Fixed all Caddyfile entries to be Tabs not spaces. Added Meshcentral WIP.
parent
7a825395c6
commit
61d0113816
@ -0,0 +1,29 @@
|
|||||||
|
# Filename: Dockerfile
|
||||||
|
|
||||||
|
FROM ubuntu:latest
|
||||||
|
|
||||||
|
# Disable Prompt During Packages Installation
|
||||||
|
ARG DEBIAN_FRONTEND=noninteractive
|
||||||
|
|
||||||
|
#install dependencies
|
||||||
|
RUN apt-get update && apt-get install -y nodejs npm nano && rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
#Add non-root user, add installation directories and assign proper permissions
|
||||||
|
RUN mkdir -p /opt/meshcentral
|
||||||
|
|
||||||
|
#meshcentral installation
|
||||||
|
WORKDIR /opt/meshcentral
|
||||||
|
|
||||||
|
RUN npm install meshcentral
|
||||||
|
|
||||||
|
COPY config.json.template /opt/meshcentral/config.json.template
|
||||||
|
COPY startup.sh startup.sh
|
||||||
|
#environment variables
|
||||||
|
|
||||||
|
EXPOSE 80 4430
|
||||||
|
|
||||||
|
#volumes
|
||||||
|
VOLUME /opt/meshcentral/meshcentral-data
|
||||||
|
VOLUME /opt/meshcentral/meshcentral-files
|
||||||
|
|
||||||
|
CMD ["bash","/opt/meshcentral/startup.sh"]
|
@ -0,0 +1,67 @@
|
|||||||
|
### Introduction
|
||||||
|
THIS IS A WIP DO NOT USE...
|
||||||
|
|
||||||
|
### Minimum File Structure
|
||||||
|
```
|
||||||
|
/home/
|
||||||
|
└── ~/
|
||||||
|
└── docker/
|
||||||
|
└── meshcentral/
|
||||||
|
├── config.json.template
|
||||||
|
├── docker-compose.yml
|
||||||
|
└── Dockerfile
|
||||||
|
└── startup.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
You will need the files in this GitHubs folder to build the meshcentral image and deploy it.
|
||||||
|
|
||||||
|
### Add to Caddyfile (from ~/docker/caddy)
|
||||||
|
Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Caddyfile.
|
||||||
|
The `tls_insecure_skip_verify` line is not recommemded. This tutorial is a WIP until I figure out how
|
||||||
|
to get caddy to work with meshcentral without the `tls_insecure_skip_verify` line.
|
||||||
|
|
||||||
|
```
|
||||||
|
meshcentral.joindigital.com {
|
||||||
|
tls /certs/cert.pem /certs/key.pem
|
||||||
|
reverse_proxy meshcentral:4430 {
|
||||||
|
header_up Host {http.reverse_proxy.upstream.hostport}
|
||||||
|
header_up X-Real-IP {http.request.remote}
|
||||||
|
header_up X-Forwarded-For {http.request.remote}
|
||||||
|
transport http {
|
||||||
|
tls_insecure_skip_verify
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### docker-compose.yml
|
||||||
|
Replace YOURDOMAIN.com with your actual domain.
|
||||||
|
|
||||||
|
```
|
||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
meshcentral:
|
||||||
|
restart: unless-stopped
|
||||||
|
container_name: meshcentral
|
||||||
|
build: .
