|
|
|
|
# Meshcentral in docker
|
|
|
|
|
|
|
|
|
|
###### guide-by-example
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Purpose & Overview
|
|
|
|
|
|
|
|
|
|
Powerful remote desktop toolset.
|
|
|
|
|
|
|
|
|
|
* [Official site](https://www.meshcommander.com/meshcentral2)
|
|
|
|
|
* [Github](https://github.com/Ylianst/MeshCentral)
|
|
|
|
|
* [ghcr.io](https://github.com/ylianst/MeshCentral/pkgs/container/meshcentral)
|
|
|
|
|
|
|
|
|
|
Web based, can be a replacement for TeamViewer or Anydesk.<br>
|
|
|
|
|
The server is written in javascript, running in node.js runtime.
|
|
|
|
|
The client application is written mostly in C runnig Duktape javascript engine.
|
|
|
|
|
|
|
|
|
|
For database the server uses a build in neDB, which should be enough for
|
|
|
|
|
less than 100 clients deployments. Or MongoDB can be deployed for better
|
|
|
|
|
performance and robustness but added complexity.
|
|
|
|
|
|
|
|
|
|
The architecture is relatively simple.
|
|
|
|
|
|
|
|
|
|
* a server you host is accessible through a web site
|
|
|
|
|
* clients can from this site install Mesh Agent
|
|
|
|
|
which allows full control of the device from the servers web
|
|
|
|
|
|
|
|
|
|
Theres also an entire aspect of possibility of using
|
|
|
|
|
Intel AMT - Active Management Technology through port 4433.
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Files and directory structure
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
/home/
|
|
|
|
|
└── ~/
|
|
|
|
|
└── docker/
|
|
|
|
|
└── meshcentral/
|
|
|
|
|
├── meshcentral/
|
|
|
|
|
├── .env
|
|
|
|
|
└── docker-compose.yml
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
* `meshcentral/` - persistent data, most notable is config.json in data\
|
|
|
|
|
* `.env` - a file containing environment variables for docker compose
|
|
|
|
|
* `docker-compose.yml` - a docker compose file, telling docker how to run the containers
|
|
|
|
|
|
|
|
|
|
You only need to provide the two files.</br>
|
|
|
|
|
The directories are created by docker compose on the first run.
|
|
|
|
|
|
|
|
|
|
# docker-compose
|
|
|
|
|
|
|
|
|
|
The official docker image is hosted [on github.](https://github.com/ylianst/MeshCentral/pkgs/container/meshcentral)
|
|
|
|
|
More info [here](https://github.com/Ylianst/MeshCentral/tree/master/docker)<br>
|
|
|
|
|
This setup goes more robust way, with a separate container running mongodb.
|
|
|
|
|
|
|
|
|
|
`docker-compose.yml`
|
|
|
|
|
```yml
|
|
|
|
|
services:
|
|
|
|
|
|
|
|
|
|
meshcentral-db:
|
|
|
|
|
image: mongo:latest
|
|
|
|
|
container_name: meshcentral-db
|
|
|
|
|
hostname: meshcentral-db
|
|
|
|
|
restart: unless-stopped
|
|
|
|
|
env_file: .env
|
|
|
|
|
volumes:
|
|
|
|
|
- ./meshcentral/mongodb_data:/data/db
|
|
|
|
|
|
|
|
|
|
meshcentral:
|
|
|
|
|
image: ghcr.io/ylianst/meshcentral:latest
|
|
|
|
|
container_name: meshcentral
|
|
|
|
|
hostname: meshcentral
|
|
|
|
|
restart: unless-stopped
|
|
|
|
|
env_file: .env
|
|
|
|
|
depends_on:
|
|
|
|
|
- meshcentral-db
|
|
|
|
|
volumes:
|
|
|
|
|
# config.json and other important files live here. A must for data persistence
|
|
|
|
|
