Preamble

AccessData applications work with providing Map functionality to display Geo-Location EXIF data. This is provided by connecting to the Cloud based online Open Street Map Server URL by default.


Some customers have a requirement that their Forensic Solution is to have them air gapped or configured to not have access to the internet in order to utilize the Geo-Tagged EXIF data functionality. The purpose of the KB is to outline the installation of a solution that can be used on-premise. At the time of writing all our applications only use Rasterization to display EXIF data (when processed) on a map location. Our tools do not support tiles, json etc. at this stage.


The use of Reverse Proxy is only required should the Exterro web Service has been configured with the use HTTPS key set to true. If this key is set to false then you don't not require the use of reverse proxy and you can use the map server over standard HTTP.


To check whether or not the Exterro Service is configured to use HTTP or HTTPS check the https key in the following file

C:\Program Files\AccessData\Forensic Tools\7.5\bin\ADG.WeblabSelfHost.exe.config

Example Below means HTTPS is required, and therefore one would be required to follow this guide in order to set-up the reverse-proxy. i.e. you will require reverse-proxy


Note: Currently Reverse Proxy is only required for On-Premise mapserver use with FTK-Central, FTK-Plus doesn't have that requirement in 7.5.1-127 . This may change in future as well.

<add key="https" value="true" />

The key set to false as in the example below means that one is using HTTP for the web service and therefore no reverse-proxy will be required in order to use the mapserver over HTTP. i.e You DO NOT require reverse-proxy

<add key="https" value="false" />

Important to Note

Please be aware that installation of a MapTiler server is the responsibility of the client, if we assist then the customer should be charged for hours spent. There is also a requirement of the customer to purchase the Maps they intend to use directly from MapTiler, AccessData or Exterro do not sell licenses or the map data provided by MapTiler. 


Requirements, a computer with Internet access, this doesn't necessarily need to be the MapTiler itself, but you require internet access in-order to download the MapTiler installer. You will need to either download Apache or Nginx should you wish to use HTTPS for map data


Related KB's

On-Prem MapTiler Server

Offline Map Visualization Configuration

Installing Local(On-Prem) Map-Server On Linux VM-Using Docker


Useful resources

MapTiler Support Page and FAQ's


Apache:

Requirements
1) Apache 2.4.x OpenSSL 1.1.1 VC15 64 Bit Version = Apache 2.4.17 x64

2) Microsoft Visual C++ 2012 Redistributable

Steps:

1) First you need to download Apache, Below is the link to Apache Website. Or you can download it from a trusted local repository such as Apache Haus

Apache Download
Apache Haus Download

2) Unpack the archive, if you unpacked it in Download copy the Apache24 Folder to the location where you will running it from. This example we are placing it directly on the C drive

C:\Apache24\

3) Generating the SSL keys and certificate. Navigate to the Apache directory where it was copied to.

cd c:\Apache24\bin

4) On the command prompt as an administrator user, run the following command. NB: Remember the passphrase as this is required in future. You will need to complete the different sections.

openssl req -config c:\Apache24\conf\openssl.cnf -new -out c:\Apache24\conf\ssl\my-server.csr

The above command generate two files

c:\Apache24\conf\ssl\my-server.csr
c:\Apache24\bin\privkey.pem

5) On the command prompt, run the following command to generate the server key and follow the prompts

openssl rsa -in c:\Apache24\bin\privkey.pem -out c:\Apache24\conf\ssl\my-server.key

The following file will be generated

c:\Apache24\conf\ssl\my-server.key

6) On the command prompt, run the following command

openssl x509 -req -in c:\Apache24\conf\ssl\my-server.csr -out c:\Apache24\conf\ssl\my-server.cert -signkey c:\Apache24\conf\ssl\my-server.key -days 365

This will create the following file

c:\Apache24\conf\ssl\my-server.cert

7) Summary of files created from the above steps

c:\Apache24\conf\ssl\my-server.csr
c:\Apache24\bin\privkey.pem
c:\Apache24\conf\ssl\my-server.key
c:\Apache24\conf\ssl\my-server.cert

