Skip to main content

Overview

FreeTAKServer provides multiple network services for TAK clients and applications:
  • TCP CoT Service: Unencrypted Cursor on Target message service
  • SSL CoT Service: TLS-encrypted Cursor on Target message service
  • REST API Service: RESTful HTTP API for programmatic access
  • HTTP TAK API Service: HTTP endpoint for TAK protocol operations
  • HTTPS TAK API Service: Secure HTTPS endpoint for TAK protocol operations
Each service can be configured independently through MainConfig settings.

TCP CoT Service

The TCP CoT service handles unencrypted TAK Cursor on Target (CoT) messages over TCP.

Configuration

CoTServicePort
integer
default:"8087"
TCP port for unencrypted CoT connectionsEnvironment variable: FTS_COT_PORTYAML: Addresses.FTS_COT_PORT
DataReceptionBuffer
integer
default:"1024"
Buffer size in bytes for receiving CoT data from clientsEnvironment variable: FTS_DATA_RECEPTION_BUFFERYAML: System.FTS_DATA_RECEPTION_BUFFER
MaxReceptionTime
integer
default:"4"
Maximum time in seconds to wait for data reception before timeoutEnvironment variable: FTS_MAX_RECEPTION_TIMEYAML: System.FTS_MAX_RECEPTION_TIME

Service Constants

Defined in FreeTAKServer/services/tcp_cot_service/configuration/tcp_cot_service_constants.py: 
SERVICE_NAME = 'tcp_cot_service'
XML = 'XML'
DATA_RECEPTION_BUFFER_SIZE = 1024

Message Types

  • SEND_TO_ALL (0): Broadcast message to all connected clients
  • SEND_TO_SOME (1): Send message to specific clients

Example Configuration

YAML: 
Addresses:
  FTS_COT_PORT: 8087

System:
  FTS_DATA_RECEPTION_BUFFER: 2048
  FTS_MAX_RECEPTION_TIME: 5
Environment Variables: 
export FTS_COT_PORT=8087
export FTS_DATA_RECEPTION_BUFFER=2048
export FTS_MAX_RECEPTION_TIME=5

Client Connection

TAK clients connect to the TCP CoT service using:
  • Protocol: TCP
  • Host: Server IP address
  • Port: CoTServicePort (default 8087)
  • Encryption: None
The TCP CoT service transmits data unencrypted. Use only in trusted networks or for testing. For production deployments, use the SSL CoT service instead.

SSL CoT Service

The SSL CoT service handles TLS-encrypted TAK Cursor on Target messages.

Configuration

SSLCoTServicePort
integer
default:"8089"
TCP port for SSL/TLS encrypted CoT connectionsEnvironment variable: FTS_SSLCOT_PORTYAML: Addresses.FTS_SSLCOT_PORT
keyDir
string
default:"/opt/fts/certs/server.key"
Path to server private key fileEnvironment variable: FTS_SERVER_KEYDIRYAML: Certs.FTS_SERVER_KEYDIR
pemDir
string
default:"/opt/fts/certs/server.pem"
Path to server certificate file (PEM format)Environment variable: FTS_SERVER_PEMDIRYAML: Certs.FTS_SERVER_PEMDIR
CA
string
default:"/opt/fts/certs/ca.pem"
Path to Certificate Authority (CA) certificateEnvironment variable: FTS_CADIRYAML: Certs.FTS_CADIR
CAkey
string
default:"/opt/fts/certs/ca.key"
Path to Certificate Authority private keyEnvironment variable: FTS_CAKEYDIRYAML: Certs.FTS_CAKEYDIR
password
string
default:"supersecret"
Password for client certificate generationEnvironment variable: FTS_CLIENT_CERT_PASSWORDYAML: Certs.FTS_CLIENT_CERT_PASSWORD
unencryptedKey
string
default:"/opt/fts/certs/server.key.unencrypted"
Path to unencrypted server key (used internally)Environment variable: FTS_UNENCRYPTED_KEYDIRYAML: Certs.FTS_UNENCRYPTED_KEYDIR
p12Dir
string
default:"/opt/fts/certs/server.p12"
Path to PKCS#12 format certificate bundleEnvironment variable: FTS_SERVER_P12DIRYAML: Certs.FTS_SERVER_P12DIR

