520228f971 | 3 weeks ago | |
---|---|---|
.. | ||
Deprecated | 3 weeks ago | |
meshcentral-guide-end-user | 3 weeks ago | |
quick-assist-guide-end-user | 3 weeks ago | |
README.md | 3 weeks ago |
README.md
Introduction
This will deploy meshcentral with caddy.
Minimum File Structure
/home/
└── ~/
└── docker/
└── meshcentral/
├── .env
├── docker-compose.yml
You will need the files in this GitHubs folder (Dockerfile, startup.sh, and config.json.template) to build the meshcentral image and deploy it.
Add to Caddyfile (from ~/docker/caddy)
Remember to docker exec -w /etc/caddy caddy caddy reload
after editing your Caddyfile.
meshcentral.YOURDOMAIN.com {
reverse_proxy meshcentral:443 {
header_up Host {http.reverse_proxy.upstream.hostport}
header_up X-Real-IP {http.request.remote}
header_up X-Forwarded-For {http.request.remote}
}
}
.env file
The environment variables here will generate a config in ./data/config.json
the first time you do a docker-compose up -d.
If there are any changes that need to be made aftewards, then ./data/config.json should be edited instead. References.
NODE_ENV=production
USE_MONGODB=false
# set already exist mongo connection string url here
MONGO_URL=
# or set following init params for new mongodb, use it with docker-compose file with mongodb version
MONGO_INITDB_ROOT_USERNAME=mongodbadmin
MONGO_INITDB_ROOT_PASSWORD=mongodbpasswd
# initial meshcentral-variables
# the following options are only used if no config.json exists in the data-folder
# your hostname
HOSTNAME=my.domain.com
# set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy. Example: replace false with YOURDOMAIN.com
REVERSE_PROXY=meshcentral.yourdomain.com
REVERSE_PROXY_TLS_PORT=
# set to true if you wish to enable iframe support
IFRAME=false
# set to false if you want disable self-service creation of new accounts besides the first (admin)
ALLOW_NEW_ACCOUNTS=true
# set to true to enable WebRTC - per documentation it is not officially released with meshcentral and currently experimental. Use with caution
WEBRTC=false
# set to true to allow plugins
ALLOWPLUGINS=false
# set to true to allow session recording
LOCALSESSIONRECORDING=false
# set to enable or disable minification of json, reduces traffic
MINIFY=true
# set this value to add extra arguments to meshcentral on startup (e.g --debug ldap)
ARGS=
docker-compose.yml
version: '3'
services:
meshcentral:
restart: unless-stopped
container_name: meshcentral
image: ghcr.io/ylianst/meshcentral:1.1.22
# ports:
# - 4430:443
env_file:
- .env
volumes:
# config.json and other important files live here. A must for data persistence
- ./meshcentral/data:/opt/meshcentral/meshcentral-data
# where file uploads for users live
- ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
# location for the meshcentral-backups - this should be mounted to an external storage
- ./meshcentral/backup:/opt/meshcentral/meshcentral-backups
# location for site customization files
- ./meshcentral/web:/opt/meshcentral/meshcentral-web
networks:
default:
external:
name: caddy_net
Important Step!!!
After everything is set up do docker-compose up -d
in this folder to start meshcentral and to have it generate ./data/config.json
Then do docker-compose down
to bring it back down.
We need to edit ./data/config.json
.
Change "TLSOffload": false,"
to "TLSOffload": true,"
... If you don't do this changes caddy reverse proxy will not be able to route to the container properly!
"$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
"settings": {
"plugins":{"enabled": true},
"_mongoDb": null,
"cert": "meshcentral.yourdomain.com",
"_WANonly": true,
"_LANonly": true,
"sessionKey": "KEYGENERATEDBYDOCKERCOMPOSEUPD",
"port": 443,
"_aliasPort": 443,
"redirPort": 80,
"_redirAliasPort": 80,
"AgentPong": 300,
"TLSOffload": true,
"SelfUpdate": false,
"AllowFraming": false,
"WebRTC": false
},
Save.
And then do docker-compose up -d
to spin up the instance. It should now be reachable at meshcentral.yourdomain.com! Go ahead and create your account!