From 61d01138163311ca4cafe86b32add7c3ef3171c7 Mon Sep 17 00:00:00 2001
From: StarWhiz <taidao90@gmail.com>
Date: Fri, 4 Feb 2022 16:47:27 -0800
Subject: [PATCH] Fixed all Caddyfile entries to be Tabs not spaces. Added
 Meshcentral WIP.

---
 bitwarden-vaultwarden/readme.md  | 36 ++++++++---------
 cloud-commander/README.md        |  2 +-
 freepbx-asterisk/README.md       |  2 +-
 heimdall/README.md               |  2 +-
 initial ubuntu setup/README.md   |  6 +--
 jellyfin/README.md               |  2 +-
 jitsi-meet/README.md             |  2 +-
 meshcentral/Dockerfile           | 29 ++++++++++++++
 meshcentral/README.md            | 67 ++++++++++++++++++++++++++++++++
 meshcentral/config.json.template | 34 ++++++++++++++++
 meshcentral/docker-compose.yml   | 24 ++++++++++++
 meshcentral/startup.sh           | 30 ++++++++++++++
 mumble/README.md                 |  2 +-
 qbit-windscribe/README.md        |  2 +-
 rocketchat/README.md             |  2 +-
 seafile/README.md                |  2 +-
 shinobi/README.md                |  2 +-
 snipeit/README.md                |  2 +-
 vcfconvert/README.md             |  2 +-
 wordpress/README.md              |  4 +-
 zoneminder/README.md             |  2 +-
 21 files changed, 220 insertions(+), 36 deletions(-)
 create mode 100644 meshcentral/Dockerfile
 create mode 100644 meshcentral/README.md
 create mode 100644 meshcentral/config.json.template
 create mode 100644 meshcentral/docker-compose.yml
 create mode 100644 meshcentral/startup.sh

diff --git a/bitwarden-vaultwarden/readme.md b/bitwarden-vaultwarden/readme.md
index c575e60..469c24f 100644
--- a/bitwarden-vaultwarden/readme.md
+++ b/bitwarden-vaultwarden/readme.md
@@ -116,24 +116,24 @@ Bitwarden_rs documentation has a
 `Caddyfile`
 ```
 bitwarden.{$MY_DOMAIN} {
-    encode gzip
-
-    header {
-        # Enable cross-site filter (XSS) and tell browser to block detected attacks
-        X-XSS-Protection "1; mode=block"
-        # Disallow the site to be rendered within a frame (clickjacking protection)
-        X-Frame-Options "DENY"
-        # Prevent search engines from indexing (optional)
-        X-Robots-Tag "none"
-        # Server name removing
-        -Server
-    }
-
-    # Notifications redirected to the websockets server
-    reverse_proxy /notifications/hub bitwarden:3012
-
-    # Proxy the Root directory to Rocket
-    reverse_proxy bitwarden:80
+	encode gzip
+
+	header {
+		# Enable cross-site filter (XSS) and tell browser to block detected attacks
+		X-XSS-Protection "1; mode=block"
+		# Disallow the site to be rendered within a frame (clickjacking protection)
+		X-Frame-Options "DENY"
+		# Prevent search engines from indexing (optional)
+		X-Robots-Tag "none"
+		# Server name removing
+		-Server
+	}
+
+	# Notifications redirected to the websockets server
+	reverse_proxy /notifications/hub bitwarden:3012
+
+	# Proxy the Root directory to Rocket
+	reverse_proxy bitwarden:80
 }
 ```
 
diff --git a/cloud-commander/README.md b/cloud-commander/README.md
index 855bbc3..e418119 100644
--- a/cloud-commander/README.md
+++ b/cloud-commander/README.md
@@ -10,7 +10,7 @@
 Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Caddyfile.
 ```
 cloud.yourdomain.com {
-    reverse_proxy cloudcmd:8000
+	reverse_proxy cloudcmd:8000
 }
 ```
 
diff --git a/freepbx-asterisk/README.md b/freepbx-asterisk/README.md
index 9add8c1..aec1528 100644
--- a/freepbx-asterisk/README.md
+++ b/freepbx-asterisk/README.md
@@ -12,7 +12,7 @@
 Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Caddyfile.
 ```
 freepbx.yourdomain.com {
-    reverse_proxy freepbx:80
+	reverse_proxy freepbx:80
 }
 ```
 
