Preamble
AccessData applications work with providing Map functionality to display Geo-Location EXIF data. This is provided by connecting to the Cloud based online Open Street Map Server URL by default.
Some customers have a requirement that their Forensic Solution is to have them air gapped or configured to not have access to the internet in order to utilize the Geo-Tagged EXIF data functionality. The purpose of the KB is to outline the installation of a solution that can be used on-premise. At the time of writing all our applications only use Rasterization to display EXIF data (when processed) on a map location. Our tools do not support tiles, json etc. at this stage.
The use of Reverse Proxy is only required should the Exterro web Service has been configured with the use HTTPS key set to true. If this key is set to false then you don't not require the use of reverse proxy and you can use the map server over standard HTTP.
To check whether or not the Exterro Service is configured to use HTTP or HTTPS check the https key in the following file
C:\Program Files\AccessData\Forensic Tools\7.5\bin\ADG.WeblabSelfHost.exe.config
Example Below means HTTPS is required, and therefore one would be required to follow this guide in order to set-up the reverse-proxy. i.e. you will require reverse-proxy
Note: Currently Reverse Proxy is only required for On-Premise mapserver use with FTK-Central, FTK-Plus doesn't have that requirement in 7.5.1-127 . This may change in future as well.
<add key="https" value="true" />
The key set to false as in the example below means that one is using HTTP for the web service and therefore no reverse-proxy will be required in order to use the mapserver over HTTP. i.e You DO NOT require reverse-proxy
<add key="https" value="false" />
Important to Note
Please be aware that installation of a MapTiler server is the responsibility of the client, if we assist then the customer should be charged for hours spent. There is also a requirement of the customer to purchase the Maps they intend to use directly from MapTiler, AccessData or Exterro do not sell licenses or the map data provided by MapTiler.
Requirements, a computer with Internet access, this doesn't necessarily need to be the MapTiler itself, but you require internet access in-order to download the MapTiler installer. You will need to either download Apache or Nginx should you wish to use HTTPS for map data
Related KB's
Offline Map Visualization Configuration
Installing Local(On-Prem) Map-Server On Linux VM-Using Docker
Useful resources
MapTiler Support Page and FAQ's
Apache:
Requirements
1) Apache 2.4.x OpenSSL 1.1.1 VC15 64 Bit Version = Apache 2.4.17 x64
2) Microsoft Visual C++ 2012 Redistributable
Steps:
1) First you need to download Apache, Below is the link to Apache Website. Or you can download it from a trusted local repository such as Apache Haus
Apache Download
Apache Haus Download
2) Unpack the archive, if you unpacked it in Download copy the Apache24 Folder to the location where you will running it from. This example we are placing it directly on the C drive
C:\Apache24\
3) Generating the SSL keys and certificate. Navigate to the Apache directory where it was copied to.
cd c:\Apache24\bin
4) On the command prompt as an administrator user, run the following command. NB: Remember the passphrase as this is required in future. You will need to complete the different sections.
openssl req -config c:\Apache24\conf\openssl.cnf -new -out c:\Apache24\conf\ssl\my-server.csr
The above command generate two files
c:\Apache24\conf\ssl\my-server.csr c:\Apache24\bin\privkey.pem
5) On the command prompt, run the following command to generate the server key and follow the prompts
openssl rsa -in c:\Apache24\bin\privkey.pem -out c:\Apache24\conf\ssl\my-server.key
The following file will be generated
c:\Apache24\conf\ssl\my-server.key
6) On the command prompt, run the following command
openssl x509 -req -in c:\Apache24\conf\ssl\my-server.csr -out c:\Apache24\conf\ssl\my-server.cert -signkey c:\Apache24\conf\ssl\my-server.key -days 365
This will create the following file
c:\Apache24\conf\ssl\my-server.cert
7) Summary of files created from the above steps
c:\Apache24\conf\ssl\my-server.csr c:\Apache24\bin\privkey.pem c:\Apache24\conf\ssl\my-server.key c:\Apache24\conf\ssl\my-server.cert
Configure Apache httpd
1) On the MapTilerServer edit C:\Apache24\conf\httpd.conf
In order to comment out a line in httpd.conf place a # symbol at the beginning of the line being edited In order to uncomment a line in httpd.conf remove the # symbol at the beginning of the line being edited
2) locate this line and place a comment at beginning of the line
#Listen 80
eg
3) Locate and uncomment (remove the hash) the following lines
LoadModule headers_module modules/mod_headers.so LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
eq
.