Configure Apache httpd

1) On the MapTilerServer edit C:\Apache24\conf\httpd.conf

In order to comment out a line in httpd.conf place a # symbol at the beginning of the line being edited
In order to uncomment a line in httpd.conf remove the # symbol at the beginning of the line being edited

2) locate this line and place a comment at beginning of the line

#Listen 80

eg

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875454/original/Confg-1.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=753b20419efb4c796ad42ed644727b7762ca6a8ca87580363952d80d5ed30810

3) Locate and uncomment (remove the hash) the following lines 

LoadModule headers_module modules/mod_headers.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so

eq

.https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875455/original/Confg-2_Headers.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=94cc21ca2a15bdc524271f6ee2a6d2d8ba4dbb76bb3d18e6635f17d401b91ddbhttps://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875456/original/Confg-2_by_request.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=e237e8ba13c27b0d576ebd23a3f63889197bdd56e4ff04243bc440bdc61836a3https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875457/original/Confg-2_modules.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=b3e54e5de4fd4ccc6030e8bd0523701a2aa8d7c412bcc4cde3dcfe0f449c29b1https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875458/original/Confg-2_rewrite.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=54a90d834031ed3120aa7b3f7ea2846173eb95513754d2008841b6d862d6d55b

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875459/original/Confg-2_slotm.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=b0c9cf81306100b8820b1cc8af16f5f1c8c54ba72d133102284b70aad552e857https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875460/original/Confg-2_http.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=ab4412434be564701c01994c0ef43d9a19ee018ca5c077bf695ca43216ca6a91

4) Find and Modify the DNS or IP Address change to port 443

ServerName DNS_NAME_OF_SERVER:443

eg

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875461/original/Confg-3.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=22f487cfb008b2a445a1c06dd6752f5b80e344abc515bf7eb41c1509551b08a7

5) Add Reverse Proxy section with Certificates generated in the steps above

Listen 443 https


ServerName DNS_NAME_OF_SERVER
SSLEngine on
SSLProxyEngine on
SSLCertificateFile "C:\Apache24\conf\ssl\my-server.cert"
SSLCertificateKeyFile "C:\Apache24\conf\ssl\my-server.key"
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

ProxyPass / http://DNS_OR_IP_OF_SERVER:3650/
ProxyPassReverse / http://DNS_OR_IP_OF_SERVER:3650/
ProxyPass /api/maps/basic/ http://DNS_OR_IP_OF_SERVER:3650/api/maps/basic/
ProxyPassReverse / http://DNS_OR_IP_OF_SERVER:3650/api/maps/basic/
RewriteEngine on

eg

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875462/original/Confg-4.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=d5d2f6801819711d517517a8ca917c38cb47de6e06f96d5d20645f5704d7e7f3

6) Also need to remove configuration from C:\Apache24\conf\extra\httpd-ahssl.conf otherwise Apache thinks you are trying to bind both configuration files to the same 443 port which will cause it to fail on checking and start-up

Comment out:

Listen 443 https

example

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875463/original/extra_file_1.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=4e4e9dcc7418c9a53cb4cd73c089c407901e3dba08158507fa5466d218487634

7) Also comment out all of the following lines:

SSLEngine on
ServerName localhost:443
SSLCertificateFile "${SRVROOT}/conf/ssl/server.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/server.key"
DocumentRoot "${SRVROOT}/htdocs"
# DocumentRoot access handled globally in httpd.conf
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Options Indexes Includes FollowSymLinks
AllowOverride AuthConfig Limit FileInfo
Require all granted

Example

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875464/original/extra_file_2.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=eeda77bba66ad9c4c2f772bafefb76f591e67f149c4de17a665b9f4bb3c45d8a


8) Start and test reverse HTTPS

cd c:\Apache24\bin

9) Check the syntax of the configuration file, correct any issues prior to progressing to the next step

httpd -t

eg

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875465/original/test_config_file_syntax.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=c85e945e7c51e34c9f03616a0d03d3237120b8ba1a0d22db270fb604aad94d00


10) Start httpd daemon. Give it a couple of minutes to ensure it starts.

httpd

11) Test resolving the URL using HTTPS and the server name

https://DNS_OR_IP_OF_SERVER

eg

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875466/original/test.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=e7e70534b95a73c73042f48790a66becddb5ed75320168728d4c6eab46111280