diff --git a/heimdall/README.md b/heimdall/README.md
index 4338ebe..f6f7fa4 100644
--- a/heimdall/README.md
+++ b/heimdall/README.md
@@ -16,7 +16,7 @@ Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Ca
 
 ```
 heimdall.example.com {
-    reverse_proxy heimdall:80
+	reverse_proxy heimdall:80
 }
 ```
 
diff --git a/initial ubuntu setup/README.md b/initial ubuntu setup/README.md
index 0dbad29..25500c9 100644
--- a/initial ubuntu setup/README.md	
+++ b/initial ubuntu setup/README.md	
@@ -199,15 +199,15 @@ This Caddyfile below is an example for a server with wordpress deployed in a doc
 **Caddyfile**
 ```
 {$MY_DOMAIN} {
-    reverse_proxy wordpress:80
+	reverse_proxy wordpress:80
 }
 
 www.{$MY_DOMAIN} {
-    reverse_proxy wordpress:80
+	reverse_proxy wordpress:80
 }
 
 chat.{$MY_DOMAIN} {
-    reverse_proxy rocketchat:3000
+	reverse_proxy rocketchat:3000
 }
 ```
 
diff --git a/jellyfin/README.md b/jellyfin/README.md
index ab0fb67..b324fba 100644
--- a/jellyfin/README.md
+++ b/jellyfin/README.md
@@ -14,7 +14,7 @@ https://jellyfin.org/
 ### Add to Caddyfile (from ~/docker/caddy)
 ```
 jelly.example.com {
-    reverse_proxy jellyfin:8096
+	reverse_proxy jellyfin:8096
 }
 ```
 
diff --git a/jitsi-meet/README.md b/jitsi-meet/README.md
index ebeb770..db0173c 100644
--- a/jitsi-meet/README.md
+++ b/jitsi-meet/README.md
@@ -18,7 +18,7 @@ Currently this method is very basic and hosts an instance of jitsi without video
 Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Caddyfile.
 ```
 meet.example.com {
-    reverse_proxy jitsi-web:80
+	reverse_proxy jitsi-web:80
 }
 ```
 