- ./meshcentral/data:/opt/meshcentral/meshcentral-data
|
|
|
|
|
# where file uploads for users live
|
|
|
|
|
- ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
|
|
|
|
|
# location for the meshcentral-backups - this should be mounted to an external storage
|
|
|
|
|
- ./meshcentral/backup:/opt/meshcentral/meshcentral-backup
|
|
|
|
|
# location for site customization files
|
|
|
|
|
- ./meshcentral/web:/opt/meshcentral/meshcentral-web
|
|
|
|
|
|
|
|
|
|
networks:
|
|
|
|
|
default:
|
|
|
|
|
name: $DOCKER_MY_NETWORK
|
|
|
|
|
external: true
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
`.env`
|
|
|
|
|
```bash
|
|
|
|
|
# GENERAL
|
|
|
|
|
MY_DOMAIN=example.com
|
|
|
|
|
DOCKER_MY_NETWORK=caddy_net
|
|
|
|
|
TZ=Europe/Bratislava
|
|
|
|
|
|
|
|
|
|
# MESHCENTRAL
|
|
|
|
|
NODE_ENV=production
|
|
|
|
|
|
|
|
|
|
# initial mongodb-variables
|
|
|
|
|
MONGO_INITDB_ROOT_USERNAME=mongodbadmin
|
|
|
|
|
MONGO_INITDB_ROOT_PASSWORD=mongodbpasswd
|
|
|
|
|
|
|
|
|
|
# initial meshcentral-variables
|
|
|
|
|
# the following options are only used if no config.json exists in the data-folder
|
|
|
|
|
|
|
|
|
|
# your hostname
|
|
|
|
|
HOSTNAME=mesh.example.com
|
|
|
|
|
USE_MONGODB=true
|
|
|
|
|
# set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy
|
|
|
|
|
REVERSE_PROXY=example.com
|
|
|
|
|
REVERSE_PROXY_TLS_PORT=443
|
|
|
|
|
# set to true if you wish to enable iframe support
|
|
|
|
|
IFRAME=false
|
|
|
|
|
# set to false if you want disable self-service creation of new accounts besides the first (admin)
|
|
|
|
|
ALLOW_NEW_ACCOUNTS=true
|
|
|
|
|
# set to true to enable WebRTC - per documentation it is not officially released with meshcentral and currently experimental. Use with caution
|
|
|
|
|
WEBRTC=false
|
|
|
|
|
# set to true to allow plugins
|
|
|
|
|
ALLOWPLUGINS=false
|
|
|
|
|
# set to true to allow session recording
|
|
|
|
|
LOCALSESSIONRECORDING=false
|
|
|
|
|
# set to enable or disable minification of json, reduces traffic
|
|
|
|
|
MINIFY=true
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Bit of an issue is that the official project expects to find the database
|
|
|
|
|
at the hostname `mongodb`. It's hardcoded in the
|
|
|
|
|
[startup.sh](https://github.com/Ylianst/MeshCentral/blob/master/docker/startup.sh)
|
|
|
|
|
which on first run generates `config.json`.<br>
|
|
|
|
|
This is not ideal as one likely will run several containers and
|
|
|
|
|
undescriptive container name or hostname is annoying.<br>
|
|
|
|
|
|
|
|
|
|
To deal with this, **run it first time for few minutes, then down it, edit the**
|
|
|
|
|
`.\meshcentral\data\config.json` and change the mongoDb line to look like this:
|
|
|
|
|
|
|
|
|
|
"settings": {
|
|
|
|
|
"mongoDb": "mongodb://mongodbadmin:mongodbpasswd@meshcentral-db:27017",
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
if meshcentral container shows: *ERROR: Unable to parse /opt/meshcentral/meshcentral-data/config.json*<br>
|
|
|
|
|
you need to down it, delete the `meshcentral` with the persistent data,
|
|
|
|
|
and up it again, now let it run longer before downing and editing the database path.
