arm64/Dockerfile.takserver-db
@@ -1,6 +1,6 @@
-FROM postgres:14.4
+FROM postgres:15
# this is slow - updates all packages
-RUN apt-get update && apt install -y postgresql-14-postgis-3
+RUN apt-get update && apt install -y postgresql-15-postgis-3
-ENTRYPOINT ["/opt/tak/db-utils/configureInDocker.sh"]
\ No newline at end of file
+ENTRYPOINT ["/opt/tak/db-utils/configureInDocker.sh"]
diff --git a/scripts/certDP.sh b/scripts/certDP.sh
index 5dd4c3b..4dad342 100755
--- a/scripts/certDP.sh
+++ b/scripts/certDP.sh
@@ -15,13 +15,13 @@ echo "" > server.pref
echo "" >> server.pref
echo " " >> server.pref
echo " 1" >> server.pref
-echo " TAK Server (https://github.com/Cloud-RF/tak-server)" >> server.pref
+echo " TAK Server" >> server.pref
echo " true" >> server.pref
echo " $IP:8089:ssl" >> server.pref
echo " " >> server.pref
echo " " >> server.pref
echo " true" >> server.pref
-echo " cert/takserver.p12" >> server.pref
+echo " cert/$IP.p12" >> server.pref
echo " atakatak" >> server.pref
echo " atakatak" >> server.pref
echo " cert/$USER.p12" >> server.pref
@@ -38,12 +38,12 @@ echo " " >> manifest.xml
echo " " >> manifest.xml
echo " " >> manifest.xml
echo " " >> manifest.xml
-echo " " >> manifest.xml
-echo " " >> manifest.xml
-echo " " >> manifest.xml
+echo " " >> manifest.xml
+echo " " >> manifest.xml
+echo " " >> manifest.xml
echo " " >> manifest.xml
echo "" >> manifest.xml
-zip -j tak/certs/files/$USER-$IP.dp.zip manifest.xml server.pref tak/certs/files/takserver.p12 tak/certs/files/$USER.p12
+zip -j tak/certs/files/$USER-$IP.dp.zip manifest.xml server.pref tak/certs/files/$IP.p12 tak/certs/files/$USER.p12
echo "-------------------------------------------------------------"
-echo "Created certificate data package for $USER @ $IP as tak/certs/files/$USER-$IP.dp.zip"
\ No newline at end of file
+echo "Created certificate data package for $USER @ $IP as tak/certs/files/$USER-$IP.dp.zip"
diff --git a/scripts/cleanup.sh b/scripts/cleanup.sh
index f86e17c..cdba101 100755
--- a/scripts/cleanup.sh
+++ b/scripts/cleanup.sh
@@ -12,3 +12,7 @@ $DOCKER_COMPOSE down
docker volume rm --force tak-server_db_data
rm -rf tak
rm -rf /tmp/takserver
+
+# Comment me out to save yourself rebuilding........