Service Constants

Defined in FreeTAKServer/services/ssl_cot_service/configuration/ssl_cot_service_constants.py: 
SERVICE_NAME = 'ssl_cot_service'
XML = "XML"
DATA_RECEPTION_BUFFER_SIZE = 1024

SSL/TLS Settings

From FreeTAKServer/core/configuration/ReceiveConnectionsConstants.py:
  • WRAP_SSL_TIMEOUT: 1.0 seconds
  • SSL_SOCK_TIMEOUT: 60 seconds

Example Configuration

YAML: 
Addresses:
  FTS_SSLCOT_PORT: 8089

Certs:
  FTS_SERVER_KEYDIR: "/opt/fts/certs/server.key"
  FTS_SERVER_PEMDIR: "/opt/fts/certs/server.pem"
  FTS_CADIR: "/opt/fts/certs/ca.pem"
  FTS_CAKEYDIR: "/opt/fts/certs/ca.key"
  FTS_CLIENT_CERT_PASSWORD: "your-secure-password"
Environment Variables: 
export FTS_SSLCOT_PORT=8089
export FTS_SERVER_KEYDIR="/opt/fts/certs/server.key"
export FTS_SERVER_PEMDIR="/opt/fts/certs/server.pem"
export FTS_CADIR="/opt/fts/certs/ca.pem"

Client Connection

TAK clients connect to the SSL CoT service using:
  • Protocol: TCP with TLS
  • Host: Server IP address
  • Port: SSLCoTServicePort (default 8089)
  • Encryption: TLS with client certificate authentication
  • Client Certificate: Required (generated by FTS or TAK Server)
Use the SSL CoT service for production deployments to ensure encrypted communications and client certificate authentication.

REST API Service

The REST API provides programmatic HTTP access to FreeTAKServer functionality.

Configuration

APIPort
integer
default:"19023"
Port for the REST API serviceEnvironment variable: FTS_API_PORTYAML: Addresses.FTS_API_PORT
APIIP
string
default:"0.0.0.0"
IP address for the REST API service to bind toEnvironment variable: FTS_API_ADDRESSYAML: Addresses.FTS_API_ADDRESS
OptimizeAPI
boolean
default:"true"
Enable API optimizations for better performanceEnvironment variable: FTS_OPTIMIZE_APIYAML: System.FTS_OPTIMIZE_API

Authentication

The REST API uses Bearer token authentication with HTTPTokenAuth. From FreeTAKServer/services/rest_api_service/controllers/authentication.py: 
from flask_httpauth import HTTPTokenAuth

auth = HTTPTokenAuth(scheme='Bearer')
Tokens are validated against:
  • APIUser table for API users
  • SystemUser table for system users
Successful authentication logs API calls to the database with:
  • User ID
  • Timestamp
  • Request content
  • Endpoint URL

API Endpoints

The REST API provides blueprints for:
  • Data Packages: Upload and manage data packages
  • Emergencies: Create and manage emergency notifications
  • ExCheck: Checklist management
  • GeoObjects: Create and manage geographic objects
  • Missions: Mission planning and coordination
  • User Management: User administration

Example Configuration

YAML: 
Addresses:
  FTS_API_PORT: 19023
  FTS_API_ADDRESS: "0.0.0.0"

System:
  FTS_OPTIMIZE_API: true
Environment Variables: 
export FTS_API_PORT=19023
export FTS_API_ADDRESS="0.0.0.0"
export FTS_OPTIMIZE_API=true

API Usage

# Authenticate and get token
curl -X POST http://server-ip:19023/api/login \
  -H "Content-Type: application/json" \
  -d '{"username":"admin","password":"password"}'

# Use token for authenticated requests
curl -X GET http://server-ip:19023/api/users \
  -H "Authorization: Bearer YOUR_TOKEN_HERE"

Default Values

From FreeTAKServer/core/configuration/RestAPIVariables.py: 
defaultGeoObjectTimeout = 300  # seconds
defaultPresenceTimeout = 500   # seconds
defaultPresenceType = "a-f-G-U-C-I"

HTTP TAK API Service

HTTP endpoint for TAK protocol operations (unencrypted).