|
|
|
|
|
|
|
|
|
|
# Reverse proxy
|
|
|
|
|
|
|
|
|
|
Caddy v2 is used, details
|
|
|
|
|
[here](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/caddy_v2).</br>
|
|
|
|
|
|
|
|
|
|
`Caddyfile`
|
|
|
|
|
```
|
|
|
|
|
mesh.{$MY_DOMAIN} {
|
|
|
|
|
reverse_proxy meshcentral:443 {
|
|
|
|
|
transport http {
|
|
|
|
|
tls
|
|
|
|
|
tls_insecure_skip_verify
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The usage on clients
|
|
|
|
|
|
|
|
|
|
# Improved safety
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Trouble shooting
|
|
|
|
|
|
|
|
|
|
# Running without separate database
|
|
|
|
|
|
|
|
|
|
`docker-compose.yml`
|
|
|
|
|
```yml
|
|
|
|
|
services:
|
|
|
|
|
|
|
|
|
|
meshcentral:
|
|
|
|
|
image: ghcr.io/ylianst/meshcentral:latest
|
|
|
|
|
container_name: meshcentral
|
|
|
|
|
hostname: meshcentral
|
|
|
|
|
restart: unless-stopped
|
|
|
|
|
env_file: .env
|
|
|
|
|
volumes:
|
|
|
|
|
# config.json and other important files live here. A must for data persistence
|
|
|
|
|
- ./meshcentral/data:/opt/meshcentral/meshcentral-data
|
|
|
|
|
# where file uploads for users live
|
|
|
|
|
- ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
|
|
|
|
|
# location for the meshcentral-backups - this should be mounted to an external storage
|
|
|
|
|
- ./meshcentral/backup:/opt/meshcentral/meshcentral-backup
|
|
|
|
|
# location for site customization files
|
|
|
|
|
- ./meshcentral/web:/opt/meshcentral/meshcentral-web
|
|
|
|
|
|
|
|
|
|
networks:
|
|
|
|
|
default:
|
|
|
|
|
name: $DOCKER_MY_NETWORK
|
|
|
|
|
external: true
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
`.env`
|
|
|
|
|
```bash
|
|
|
|
|
# GENERAL
|
|
|
|
|
MY_DOMAIN=example.com
|
|
|
|
|
DOCKER_MY_NETWORK=caddy_net
|
|
|
|
|
TZ=Europe/Bratislava
|
|
|
|
|
|
|
|
|
|
# MESHCENTRAL
|
|
|
|
|
NODE_ENV=production
|
|
|
|
|
|
|
|
|
|
# initial mongodb-variables
|
|
|
|
|
MONGO_INITDB_ROOT_USERNAME=mongodbadmin
|
|
|
|
|
MONGO_INITDB_ROOT_PASSWORD=mongodbpasswd
|
|
|
|
|
|
|
|
|
|
# initial meshcentral-variables
|
|
|
|
|
# the following options are only used if no config.json exists in the data-folder
|
|
|
|
|
|
|
|
|
|
# your hostname
|
|
|
|
|
HOSTNAME=mesh.example.com
|
|
|
|
|
USE_MONGODB=false
|
|
|
|
|
# set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy
|
|
|
|
|
REVERSE_PROXY=example.com
|
|
|
|
|
REVERSE_PROXY_TLS_PORT=443
|
|
|
|
|
# set to true if you wish to enable iframe support
|
|
|
|
|
IFRAME=false
|
|
|
|
|
# set to false if you want disable self-service creation of new accounts besides the first (admin)
|
|
|
|
|
ALLOW_NEW_ACCOUNTS=true
|
|
|
|
|
# set to true to enable WebRTC - per documentation it is not officially released with meshcentral and currently experimental. Use with caution
|
|
|
|
|
WEBRTC=false
|
|
|
|
|
# set to true to allow plugins
|
|
|
|
|
ALLOWPLUGINS=false
|
|
|
|
|
# set to true to allow session recording
|
|
|
|
|
LOCALSESSIONRECORDING=false
|
|
|
|
|
# set to enable or disable minification of json, reduces traffic
|
|
|
|
|
MINIFY=true
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Update
|
|
|
|
|
|
|
|
|
|
Manual image update:
|
|
|
|
|
|
|
|
|
|
- `docker-compose pull`</br>
|
|
|
|
|
- `docker-compose up -d`</br>
|
|
|
|
|
- `docker image prune`
|
|
|
|
|
|
|
|
|
|
# Backup and restore
|
|
|
|
|
|
|
|
|
|
#### Backup
|
|
|
|
|
|
|
|
|
|
Using [borg](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/borg_backup)
|
|
|
|
|
that makes daily snapshot of the entire directory.
|
|
|
|
|
|
|
|
|
|
#### Restore
|
|
|
|
|
|
|
|
|
|
* down the bookstack containers `docker-compose down`</br>
|
|
|
|
|
* delete the entire bookstack directory</br>
|
|
|
|
|
* from the backup copy back the bookstack directory</br>
|
|
|
|
|
* start the containers `docker-compose up -d`
|
|
|
|
|
|