+docker image rm tak-server_db --force
+docker image rm tak-server_tak --force
diff --git a/scripts/configureInDocker1.sh b/scripts/configureInDocker1.sh
index 4f0b650..4811aef 100755
--- a/scripts/configureInDocker1.sh
+++ b/scripts/configureInDocker1.sh
@@ -3,7 +3,8 @@
# Added for 4.7 REL 18 where they broke DB auth with TCP/IP hardening
# Commented out when they relaxed it in REL 4.7 20 because folks docker systems stopped working..
# Re-added for 4.8 REL 31 because they got hard again. I can do this all day.
-sed -i 's/127.0.0.1\/32/0.0.0.0\/0/g' /opt/tak/db-utils/pg_hba.conf
+# Now using a flexible docker /8 range
+sed -i 's/127.0.0.1\/32/172.0.0.0\/8/g' /opt/tak/db-utils/pg_hba.conf
# Removed inline options because these belong in postgres.conf
if [ -f "/var/lib/postgresql/data/postgresql.conf" ];
@@ -12,15 +13,15 @@ then
rm -f /var/lib/postgresql/data/postmaster.pid
echo "listen_addresses='*'" >> /var/lib/postgresql/data/postgresql.conf
cp /opt/tak/db-utils/pg_hba.conf /var/lib/postgresql/data/pg_hba.conf
- su - postgres -c "/usr/lib/postgresql/14/bin/pg_ctl -D /var/lib/postgresql/data -l logfile start"
+ su - postgres -c "/usr/lib/postgresql/15/bin/pg_ctl -D /var/lib/postgresql/data -l logfile start"
else
echo "-------NO DB-------"
chown postgres:postgres /var/lib/postgresql/data
- su - postgres -c '/usr/lib/postgresql/14/bin/pg_ctl initdb -D /var/lib/postgresql/data'
+ su - postgres -c '/usr/lib/postgresql/15/bin/pg_ctl initdb -D /var/lib/postgresql/data'
cp /opt/tak/db-utils/pg_hba.conf /var/lib/postgresql/data/pg_hba.conf
- su - postgres -c "/usr/lib/postgresql/14/bin/pg_ctl -D /var/lib/postgresql/data -l logfile start"
+ su - postgres -c "/usr/lib/postgresql/15/bin/pg_ctl -D /var/lib/postgresql/data -l logfile start"
cd /opt/tak/db-utils
./configure.sh
diff --git a/scripts/setup.sh b/scripts/setup.sh
index 341f64e..14a1240 100755
--- a/scripts/setup.sh
+++ b/scripts/setup.sh
@@ -214,6 +214,8 @@ chown -R $USER:$USER tak
cp ./scripts/configureInDocker1.sh ./tak/db-utils/configureInDocker.sh
cp ./postgresql1.conf ./tak/postgresql.conf
cp ./scripts/takserver-setup-db-1.sh ./tak/db-utils/takserver-setup-db.sh
+
+# This config uses a docker alias of postgresql://tak-database:5432/
cp ./CoreConfig.xml ./tak/CoreConfig.xml
## Set admin username and password and ensure it meets validation criteria
@@ -231,8 +233,18 @@ IP=$(ip addr show $NIC | grep -m 1 "inet " | awk '{print $2}' | cut -d "/" -f1)
printf $info "\nProceeding with IP address: $IP\n"
sed -i "s/password=\".*\"/password=\"${pgpassword}\"/" tak/CoreConfig.xml
+# Replaces HOSTIP for rate limiter and Fed server. Database URL is a docker alias of tak-database
sed -i "s/HOSTIP/$IP/g" tak/CoreConfig.xml
+# Replaces takserver.jks with $IP.jks
+sed -i "s/takserver.jks/$IP.jks/g" tak/CoreConfig.xml
+
+# Better memory allocation:
+# By default TAK server allocates memory based upon the *total* on a machine.
+# In the real world, people not on a gov budget use a server for more than one thing.
+# Instead we allocate memory based upon the available memory so this still scales, but you can run it on a smaller budget
+sed -i "s/MemTotal/MemFree/g" tak/setenv.sh
+
## Set variables for generating CA and client certs
printf $warning "SSL setup. Hit enter (x3) to accept the defaults:\n"
read -p "State (for cert generation). Default [state] :" state
@@ -276,10 +288,10 @@ while :
do
sleep 10 # let the PG stderr messages conclude...
printf $warning "------------CERTIFICATE GENERATION--------------\n"
- $DOCKER_COMPOSE exec tak bash -c "cd /opt/tak/certs && ./makeRootCa.sh --ca-name LOL"
+ $DOCKER_COMPOSE exec tak bash -c "cd /opt/tak/certs && ./makeRootCa.sh --ca-name CRFtakserver"
if [ $? -eq 0 ];
then
- $DOCKER_COMPOSE exec tak bash -c "cd /opt/tak/certs && ./makeCert.sh server takserver"
+ $DOCKER_COMPOSE exec tak bash -c "cd /opt/tak/certs && ./makeCert.sh server $IP"
if [ $? -eq 0 ];
then
$DOCKER_COMPOSE exec tak bash -c "cd /opt/tak/certs && ./makeCert.sh client $user"
@@ -305,6 +317,7 @@ cd tak/certs
./makeCert.sh client user1
./makeCert.sh client user2
+
# Make 2 data packages
cd ../../
./scripts/certDP.sh $IP user1
diff --git a/scripts/takserver-setup-db-1.sh b/scripts/takserver-setup-db-1.sh
index 64322e4..ebbd31b 100755
--- a/scripts/takserver-setup-db-1.sh
+++ b/scripts/takserver-setup-db-1.sh
@@ -17,7 +17,7 @@
# if [ "x$DB_EXISTS" != "x" ]; then
# sed -i 's/127.0.0.1\/32/0.0.0.0\/0/g' /opt/tak/db-utils/pg_hba.conf
# cp /opt/tak/db-utils/pg_hba.conf /var/lib/postgresql/data/pg_hba.conf
-# su - postgres -c "/usr/lib/postgresql/14/bin/pg_ctl -D /var/lib/postgresql/data -l logfile restart -o '-c max_connections=2100 -c shared_buffers=2560MB'"
+# su - postgres -c "/usr/lib/postgresql/15/bin/pg_ctl -D /var/lib/postgresql/data -l logfile restart -o '-c max_connections=2100 -c shared_buffers=2560MB'"
# exit 0
# fi
@@ -52,8 +52,8 @@ fi
DB_INIT=""
# Ensure PostgreSQL is initialized.
-if [ -x /usr/lib/postgresql/14/bin/pg_ctl ]; then
- DB_INIT="/usr/lib/postgresql/14/bin/pg_ctl initdb"
+if [ -x /usr/lib/postgresql/15/bin/pg_ctl ]; then
+ DB_INIT="/usr/lib/postgresql/15/bin/pg_ctl initdb"
elif [ -x /usr/bin/postgresql-setup ]; then
DB_INIT="/usr/bin/postgresql-setup initdb"
else