### Introduction This will deploy meshcentral with caddy. ### Minimum File Structure ``` /home/ └── ~/ └── docker/ └── meshcentral/ ├── .env ├── docker-compose.yml ``` You will need the files in this GitHubs folder (Dockerfile, startup.sh, and config.json.template) to build the meshcentral image and deploy it. ### Add to Caddyfile (from ~/docker/caddy) Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Caddyfile. ``` meshcentral.YOURDOMAIN.com { reverse_proxy meshcentral:443 { header_up Host {http.reverse_proxy.upstream.hostport} header_up X-Real-IP {http.request.remote} header_up X-Forwarded-For {http.request.remote} } } ``` ### .env file The environment variables here will generate a config in `./data/config.json` the first time you do a docker-compose up -d. If there are any changes that need to be made aftewards, then ./data/config.json should be edited instead. [References](https://github.com/Ylianst/MeshCentral/tree/master/docker). ``` NODE_ENV=production USE_MONGODB=false # set already exist mongo connection string url here MONGO_URL= # or set following init params for new mongodb, use it with docker-compose file with mongodb version MONGO_INITDB_ROOT_USERNAME=mongodbadmin MONGO_INITDB_ROOT_PASSWORD=mongodbpasswd # initial meshcentral-variables # the following options are only used if no config.json exists in the data-folder # your hostname HOSTNAME=my.domain.com # set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy. Example: replace false with YOURDOMAIN.com REVERSE_PROXY=meshcentral.yourdomain.com REVERSE_PROXY_TLS_PORT= # set to true if you wish to enable iframe support IFRAME=false # set to false if you want disable self-service creation of new accounts besides the first (admin) ALLOW_NEW_ACCOUNTS=true # set to true to enable WebRTC - per documentation it is not officially released with meshcentral and currently experimental. Use with caution WEBRTC=false # set to true to allow plugins ALLOWPLUGINS=false # set to true to allow session recording LOCALSESSIONRECORDING=false # set to enable or disable minification of json, reduces traffic MINIFY=true # set this value to add extra arguments to meshcentral on startup (e.g --debug ldap) ARGS= ``` ### docker-compose.yml ``` version: '3' services: meshcentral: restart: unless-stopped container_name: meshcentral image: ghcr.io/ylianst/meshcentral:1.1.22 # ports: # - 4430:443 env_file: - .env volumes: # config.json and other important files live here. A must for data persistence - ./meshcentral/data:/opt/meshcentral/meshcentral-data # where file uploads for users live - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files # location for the meshcentral-backups - this should be mounted to an external storage - ./meshcentral/backup:/opt/meshcentral/meshcentral-backups # location for site customization files - ./meshcentral/web:/opt/meshcentral/meshcentral-web networks: default: external: name: caddy_net ``` ## Important Step!!! After everything is set up do `docker-compose up -d` in this folder to start meshcentral and to have it generate `./data/config.json` Then do `docker-compose down` to bring it back down. We need to edit `./data/config.json`. Change `"TLSOffload": false,"` to `"TLSOffload": true,"`... If you don't do this changes caddy reverse proxy will not be able to route to the container properly! ``` "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json", "settings": { "plugins":{"enabled": true}, "_mongoDb": null, "cert": "meshcentral.yourdomain.com", "_WANonly": true, "_LANonly": true, "sessionKey": "KEYGENERATEDBYDOCKERCOMPOSEUPD", "port": 443, "_aliasPort": 443, "redirPort": 80, "_redirAliasPort": 80, "AgentPong": 300, "TLSOffload": true, "SelfUpdate": false, "AllowFraming": false, "WebRTC": false }, ``` Save. And then do `docker-compose up -d` to spin up the instance. It should now be reachable at meshcentral.yourdomain.com! Go ahead and create your account!