12) Once you are happy and wish to add Apache as a service to start automatically. Change to the Apache bin directory c:\Apache24\bin

cd c:\Apache24\bin

13)  Execute the following command to enable auto start-up. NOTE: you need to kill the httpd daemon if running already the install will generate errors as the services is already bound to the port

httpd -k install

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875467/original/apache_service_install.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=69a93006fd0618d03482243e1059f09ce37748a2944e9bfcff9c1b84fa48c818

14) if the services add was successful you will see it in the services, here you can start the services. If anything is not correct in the httpd.config file 

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875468/original/Apache_Service.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=865d31d739b6133f1b705c30b300c2ba2786d38b0ce92870dac473dfc193859f

NGINX:

1) Download NGINX for Windows

NGINX Home Page

Stable Release Download Page

2) Unpack the archive, if you unpacked it in Download copy the Apache24 Folder to the location where you will running it from. This example we are placing it directly on the C drive

C:\nginx-1.21.0

3) Generating the SSL keys and certificate. Navigate to the Apache directory where it was copied to.

cd C:\nginx-1.21.0

4) On the command prompt as an administrator user, run the following command. NB: Remember the passphrase as this is required in future. You will need to complete the different sections.

openssl req -config c:\nginx-1.21.0\ssl\openssl.cnf -new -out c:\nginx-1.21.0\ssl\my-server.csr

The above command generate two files

c:\nginx-1.21.0\ssl\my-server.csr
c:\nginx-1.21.0\ssl\privkey.pem

5) On the command prompt, run the following command to generate the server key and follow the prompts

openssl rsa -in c:\nginx-1.21.0\ssl\privkey.pem -out c:\nginx-1.21.0\ssl\my-server.key

The following file will be generated

c:\nginx-1.21.0\ssl\my-server.key

6) On the command prompt, run the following command

openssl x509 -req -in c:\nginx-1.21.0\ssl\my-server.csr -out c:\nginx-1.21.0\ssl\my-server.cert -signkey c:\nginx-1.21.0\ssl\my-server.key -days 365

This will create the following file

c:\nginx-1.21.0\ssl\my-server.cert

7) Summary of files created from the above steps

c:\nginx-1.21.0\ssl\my-server.csr
c:\nginx-1.21.0\ssl\privkey.pem
c:\nginx-1.21.0\ssl\my-server.key
c:\nginx-1.21.0\ssl\my-server.cert

Configure NGINX

Need to make the configuration changes to the NGINX config file (nginx.conf) to use HTTPS and not HTTP (default), remember to create a backup file before making any changes

C:\nginx-1.21.0\conf\nginx.conf

1) Need to comment out the entire section for use with Port 80

Default file prior to commenting out anything

eg

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875469/original/NGINX-default.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=9d283d916b0bf130f4d96a73e316d4c748857278483e3e987106180894b53723

Eg section commented out, pay attention to the parenthesis, the entire section needs to be commented

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875470/original/NGINX-1.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=b5a89f8f56f21b30406cefe3477c88d9c7f7db41089cb9ec2d34c7cc0b70a6d9

2) Add the following lines to HHTP Server section this section is commented out by default.

Default view

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875471/original/NGINX-default-HTTPS.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=b7340208e6490036001727c7aba96397be10920e666cb6286a689088eda0a4fe

Eg of what the uncommented and edited section looks like, you need to add the server address, in this example I have just used the loopback, also need to specify the Certificate location, in the example below I used the location of the Apache certificates that were generated at the top of this KB.

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875472/original/NGINX-2.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=b4207f63b593068ee4723e4eb289aa19956f5306d74390113614d9f59d0b1852

3) Testing configuration file, first change to the NGINX directory

cd nginx-1.21.0

4) Test the syntax of the configuration file

nginx -t

eg

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875473/original/NGINX_Syntax_Checking.JPG?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163739Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=90fd468ac8a12cb94c1440be3fa47bd0233c7411890e84bd2ae3f3436c2401e8

5) Start nginx daemon/executable

nginx

6) Running as a service. Currently NGINX doesn't allow users to configure the Windows service using the nginx.exe.