Configuration

HTTPTakAPIPort
integer
default:"8080"
HTTP port for TAK API serviceEnvironment variable: FTS_HTTP_TAK_API_PORT

Endpoints

The HTTP TAK API service provides:
  • Enterprise Sync: Data synchronization for TAK clients
  • Missions: Mission management
  • ExCheck: Checklist operations
  • CITRAP: Critical Infrastructure TAK Reporting and Analysis Platform
  • Misc: Various utility endpoints

Example Configuration

Environment Variables: 
export FTS_HTTP_TAK_API_PORT=8080
The HTTP TAK API transmits data unencrypted. Use only in trusted networks. For production, use the HTTPS TAK API service.

HTTPS TAK API Service

Secure HTTPS endpoint for TAK protocol operations.

Configuration

HTTPSTakAPIPort
integer
default:"8443"
HTTPS port for secure TAK API serviceEnvironment variable: FTS_HTTPS_TAK_API_PORT
Certificate configuration is shared with the SSL CoT service (see SSL CoT Service section).

Example Configuration

YAML: 
Addresses:
  FTS_HTTPS_TAK_API_PORT: 8443

Certs:
  FTS_SERVER_KEYDIR: "/opt/fts/certs/server.key"
  FTS_SERVER_PEMDIR: "/opt/fts/certs/server.pem"
Environment Variables: 
export FTS_HTTPS_TAK_API_PORT=8443
export FTS_SERVER_KEYDIR="/opt/fts/certs/server.key"
export FTS_SERVER_PEMDIR="/opt/fts/certs/server.pem"

Data Package Service

Configuration for the data package distribution service.

Configuration

DataPackageServiceDefaultIP
string
default:"auto-detected"
IP address used for data package URLs. Must be set correctly for private data packages to work.Environment variable: FTS_DP_ADDRESSYAML: Addresses.FTS_DP_ADDRESS
DataPackageFilePath
string
default:"/opt/fts/FreeTAKServerDataPackageFolder"
Directory for storing uploaded data packagesEnvironment variable: FTS_DATAPACKAGE_PATHYAML: Filesystem.FTS_DATAPACKAGE_PATH

Constants

From FreeTAKServer/core/configuration/DataPackageServerConstants.py: 
DATABASE = 'FreeTAKServerDataPackageDataBase.db'
APIPORT = '8080'
DEFAULTRETURN = 'other'
DATA PACKAGEFOLDER = 'FreeTAKServerDataPackageFolder'
HTTPDEBUG = False
HTTPMETHODS = ['POST', 'GET', 'PUT']
IP = "0.0.0.0"

Example Configuration

YAML: 
Addresses:
  FTS_DP_ADDRESS: "192.168.1.100"  # Your server's IP

Filesystem:
  FTS_DATAPACKAGE_PATH: "/opt/fts/FreeTAKServerDataPackageFolder"
Set DataPackageServiceDefaultIP to your server’s public IP or domain name. TAK clients use this address to download data packages.

Federation Service

Configuration for federating with other TAK servers.

