Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
laptopwiki:guides:docker:meshcentral [20/09/2024 17:11] – dustojnikhummer | laptopwiki:guides:docker:meshcentral [08/03/2025 18:58] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 2: | Line 2: | ||
* What is Nginx Proxy Manager (also known as NPM): [[https:// | * What is Nginx Proxy Manager (also known as NPM): [[https:// | ||
- | * What is Mesh Central: [[https:// | + | * What is Mesh Central: [[https:// |
- | * Container we will be using, including base of my docker-compose.yml: | + | * Container we will be using, including base of my docker-compose.yml: |
- | | + | * [[https://ghcr.io/ylianst/ |
- | * [[https://github.com/Typhonragewind/ | + | |
====== Prerequisites ====== | ====== Prerequisites ====== | ||
- | - Docker environment on Linux | + | - Root Docker environment on Linux |
- | - Portainer, | + | - docker-compose installed |
- Ports 80/443 port forwarded to your Docker host | - Ports 80/443 port forwarded to your Docker host | ||
- Reverse proxy being Nginx Proxy Manager, not Traefik as I don't use it | - Reverse proxy being Nginx Proxy Manager, not Traefik as I don't use it | ||
- Nginx Proxy Manager listening for ports 80/443 | - Nginx Proxy Manager listening for ports 80/443 | ||
+ | - Proper DNS records for a LetsEncrypt DNS Challenge (for a certificate) | ||
+ | - Folder on your linux filesystem named meshcentral (This folder will only contain a docker-compose.yml file) | ||
===== Deploying container ===== | ===== Deploying container ===== | ||
- | * We will be using an unofficial, but as of writing this article still maintained and community approved, | + | * We will be using the official |
- | * I will be using Portainer in this guide, but you can use manual Docker Compose if you wish | + | * Create a folder with the name meshcentral |
- | * Here is an example of my docker-compose.yml file | + | * cd into the folder and create a docker-compose.yml file |
+ | * Paste the content of the following example into that file and edit whatever is necessary for you | ||
+ | * Run | ||
< | < | ||
- | version: ' | + | sudo docker compose up -d |
+ | </ | ||
+ | |||
+ | * Here is an example of my docker-compose.yml file | ||
+ | |||
+ | < | ||
networks: | networks: | ||
reverse_proxy: | reverse_proxy: | ||
external: true | external: true | ||
+ | |||
volumes: | volumes: | ||
- | data: | ||
files: | files: | ||
+ | database: | ||
services: | services: | ||
Line 35: | Line 44: | ||
container_name: | container_name: | ||
restart: always | restart: always | ||
- | image: mongo:latest | + | image: mongo:7.0-rc-jammy # DO NOT CHANGE VERSION AFTER DEPLOYMENT!! |
expose: | expose: | ||
- | | + | |
volumes: | volumes: | ||
- | | + | |
networks: | networks: | ||
- reverse_proxy | - reverse_proxy | ||
+ | environment: | ||
+ | - TZ=Europe/ | ||
meshcentral: | meshcentral: | ||
restart: always | restart: always | ||
container_name: | container_name: | ||
+ | image: ghcr.io/ | ||
depends_on: | depends_on: | ||
- | - 'mongodb' | + | - mongodb |
- | | + | |
- | | + | |
- | - 8786:443 #MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs | + | # |
environment: | environment: | ||
- | - HOSTNAME=meshcentral.laptopwiki.eu | ||
- | - REVERSE_PROXY=nginx-proxy-manager | ||
- | - REVERSE_PROXY_TLS_PORT=443 #internal https port, only change if you don't use 443 for your incoming HTTPS for some reason | ||
- | - IFRAME=false #set to true if you wish to enable iframe support | ||
- | - ALLOW_NEW_ACCOUNTS=false | ||
- | - WEBRTC=false | ||
- | - NODE_ENV=production | ||
- TZ=Europe/ | - TZ=Europe/ | ||
volumes: | volumes: | ||
- | - data:/ | + | - files:/ |
- | - files:/ | + | - / |
+ | - / | ||
+ | - / | ||
+ | - / | ||
networks: | networks: | ||
- reverse_proxy | - reverse_proxy | ||
Line 70: | Line 78: | ||
* In this, Mesh Central will use a MongoDB instance to store everything, instead of SQLite | * In this, Mesh Central will use a MongoDB instance to store everything, instead of SQLite | ||
* You must change: | * You must change: | ||
- | | + | |
- | - HOSTNAME - set your public FQDN | + | |
- | - REVERSE_PROXY - here put | + | |
- | * IP address of your NGINX Proxy Manager if it is on a different server than where Mesh Central will live | + | |
- | * internal docker Hostname if on the same Docker network <- My setup, " | + | |
* You can change | * You can change | ||