diff --git a/meshcentral/Dockerfile b/meshcentral/Dockerfile
new file mode 100644
index 0000000..be59cc1
--- /dev/null
+++ b/meshcentral/Dockerfile
@@ -0,0 +1,29 @@
+# Filename: Dockerfile
+
+FROM ubuntu:latest
+
+# Disable Prompt During Packages Installation
+ARG DEBIAN_FRONTEND=noninteractive
+
+#install dependencies
+RUN apt-get update && apt-get install -y nodejs npm nano && rm -rf /var/lib/apt/lists/*
+
+#Add non-root user, add installation directories and assign proper permissions
+RUN mkdir -p /opt/meshcentral
+
+#meshcentral installation
+WORKDIR /opt/meshcentral
+
+RUN npm install meshcentral
+
+COPY config.json.template /opt/meshcentral/config.json.template
+COPY startup.sh startup.sh
+#environment variables
+
+EXPOSE 80 4430
+
+#volumes
+VOLUME /opt/meshcentral/meshcentral-data
+VOLUME /opt/meshcentral/meshcentral-files
+
+CMD ["bash","/opt/meshcentral/startup.sh"]
diff --git a/meshcentral/README.md b/meshcentral/README.md
new file mode 100644
index 0000000..3cf7e3d
--- /dev/null
+++ b/meshcentral/README.md
@@ -0,0 +1,67 @@
+### Introduction
+THIS IS A WIP DO NOT USE...
+
+### Minimum File Structure
+```
+/home/
+└── ~/
+    └── docker/
+        └── meshcentral/
+            ├── config.json.template
+            ├── docker-compose.yml
+	        └── Dockerfile
+			└── startup.sh
+```
+
+You will need the files in this GitHubs folder to build the meshcentral image and deploy it.
+
+### Add to Caddyfile (from ~/docker/caddy)
+Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Caddyfile.
+The `tls_insecure_skip_verify` line is not recommemded. This tutorial is a WIP until I figure out how
+to get caddy to work with meshcentral without the `tls_insecure_skip_verify` line.
+
+```
+meshcentral.joindigital.com {
+        tls /certs/cert.pem /certs/key.pem
+        reverse_proxy meshcentral:4430 {
+                header_up Host {http.reverse_proxy.upstream.hostport}
+                header_up X-Real-IP {http.request.remote}
+                header_up X-Forwarded-For {http.request.remote}
+				transport http {
+					tls_insecure_skip_verify
+				}
+        }
+}
+```
+
+### docker-compose.yml
+Replace YOURDOMAIN.com with your actual domain.
+
+```
+version: '3'
+services:
+    meshcentral:
+        restart: unless-stopped
+        container_name: meshcentral
+        build: .
+#        ports:
+#            - 4430:4430  #I Used 4430 because caddy v2 doesn't play well with a container using port 443. Can change 4430 to something else in the environment var CONTAINER_PORT below 
+        environment:
+            - HOSTNAME=meshcentral.YOURDOMAIN.com
+            - CONTAINER_PORT=4430
+            - REVERSE_PROXY=YOURDOMAIN.com
+            - REVERSE_PROXY_TLS_PORT=443
+            - IFRAME=false
+            - ALLOW_NEW_ACCOUNTS=true
+            - WEBRTC=true
+        volumes:
+            - ./data:/opt/meshcentral/meshcentral-data    #config.json and other important files live here. A must for data persistence
+            - ./user_files:/opt/meshcentral/meshcentral-files    #where file uploads for users live
+
+networks:
+    default:
+        external:
+            name: caddy_net
+
+```
+
diff --git a/meshcentral/config.json.template b/meshcentral/config.json.template
new file mode 100644
index 0000000..dd6ce33
--- /dev/null
+++ b/meshcentral/config.json.template
@@ -0,0 +1,34 @@
+{
+  "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
+  "settings": {
+    "cert": "myserver.mydomain.com",
+    "_WANonly": true,
+    "_LANonly": true,
+    "_sessionKey": "MyReallySecretPassword1",
+    "port": 4430,
+    "_aliasPort": 443,
+    "redirPort": 80,
+    "_redirAliasPort": 80,
+    "AgentPong": 300,
+    "TLSOffload": false,
+    "SelfUpdate": false,
+    "AllowFraming": false,
+    "WebRTC": false
+  },
+  "domains": {
+	"": {
+	"_title": "MyServer",
+    "_title2": "Servername",
+    "_minify": true,
+    "NewAccounts": true,
+	"_userNameIsEmail": true,
+    "_certUrl": "my.reverse.proxy"
+	}
+  },
+  "_letsencrypt": {
+    "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>",
+    "_email": "myemail@mydomain.com",
+    "_names": "myserver.mydomain.com",
+	"production": false
+  }
+}
diff --git a/meshcentral/docker-compose.yml b/meshcentral/docker-compose.yml
new file mode 100644
index 0000000..db5d215
--- /dev/null
+++ b/meshcentral/docker-compose.yml
@@ -0,0 +1,24 @@
+version: '3'
+services:
+    meshcentral:
+        restart: unless-stopped
+        container_name: meshcentral
+        build: .
+#        ports:
+#            - 4430:4430  #I Used 4430 because caddy v2 doesn't play well with a container using port 443. Can change 4430 to something else in the environment var CONTAINER_PORT below 
+        environment:
+            - HOSTNAME=meshcentral.YOURDOMAIN.com
+            - CONTAINER_PORT=4430
+            - REVERSE_PROXY=YOURDOMAIN.com
+            - REVERSE_PROXY_TLS_PORT=443
+            - IFRAME=false
+            - ALLOW_NEW_ACCOUNTS=true
+            - WEBRTC=true
+        volumes:
+            - ./data:/opt/meshcentral/meshcentral-data    #config.json and other important files live here. A must for data persistence
+            - ./user_files:/opt/meshcentral/meshcentral-files    #where file uploads for users live
+
+networks:
+    default:
+        external:
+            name: caddy_net
diff --git a/meshcentral/startup.sh b/meshcentral/startup.sh
new file mode 100644
index 0000000..fc741a3
--- /dev/null
+++ b/meshcentral/startup.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+export NODE_ENV=production
+
+export HOSTNAME
+export CONTAINER_PORT
+export REVERSE_PROXY
+export REVERSE_PROXY_TLS_PORT
+export IFRAME
+export ALLOW_NEW_ACCOUNTS
+export WEBRTC
+
+if [ -f "meshcentral-data/config.json" ]
+    then
+        node node_modules/meshcentral 
+    else
+        cp config.json.template meshcentral-data/config.json
+        sed -i "s_\"port\": 4430_\"port\": $CONTAINER_PORT_" meshcentral-data/config.json
+        sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/config.json
+        sed -i "s/\"NewAccounts\": true/\"NewAccounts\": \"$ALLOW_NEW_ACCOUNTS\"/" meshcentral-data/config.json
+        sed -i "s/\"WebRTC\": false/\"WebRTC\": \"$WEBRTC\"/" meshcentral-data/config.json
+        sed -i "s/\"AllowFraming\": false/\"AllowFraming\": \"$IFRAME\"/" meshcentral-data/config.json
+        if [ "$REVERSE_PROXY" != "false" ]
+            then 
+                sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/config.json
+                node node_modules/meshcentral
+                exit
+        fi
+        node node_modules/meshcentral --cert "$HOSTNAME"     
+fi
diff --git a/mumble/README.md b/mumble/README.md
index f3449cb..d326f8b 100644
--- a/mumble/README.md
+++ b/mumble/README.md
@@ -16,7 +16,7 @@ You will need 3 files minimum to start the mumble server. In this case config.in
 Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Caddyfile.
 ```
 mumble.example.com {
-    reverse_proxy mumble-server:64738
+	reverse_proxy mumble-server:64738
 }
 ```
 
