FreeTAKServer-RaspberyPi-Install copied to clipboard
Instructions for installing FreeTAKServer, FreeTAKServer-UI, FreeTAKHub on RaspberryPI Ubuntu
Instructions for installing FreeTAKServer, FreeTAKServer-UI, FreeTAKHub on RaspberryPI Ubuntu.
Raspberry Pi Setup
First you will need a Raspberry Pi. Preferably Raspberry Pi 3 or higher and at least a 16GB micro sd card.
Next you will need the Raspberry Pi Imager Software.
Once that is installed, insert your micro sd into your computer and install Ubuntu from the Raspberry Pi Imager Software.
Flash Operating System
Select Choose OS
Select General Purpose
Select Ubuntu
Select Ubuntu Server 20.04.3 LTS (64-Bit)
Hook Up Raspberry Pi
Once the SD card has been flashed, plug the SD card into the Raspberry Pi and hook up the following connections:
- Ethernet
- Keyboard
- HDMI to monitor
- Power
Ubuntu Setup
Default Login:
User: ubuntu
Pass: ubuntu
Once you have the Raspberry Pi booted up follow the prompts to change the default password.
Once you have changed the password update and upgrade the system.
sudo apt update && sudo apt upgrade -y
Restart if necessary.
FreeTAK Server Setup
Install Python3 & Pip
sudo apt update && sudo apt install python3 && sudo apt install python3-pip
Next install python libraries
sudo apt install python3-dev python3-setuptools build-essential python3-gevent python3-lxml libcairo2-dev
sudo pip3 install wheel pycairo
Once you have the dependencies installed you can install FreeTAKServer
sudo python3 -m pip install FreeTAKServer[ui]
Verify the installation with
pip check FreeTakServer
Configure FTS
sudo python3 -m
Also, if you do not want the welcome message everytime you connect to FTS, update ConnectionMessage in file.
cd /usr/local/lib/python3.8/dist-packages/FreeTAKServer/controllers/configuration
sudo nano
There will be 3 instances of this that you must update
You can search for them by pressing: Ctl+w
then typing ConnectionMessage
then press enter.
After you update the first one repeat the process. Press ctl+w
and then enter (you do not have to type in ConnectionMessage
ConnectionMessage = None
FTS-UI Configuration
Navigate to the FTS-UI directory
cd /usr/local/lib/python3.8/dist-packages/FreeTAKServer-UI
Then edit:
sudo nano
Edit the following values:
IP = 'Your IP'
APPIP = 'Your IP'
Only change this value if you are using a Raspberry Pi
Then run:
cd && sudo pip3 install WTForms==2.3.3
Running FTS & FTS-UI
Setup FTS & FTS-UI as a service copy the following:
cd /etc/systemd/system
sudo nano FTS.service
Copy the following:
Description=FreeTAK Server service
ExecStart=/usr/bin/python3 -m -DataPackageIP -AutoStart True
Then do the same for FTS-UI
sudo nano FTS-UI.service
Description=FreeTAK Server UI service
ExecStart=sudo python3 /usr/local/lib/python3.8/dist-packages/FreeTAKServer-UI/
Once those are created run the following
sudo systemctl daemon-reload
This will reload the systemd service so you can start the FTS & FTS-UI service
sudo systemctl enable FTS.service && sudo systemctl enable FTS-UI.service
This will make FTS & FTS-UI start on server startup
Once you are ready to start both up run the following:
sudo service FTS start
sudo service FTS-UI start
FreeTAK-Hub Setup
Next install Node-Red
bash <(curl -sL
Follow the prompts for the Raspberry Pi install
Then run
sudo systemctl enable nodered.service
Once that completes start node-red
Navigate to the service:
Once you are on the page open a new tab and navigate to the FreeTAKHub GitHub Repo and download the flows.json.
Next you will want to import the flows.json into node-red.
Select the flows.json and import into current flow.
Next you will have to install the following dependencies.
- node-red-dashboard
- node-red-contrib-zip
- node-red-contrib-web-worldmap
- node-red-contrib-telegrambot
- node-red-contrib-multifeed-parser
Once those are installed go to web Map 2
Double click FTS Server
and update the IP to your server IP
You can also configure the TAK Map
by double clicking the TAK Map
Once everything is configured click deploy at the top right.
Wireguard VPN
To add an extra layer of security to your server you can add a Wireguard VPN to allow encrypted tunnel access.
This guide will use PiVPN for it's ease of use and ability to quickly add clients.
PiVPN Install
Use this command to quickly install PiVPN and follow the prompts
curl -L | bash
Once installed you will need to change a few things.
sudo nano /opt/pivpn/wireguard/
This line:
AllowedIPS = ", ::0/0" >> "configs/${CLIENT_NAME}.conf"
AllowedIPs = "${pivpnNET}/24" >> "configs/${CLIENT_NAME}.conf"
This will only forward ATAK/FTS traffic to the VPN. All other internet traffic will not be filtered.
Then to add clients use
pivpn -a
Once Wireguard is installed and you setup clients you will have to modify a few settings with FTS, FTS-UI & your firewall.
Your FTS/FTS-UI Ip's will have to point to the default wg0 IP address and you will have to setup the firewall rules to allow wg0 to access the specific ports that FTS, FTS-UI, and node-red/webmap are utilizing.
First you must change the IP's that FTS, & FTS UI are pointing to.
FTS Configuration
sudo nano /opt/FTSConfig.yaml
Change the following lines
- is the default IP for Wireguard)
FTS-UI Configuration
sudo nano /usr/local/lib/python3.8/dist-packages/FreeTAKServer-UI/
Change the following lines
- is the default IP for Wireguard)
IP = ''
APPIP = ''
Now FTS & FTS UI should be running on the Wireguard IP.
Nex you will have to update the firewall to allow your Wireguard IP's to access FTS
UFW should be installed already, but you can install it with:
sudo apt install ufw
Then you will need to add the following rules:
Port 51820 is the default Wireguard port. Change this if you configured your wireguard differently
sudo ufw allow 51820
This is the default ssh port. If you do not allow this port access you will not be able to ssh into your server. Also, if you changed your ssh port, update this value.
sudo ufw allow 22
The next set of rules will be for allowing clients on the wg0 interface to access all the services that FTS, FTS-UI, and FTS-Hub/Webmap uses.
sudo ufw allow in on wg0 to any port 5000
TCP connections
sudo ufw allow in on wg0 to any port 8087
SSL connections
sudo ufw allow in on wg0 to any port 8089
Certificate Enrollment API Port
sudo ufw allow in on wg0 to any port 8446
COT Data
sudo ufw allow in on wg0 to any port 19023
Insecure Server API Port
sudo ufw allow in on wg0 to any port 8000
Secure Server API Port
sudo ufw allow in on wg0 to any port 8443
sudo ufw allow in on wg0 to any port 1880
You can further restrict the access to specific ports by specifying which IP's can access the port. Instead of allowing full access from the wg0 port
sudo ufw allow in on wg0 to any port 8087 from
Once you have all the rules set type:
sudo ufw enable
Fail2Ban is also reccommended.