* TZ - timezone, so your logs have proper timestamps, follows standardized naming | * TZ - timezone, so your logs have proper timestamps, follows standardized naming | ||
- | | + | |
- | * Storage mounts (I had issues with MeshCentral Volume paths, so that is why I'm using volumes) | + | * Storage mounts (I had issues with MeshCentral Volume paths, so that is why I'm using volumes) |
* ALLOW_NEW_ACCOUNTS=false, | * ALLOW_NEW_ACCOUNTS=false, | ||
Line 84: | Line 88: | ||
* You will find the config file in the container' | * You will find the config file in the container' | ||
- | | + | |
- | * {{: | + | * This file will have default root permissions |
+ | * The config contains some basic settings for MongoDB, examples of custom text and branding for agents. | ||
+ | * The branding will affect logos and text in the administrator WebUI, the MeshCentral Agent (if installed in interactive mode), Service Name of the MeshCentral agent (perfect if you need to run multiple agents on one machine, for example because of migrations to a different server or multiple MSPs managing one server) as well the MeshAssistant and Android app. | ||
+ | * Logos will need to be uploaded onto the local filesystem (a URL might work, never tried it, sorry) | ||
* Open the config.json file with | * Open the config.json file with | ||
< | < | ||
- | sudo nano /var/lib/docker/volumes/meshcentral_data/_data/ | + | sudo nano /docker/containers/meshcentral/ |
</ | </ | ||
- | * If this is your initial installation, | + | * This example |
* Modify it according to this example, changing stuff like your FQDN | * Modify it according to this example, changing stuff like your FQDN | ||
- | |||
< | < | ||
+ | |||
{ | { | ||
- | " | + | |
+ | | ||
" | " | ||
+ | " | ||
" | " | ||
- | "_WANonly": | + | "_SQLite3": |
- | "_LANonly": true, | + | " |
- | "_sessionKey": "generate_password_here", | + | " |
+ | "WANonly": true, | ||
+ | "sessionKey": "null", | ||
" | " | ||
- | "_aliasPort": 443, | + | "aliasPort": 443, |
" | " | ||
- | "_redirAliasPort": 80, | + | "redirAliasPort": 80, |
" | " | ||
- | " | + | " |
- | " | + | " |
" | " | ||
- | " | + | " |
- | "mongodb": "mongodb:// | + | |
- | "mongodbcol": "mesh", | + | "Restore": |
- | "WebRTC": "false" | + | |
+ | "allowHighQualityDesktop": | ||
+ | | ||
+ | "trustedProxy": "nginx-proxy-manager" | ||
}, | }, | ||
" | " | ||
- | | + | |
- | "_title": "Mesh Central", | + | "_siteStyle": |
- | "_title2": "Mesh Central", | + | |
- | "_minify": true, | + | "title2": "LaptopWiki", |
- | "NewAccounts": " | + | "_titlePicture": |
- | "_userNameIsEmail": true, | + | " |
- | " | + | " |
+ | "maxDeviceView": | ||
+ | | ||
+ | " | ||
+ | " | ||
+ | | ||
+ | "newAccounts": | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
} | } | ||
- | | + | |
- | "_letsencrypt": { | + | "redirects": { |
- | "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>", | + | "homepage": " |
- | " | + | } |
- | | + | |
- | " | + | |
} | } | ||
} | } | ||
Line 141: | Line 287: | ||
==== So what are we changing and why? ==== | ==== So what are we changing and why? ==== | ||
- | * TLDR: | + | * TLDR: |
* Mesh Central uses a self signed certificate to talk to clients. | * Mesh Central uses a self signed certificate to talk to clients. | ||
* Since ours is behind NPM it can't communicate directly and hashes won't match. | * Since ours is behind NPM it can't communicate directly and hashes won't match. | ||
* We need to tell it to instead use NPM's certificate | * We need to tell it to instead use NPM's certificate | ||
- | - " | + | - " |
- | - " | + | |
- " | - " | ||
- " | - " | ||
- | - " | + | - " |
+ | |||
+ | |||
+ | ===== NGINX Proxy Manager ===== | ||
+ | | ||
+ | | ||
+ | | ||
+ | proxy_set_header X-Forwarded-Host $host: | ||
+ | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
+ | proxy_set_header X-Forwarded-Proto $scheme; | ||
+ | proxy_read_timeout 200s; | ||
+ | proxy_connect_timeout 200s; | ||
+ | proxy_send_timeout 200s; </ | ||
+ | ==== If Cloudflare Proxy ===== | ||
+ | - As of August 2023, MeshCentral no longer works through Cloudflare Proxy, see [[https:// | ||
+ | - < | ||
+ | - < | ||
+ | - < | ||
+ | ===== Issues ===== | ||
+ | ==== Unable to connect web socket ==== | ||
+ | * If you get this error after logging into the Mesh Central WebUI do: | ||
+ | * | ||
+ | * | ||
+ | |||
+ | —- [[: | ||