From 520228f971c6949ed434713593dfc4b393a2180b Mon Sep 17 00:00:00 2001 From: Froz Date: Tue, 9 Apr 2024 13:55:39 -0700 Subject: [PATCH] Fixed Meshcentral Readme. --- .../{ => Deprecated}/config.json.template | 0 .../{ => Deprecated}/docker-compose.yml | 0 meshcentral/README.md | 101 +++++++++++++++--- 3 files changed, 84 insertions(+), 17 deletions(-) rename meshcentral/{ => Deprecated}/config.json.template (100%) rename meshcentral/{ => Deprecated}/docker-compose.yml (100%) diff --git a/meshcentral/config.json.template b/meshcentral/Deprecated/config.json.template similarity index 100% rename from meshcentral/config.json.template rename to meshcentral/Deprecated/config.json.template diff --git a/meshcentral/docker-compose.yml b/meshcentral/Deprecated/docker-compose.yml similarity index 100% rename from meshcentral/docker-compose.yml rename to meshcentral/Deprecated/docker-compose.yml diff --git a/meshcentral/README.md b/meshcentral/README.md index e788a85..68c5be4 100644 --- a/meshcentral/README.md +++ b/meshcentral/README.md @@ -7,6 +7,7 @@ This will deploy meshcentral with caddy. └── ~/ └── docker/ └── meshcentral/ + ├── .env ├── docker-compose.yml ``` @@ -17,17 +18,52 @@ Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Ca ``` meshcentral.YOURDOMAIN.com { - reverse_proxy meshcentral:4430 { + reverse_proxy meshcentral:443 { header_up Host {http.reverse_proxy.upstream.hostport} header_up X-Real-IP {http.request.remote} header_up X-Forwarded-For {http.request.remote} } } ``` +### .env file +The environment variables here will generate a config in `./data/config.json` the first time you do a docker-compose up -d. -### docker-compose.yml -Replace YOURDOMAIN.com with your actual domain. +If there are any changes that need to be made aftewards, then ./data/config.json should be edited instead. [References](https://github.com/Ylianst/MeshCentral/tree/master/docker). + +``` +NODE_ENV=production + +USE_MONGODB=false +# set already exist mongo connection string url here +MONGO_URL= +# or set following init params for new mongodb, use it with docker-compose file with mongodb version +MONGO_INITDB_ROOT_USERNAME=mongodbadmin +MONGO_INITDB_ROOT_PASSWORD=mongodbpasswd +# initial meshcentral-variables +# the following options are only used if no config.json exists in the data-folder + +# your hostname +HOSTNAME=my.domain.com +# set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy. Example: replace false with YOURDOMAIN.com +REVERSE_PROXY=meshcentral.yourdomain.com +REVERSE_PROXY_TLS_PORT= +# set to true if you wish to enable iframe support +IFRAME=false +# set to false if you want disable self-service creation of new accounts besides the first (admin) +ALLOW_NEW_ACCOUNTS=true +# set to true to enable WebRTC - per documentation it is not officially released with meshcentral and currently experimental. Use with caution +WEBRTC=false +# set to true to allow plugins +ALLOWPLUGINS=false +# set to true to allow session recording +LOCALSESSIONRECORDING=false +# set to enable or disable minification of json, reduces traffic +MINIFY=true +# set this value to add extra arguments to meshcentral on startup (e.g --debug ldap) +ARGS= +``` +### docker-compose.yml ``` version: '3' services: @@ -36,27 +72,58 @@ services: container_name: meshcentral image: ghcr.io/ylianst/meshcentral:1.1.22 # ports: -# - 4430:4430 #I Used 4430 because caddy v2 doesn't play well with a container using port 443. Can change 4430 to something else in the environment var CONTAINER_PORT below - environment: - - HOSTNAME=meshcentral.YOURDOMAIN.com - - CONTAINER_PORT=4430 - - REVERSE_PROXY=YOURDOMAIN.com - - REVERSE_PROXY=true - - REVERSE_PROXY_TLS_PORT=443 - - IFRAME=false - - ALLOW_NEW_ACCOUNTS=true - - WEBRTC=true +# - 4430:443 + env_file: + - .env volumes: - - ./data:/opt/meshcentral/meshcentral-data #config.json and other important files live here. A must for data persistence - - ./user_files:/opt/meshcentral/meshcentral-files #where file uploads for users live - - ./web:/opt/meshcentral/meshcentral-web # location for site customization files + # config.json and other important files live here. A must for data persistence + - ./meshcentral/data:/opt/meshcentral/meshcentral-data + # where file uploads for users live + - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files + # location for the meshcentral-backups - this should be mounted to an external storage + - ./meshcentral/backup:/opt/meshcentral/meshcentral-backups + # location for site customization files + - ./meshcentral/web:/opt/meshcentral/meshcentral-web networks: default: external: name: caddy_net +``` + +## Important Step!!! +After everything is set up do `docker-compose up -d` in this folder to start meshcentral and to have it generate `./data/config.json` + +Then do `docker-compose down` to bring it back down. + +We need to edit `./data/config.json`. + +Change `"TLSOffload": false,"` to `"TLSOffload": true,"`... If you don't do this changes caddy reverse proxy will not be able to route to the container properly! ``` -After everything is set up do `docker-compose up -d` in this folder to start meshcentral! + "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json", + "settings": { + "plugins":{"enabled": true}, + "_mongoDb": null, + "cert": "meshcentral.yourdomain.com", + "_WANonly": true, + "_LANonly": true, + "sessionKey": "KEYGENERATEDBYDOCKERCOMPOSEUPD", + "port": 443, + "_aliasPort": 443, + "redirPort": 80, + "_redirAliasPort": 80, + "AgentPong": 300, + "TLSOffload": true, + "SelfUpdate": false, + "AllowFraming": false, + "WebRTC": false + }, + +``` + +Save. + +And then do `docker-compose up -d` to spin up the instance. It should now be reachable at meshcentral.yourdomain.com! Go ahead and create your account!