diff --git a/qbit-windscribe/README.md b/qbit-windscribe/README.md
index 7d8c851..328de1e 100644
--- a/qbit-windscribe/README.md
+++ b/qbit-windscribe/README.md
@@ -8,7 +8,7 @@ Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Ca
 
 ```
 qbit.yourdomain.com {
-    reverse_proxy qbit-windscribe:8080
+	reverse_proxy qbit-windscribe:8080
 }
 ```
 
diff --git a/rocketchat/README.md b/rocketchat/README.md
index 299f96a..714acb7 100644
--- a/rocketchat/README.md
+++ b/rocketchat/README.md
@@ -12,7 +12,7 @@
 Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Caddyfile.
 ```
 subdomain.example.com {
-    reverse_proxy rocketchat:3000
+	reverse_proxy rocketchat:3000
 }
 ```
 
diff --git a/seafile/README.md b/seafile/README.md
index 7c69b32..bba52e1 100644
--- a/seafile/README.md
+++ b/seafile/README.md
@@ -12,7 +12,7 @@
 Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Caddyfile.
 ```
 subdomain.example.com {
-    reverse_proxy seafile:80
+	reverse_proxy seafile:80
 }
 ```
 
diff --git a/shinobi/README.md b/shinobi/README.md
index 751aac9..cf25454 100644
--- a/shinobi/README.md
+++ b/shinobi/README.md
@@ -106,7 +106,7 @@ docker-compose up -d
 Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Caddyfile.
 ```
 shinobi.yourdomain.com {
-    reverse_proxy shinobi:8080
+	reverse_proxy shinobi:8080
 }
 ```
 
diff --git a/snipeit/README.md b/snipeit/README.md
index 0f00cc7..f2cbeed 100644
--- a/snipeit/README.md
+++ b/snipeit/README.md
@@ -15,7 +15,7 @@ Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Ca
 
 ```
 snipeit.example.com {
-    reverse_proxy wordpress:80
+	reverse_proxy wordpress:80
 }
 ```
 
diff --git a/vcfconvert/README.md b/vcfconvert/README.md
index ba929c2..c3eb58f 100644
--- a/vcfconvert/README.md
+++ b/vcfconvert/README.md
@@ -21,7 +21,7 @@ Symfony can help you host any php application. For this example, I selfhost vcfc
 Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Caddyfile.
 ```
 vcfconvert.yourdomain.com {
-    reverse_proxy vcfconvert:80
+	reverse_proxy vcfconvert:80
 }
 ```
 
diff --git a/wordpress/README.md b/wordpress/README.md
index 613f254..0c3dbe3 100644
--- a/wordpress/README.md
+++ b/wordpress/README.md
@@ -13,11 +13,11 @@
 You may have done this already if you followed the [A-Z Guide](https://github.com/StarWhiz/docker_deployment_notes/tree/master/initial%20ubuntu%20setup#create-caddyfile) If not, do so and remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Caddyfile.
 ```
 example.com {
-    reverse_proxy wordpress:80
+	reverse_proxy wordpress:80
 }
 
 www.example.com {
-    reverse_proxy wordpress:80
+	reverse_proxy wordpress:80
 }
 ```
 
diff --git a/zoneminder/README.md b/zoneminder/README.md
index e08e7c0..569c19f 100644
--- a/zoneminder/README.md
+++ b/zoneminder/README.md
@@ -12,7 +12,7 @@
 Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Caddyfile.
 ```
 zoneminder.yourdomain.com {
-    reverse_proxy zoneminder:80
+	reverse_proxy zoneminder:80
 }
 ```