Configuration

FederationPort
integer
default:"9000"
Port for federation service connectionsEnvironment variable: FTS_FED_PORTYAML: Addresses.FTS_FED_PORT
federationCert
string
default:"/opt/fts/certs/server.pem"
Certificate for federation connectionsEnvironment variable: FTS_FEDERATION_CERTDIRYAML: Certs.FTS_FEDERATION_CERTDIR
federationKey
string
default:"/opt/fts/certs/server.key"
Private key for federation connectionsEnvironment variable: FTS_FEDERATION_KEYDIRYAML: Certs.FTS_FEDERATION_KEYDIR
federationKeyPassword
string
default:"defaultpass"
Password for the federation keyEnvironment variable: FTS_FEDERATION_KEYPASSYAML: Certs.FTS_FEDERATION_KEYPASS

Example Configuration

YAML: 
Addresses:
  FTS_FED_PORT: 9000

Certs:
  FTS_FEDERATION_CERTDIR: "/opt/fts/certs/federation.pem"
  FTS_FEDERATION_KEYDIR: "/opt/fts/certs/federation.key"
  FTS_FEDERATION_KEYPASS: "secure-password"

Service Management

Starting Services

Services are typically started together when launching FreeTAKServer: 
python -m FreeTAKServer.controllers.Orchestrator

Service Status

Default service status values from RestAPIVariables.py: 
defaultCoTIP = '0.0.0.0'
defaultCoTPort = 15777
defaultCoTStatus = 'start'

defaultSSLCoTIP = '0.0.0.0'
defaultSSLCoTPort = 15778
defaultSSLCoTStatus = 'start'

defaultDataPackageIP = '0.0.0.0'
defaultDataPackagePort = 8080
defaultDataPackageStatus = 'start'

REST API Control

Services can be controlled via the REST API: 
# Check server status
curl -X GET http://server-ip:19023/api/status \
  -H "Authorization: Bearer YOUR_TOKEN"

# Start all services
curl -X POST http://server-ip:19023/api/start_all \
  -H "Authorization: Bearer YOUR_TOKEN"

# Stop all services
curl -X POST http://server-ip:19023/api/stop_all \
  -H "Authorization: Bearer YOUR_TOKEN"

Complete Service Configuration Example

System:
  FTS_NODE_ID: "production-fts-01"
  FTS_OPTIMIZE_API: true
  FTS_DATA_RECEPTION_BUFFER: 2048
  FTS_MAX_RECEPTION_TIME: 5

Addresses:
  # CoT Services
  FTS_COT_PORT: 8087
  FTS_SSLCOT_PORT: 8089
  
  # TAK API Services
  FTS_HTTP_TAK_API_PORT: 8080
  FTS_HTTPS_TAK_API_PORT: 8443
  
  # REST API
  FTS_API_PORT: 19023
  FTS_API_ADDRESS: "0.0.0.0"
  
  # Federation
  FTS_FED_PORT: 9000
  
  # Data Packages
  FTS_DP_ADDRESS: "your-server-ip"
  FTS_USER_ADDRESS: "your-server-ip"

Certs:
  FTS_SERVER_KEYDIR: "/opt/fts/certs/server.key"
  FTS_SERVER_PEMDIR: "/opt/fts/certs/server.pem"
  FTS_CADIR: "/opt/fts/certs/ca.pem"
  FTS_CAKEYDIR: "/opt/fts/certs/ca.key"
  FTS_CLIENT_CERT_PASSWORD: "secure-password"
  FTS_FEDERATION_CERTDIR: "/opt/fts/certs/federation.pem"
  FTS_FEDERATION_KEYDIR: "/opt/fts/certs/federation.key"
  FTS_FEDERATION_KEYPASS: "federation-password"

Filesystem:
  FTS_DATAPACKAGE_PATH: "/opt/fts/FreeTAKServerDataPackageFolder"

Best Practices

Always use encrypted services (SSL CoT, HTTPS TAK API) for production deployments to protect sensitive tactical data.
Configure DataPackageServiceDefaultIP and UserConnectionIP to match the IP address or domain name that clients use to connect.
  • Use SSL/TLS services for production environments
  • Keep certificate files secure with appropriate filesystem permissions
  • Regularly rotate certificates and passwords
  • Monitor service logs for connection issues
  • Use different ports for each service to avoid conflicts
  • Configure firewalls to allow only necessary service ports
  • Set appropriate buffer sizes based on your network conditions
  • Use the REST API for automated monitoring and management

Build docs developers (and LLMs) love

Get started for freeTalk to us