|
||||||
|
# ports:
|
||||||
|
# - 4430:4430 #I Used 4430 because caddy v2 doesn't play well with a container using port 443. Can change 4430 to something else in the environment var CONTAINER_PORT below
|
||||||
|
environment:
|
||||||
|
- HOSTNAME=meshcentral.YOURDOMAIN.com
|
||||||
|
- CONTAINER_PORT=4430
|
||||||
|
- REVERSE_PROXY=YOURDOMAIN.com
|
||||||
|
- REVERSE_PROXY_TLS_PORT=443
|
||||||
|
- IFRAME=false
|
||||||
|
- ALLOW_NEW_ACCOUNTS=true
|
||||||
|
- WEBRTC=true
|
||||||
|
volumes:
|
||||||
|
- ./data:/opt/meshcentral/meshcentral-data #config.json and other important files live here. A must for data persistence
|
||||||
|
- ./user_files:/opt/meshcentral/meshcentral-files #where file uploads for users live
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
external:
|
||||||
|
name: caddy_net
|
||||||
|
|
||||||
|
```
|
||||||
|
|
@ -0,0 +1,34 @@
|
|||||||
|
{
|
||||||
|
"$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
|
||||||
|
"settings": {
|
||||||
|
"cert": "myserver.mydomain.com",
|
||||||
|
"_WANonly": true,
|
||||||
|
"_LANonly": true,
|
||||||
|
"_sessionKey": "MyReallySecretPassword1",
|
||||||
|
"port": 4430,
|
||||||
|
"_aliasPort": 443,
|
||||||
|
"redirPort": 80,
|
||||||
|
"_redirAliasPort": 80,
|
||||||
|
"AgentPong": 300,
|
||||||
|
"TLSOffload": false,
|
||||||
|
"SelfUpdate": false,
|
||||||
|
"AllowFraming": false,
|
||||||
|
"WebRTC": false
|
||||||
|
},
|
||||||
|
"domains": {
|
||||||
|
"": {
|
||||||
|
"_title": "MyServer",
|
||||||
|
"_title2": "Servername",
|
||||||
|
"_minify": true,
|
||||||
|
"NewAccounts": true,
|
||||||
|
"_userNameIsEmail": true,
|
||||||
|
"_certUrl": "my.reverse.proxy"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"_letsencrypt": {
|
||||||
|
"__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>",
|
||||||
|
"_email": "myemail@mydomain.com",
|
||||||
|
"_names": "myserver.mydomain.com",
|
||||||
|
"production": false
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,24 @@
|
|||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
meshcentral:
|
||||||
|
restart: unless-stopped
|
||||||
|
container_name: meshcentral
|
||||||
|
build: .
|
||||||
|
# ports:
|
||||||
|
# - 4430:4430 #I Used 4430 because caddy v2 doesn't play well with a container using port 443. Can change 4430 to something else in the environment var CONTAINER_PORT below
|
||||||
|
environment:
|
||||||
|
- HOSTNAME=meshcentral.YOURDOMAIN.com
|
||||||
|
- CONTAINER_PORT=4430
|
||||||
|
- REVERSE_PROXY=YOURDOMAIN.com
|
||||||
|
- REVERSE_PROXY_TLS_PORT=443
|
||||||
|
- IFRAME=false
|
||||||
|
- ALLOW_NEW_ACCOUNTS=true
|
||||||
|
- WEBRTC=true
|
||||||
|
volumes:
|
||||||
|
- ./data:/opt/meshcentral/meshcentral-data #config.json and other important files live here. A must for data persistence
|
||||||
|
- ./user_files:/opt/meshcentral/meshcentral-files #where file uploads for users live
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
external:
|
||||||
|
name: caddy_net
|
@ -0,0 +1,30 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
export NODE_ENV=production
|
||||||
|
|
||||||
|
export HOSTNAME
|
||||||
|
export CONTAINER_PORT
|
||||||
|
export REVERSE_PROXY
|
||||||
|
export REVERSE_PROXY_TLS_PORT
|
||||||
|
export IFRAME
|
||||||
|
export ALLOW_NEW_ACCOUNTS
|
||||||
|
export WEBRTC
|
||||||
|
|
||||||
|
if [ -f "meshcentral-data/config.json" ]
|
||||||
|
then
|
||||||
|
node node_modules/meshcentral
|
||||||
|
else
|
||||||
|
cp config.json.template meshcentral-data/config.json
|
||||||
|
sed -i "s_\"port\": 4430_\"port\": $CONTAINER_PORT_" meshcentral-data/config.json
|
||||||
|
sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/config.json
|
||||||
|
sed -i "s/\"NewAccounts\": true/\"NewAccounts\": \"$ALLOW_NEW_ACCOUNTS\"/" meshcentral-data/config.json
|
||||||
|
sed -i "s/\"WebRTC\": false/\"WebRTC\": \"$WEBRTC\"/" meshcentral-data/config.json
|
||||||
|
sed -i "s/\"AllowFraming\": false/\"AllowFraming\": \"$IFRAME\"/" meshcentral-data/config.json
|
||||||
|
if [ "$REVERSE_PROXY" != "false" ]
|
||||||
|
then
|
||||||
|
sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/config.json
|
||||||
|
node node_modules/meshcentral
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
node node_modules/meshcentral --cert "$HOSTNAME"
|
||||||
|
fi
|
Loading…
Reference in New Issue