4) Find and Modify the DNS or IP Address change to port 443
ServerName DNS_NAME_OF_SERVER:443
eg
5) Add Reverse Proxy section with Certificates generated in the steps above
Listen 443 https ServerName DNS_NAME_OF_SERVER SSLEngine on SSLProxyEngine on SSLCertificateFile "C:\Apache24\conf\ssl\my-server.cert" SSLCertificateKeyFile "C:\Apache24\conf\ssl\my-server.key" SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off ProxyPass / http://DNS_OR_IP_OF_SERVER:3650/ ProxyPassReverse / http://DNS_OR_IP_OF_SERVER:3650/ ProxyPass /api/maps/basic/ http://DNS_OR_IP_OF_SERVER:3650/api/maps/basic/ ProxyPassReverse / http://DNS_OR_IP_OF_SERVER:3650/api/maps/basic/ RewriteEngine on
eg
6) Also need to remove configuration from C:\Apache24\conf\extra\httpd-ahssl.conf otherwise Apache thinks you are trying to bind both configuration files to the same 443 port which will cause it to fail on checking and start-up
Comment out:
Listen 443 https
example
7) Also comment out all of the following lines:
SSLEngine on
ServerName localhost:443
SSLCertificateFile "${SRVROOT}/conf/ssl/server.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/server.key"
DocumentRoot "${SRVROOT}/htdocs"
# DocumentRoot access handled globally in httpd.conf
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Options Indexes Includes FollowSymLinks
AllowOverride AuthConfig Limit FileInfo
Require all granted
Example
8) Start and test reverse HTTPS
cd c:\Apache24\bin
9) Check the syntax of the configuration file, correct any issues prior to progressing to the next step
httpd -t
eg
10) Start httpd daemon. Give it a couple of minutes to ensure it starts.
httpd
11) Test resolving the URL using HTTPS and the server name
https://DNS_OR_IP_OF_SERVER
eg
12) Once you are happy and wish to add Apache as a service to start automatically. Change to the Apache bin directory c:\Apache24\bin
cd c:\Apache24\bin
13) Execute the following command to enable auto start-up. NOTE: you need to kill the httpd daemon if running already the install will generate errors as the services is already bound to the port
httpd -k install
14) if the services add was successful you will see it in the services, here you can start the services. If anything is not correct in the httpd.config file
NGINX:
1) Download NGINX for Windows
2) Unpack the archive, if you unpacked it in Download copy the Apache24 Folder to the location where you will running it from. This example we are placing it directly on the C drive
C:\nginx-1.21.0
3) Generating the SSL keys and certificate. Navigate to the Apache directory where it was copied to.
cd C:\nginx-1.21.0
4) On the command prompt as an administrator user, run the following command. NB: Remember the passphrase as this is required in future. You will need to complete the different sections.
openssl req -config c:\nginx-1.21.0\ssl\openssl.cnf -new -out c:\nginx-1.21.0\ssl\my-server.csr
The above command generate two files
c:\nginx-1.21.0\ssl\my-server.csr c:\nginx-1.21.0\ssl\privkey.pem
5) On the command prompt, run the following command to generate the server key and follow the prompts
openssl rsa -in c:\nginx-1.21.0\ssl\privkey.pem -out c:\nginx-1.21.0\ssl\my-server.key
The following file will be generated
c:\nginx-1.21.0\ssl\my-server.key
6) On the command prompt, run the following command
openssl x509 -req -in c:\nginx-1.21.0\ssl\my-server.csr -out c:\nginx-1.21.0\ssl\my-server.cert -signkey c:\nginx-1.21.0\ssl\my-server.key -days 365
This will create the following file
c:\nginx-1.21.0\ssl\my-server.cert
7) Summary of files created from the above steps
c:\nginx-1.21.0\ssl\my-server.csr c:\nginx-1.21.0\ssl\privkey.pem c:\nginx-1.21.0\ssl\my-server.key c:\nginx-1.21.0\ssl\my-server.cert
Configure NGINX
Need to make the configuration changes to the NGINX config file (nginx.conf) to use HTTPS and not HTTP (default), remember to create a backup file before making any changes
C:\nginx-1.21.0\conf\nginx.conf
1) Need to comment out the entire section for use with Port 80
Default file prior to commenting out anything
eg
Eg section commented out, pay attention to the parenthesis, the entire section needs to be commented
2) Add the following lines to HHTP Server section this section is commented out by default.
Default view
Eg of what the uncommented and edited section looks like, you need to add the server address, in this example I have just used the loopback, also need to specify the Certificate location, in the example below I used the location of the Apache certificates that were generated at the top of this KB.
3) Testing configuration file, first change to the NGINX directory
cd nginx-1.21.0
4) Test the syntax of the configuration file
nginx -t
eg
5) Start nginx daemon/executable
nginx
6) Running as a service. Currently NGINX doesn't allow users to configure the Windows service using the nginx.exe.