laptopwiki:guides:docker:meshcentral

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
laptopwiki:guides:docker:meshcentral [06/01/2025 10:09] dustojnikhummerlaptopwiki:guides:docker:meshcentral [08/03/2025 18:58] (current) – external edit 127.0.0.1
Line 3: Line 3:
   * What is Nginx Proxy Manager (also known as NPM): [[https://nginxproxymanager.com/|https://nginxproxymanager.com/]]   * What is Nginx Proxy Manager (also known as NPM): [[https://nginxproxymanager.com/|https://nginxproxymanager.com/]]
   * What is Mesh Central: [[https://meshcentral.com/info/|https://meshcentral.com/]]   * What is Mesh Central: [[https://meshcentral.com/info/|https://meshcentral.com/]]
-  * Container we will be using, including base of my docker-compose.yml:      * [[https://github.com/Ylianst/MeshCentral/tree/master/docker|https://github.com/Ylianst/MeshCentral/tree/master/docker]]+  * Container we will be using, including base of my docker-compose.yml: [[https://github.com/Ylianst/MeshCentral/tree/master/docker|https://github.com/Ylianst/MeshCentral/tree/master/docker]]
       * [[https://ghcr.io/ylianst/meshcentral|https://ghcr.io/ylianst/meshcentral]]       * [[https://ghcr.io/ylianst/meshcentral|https://ghcr.io/ylianst/meshcentral]]
  
Line 24: Line 24:
   * Run   * Run
 <code> <code>
 +
 sudo docker compose up -d sudo docker compose up -d
  
Line 34: Line 35:
   reverse_proxy:   reverse_proxy:
     external: true     external: true
 +
 volumes: volumes:
   files:   files:
Line 55: Line 57:
         restart: always         restart: always
         container_name: meshcentral         container_name: meshcentral
-        image: ghcr.io/ylianst/meshcentral:1.1.30+        image: ghcr.io/ylianst/meshcentral:1.1.37
         depends_on:         depends_on:
             - mongodb             - mongodb
         #ports:         #ports:
         #    - 4433:4433 # This is used for Intel AMT, uncomment if you don't need it         #    - 4433:4433 # This is used for Intel AMT, uncomment if you don't need it
-        #    - 443:443 # You don't need to expose the port 443 directly if MeshCentral is behind a reverse proxy+        #    - 443:443 # You don't need to expose the port 443 directly if MeshCentral is behind a reverse proxy, this is just for debugging
         environment:         environment:
             - TZ=Europe/Prague             - TZ=Europe/Prague
Line 75: Line 77:
  
   * In this, Mesh Central will use a MongoDB instance to store everything, instead of SQLite   * In this, Mesh Central will use a MongoDB instance to store everything, instead of SQLite
-  * You must change:      - Network name to match what your NPM is using, in my case that name is "reverse_proxy" +  * You must change: 
-      - HOSTNAME - set your public FQDN +    - Network name to match what your NPM is using, in my case that name is "reverse_proxy" 
-      - REVERSE_PROXY - here put        * IP address of your NGINX Proxy Manager if it is on a different server than where Mesh Central will live +  * You can change 
-        * internal docker Hostname if on the same Docker network <- My setup, "nginx-proxy-manager" is the Docker hostname. **DO NOT USE DOCKER NETWORK IP ADDRESSES, they aren't static** +      * TZ - timezone, so your logs have proper timestamps, follows standardized naming  [[https://en.wikipedia.org/wiki/List_of_tz_database_time_zones|https://en.wikipedia.org/wiki/List_of_tz_database_time_zones]] 
-  * You can change      * TZ - timezone, so your logs have proper timestamps, follows standardized naming   [[https://en.wikipedia.org/wiki/List_of_tz_database_time_zones|https://en.wikipedia.org/wiki/List_of_tz_database_time_zones]] +      * For example, TZ=Europe/Prague, TZ=America/New_York, TZ=Australia/Sydney 
-         For example, TZ=Europe/Prague, TZ=America/New_York, TZ=Australia/Sydney +  * Storage mounts (I had issues with MeshCentral Volume paths, so that is why I'm using volumes) 
-      * Storage mounts (I had issues with MeshCentral Volume paths, so that is why I'm using volumes) +      * ALLOW_NEW_ACCOUNTS=false, setting true would allow users to register \\ With FALSE on first start you can create an account, that will be your admin, after that registrations get disabled \\ This can also be set in config.json
-      * ALLOW_NEW_ACCOUNTS=false, setting true would allow users to register  \\ With FALSE on first start you can create an account, that will be your admin, after that registrations get disabled  \\ This can also be set in config.json+
  
 ===== Config File ===== ===== Config File =====
  
-  * You will find the config file in the container's **/opt/meshcentral/meshcentral-data**   folder      * In the last VOLUME section we mounted the file from the container directly to a folder on our local filesystem, /docker/containers/meshcentral/config.json:/opt/meshcentral/meshcentral-data/config.json +  * You will find the config file in the container's **/opt/meshcentral/meshcentral-data**  folder 
-      * This file will have default root permissions +  * In the last VOLUME section we mounted the file from the container directly to a folder on our local filesystem, /docker/containers/meshcentral/config.json:/opt/meshcentral/meshcentral-data/config.json 
-  * The config contains some basic settings for MongoDB, examples of custom text and branding for agents.      * The branding will affect logos and text in the administrator WebUI, the MeshCentral Agent (if installed in interactive mode), Service Name of the MeshCentral agent (perfect if you need to run multiple agents on one machine, for example because of migrations to a different server or multiple MSPs managing one server) as well the MeshAssistant and Android app.+    * This file will have default root permissions 
 +  * The config contains some basic settings for MongoDB, examples of custom text and branding for agents.  
 +  * The branding will affect logos and text in the administrator WebUI, the MeshCentral Agent (if installed in interactive mode), Service Name of the MeshCentral agent (perfect if you need to run multiple agents on one machine, for example because of migrations to a different server or multiple MSPs managing one server) as well the MeshAssistant and Android app.
       * Logos will need to be uploaded onto the local filesystem (a URL might work, never tried it, sorry)       * Logos will need to be uploaded onto the local filesystem (a URL might work, never tried it, sorry)
   * Open the config.json file with   * Open the config.json file with
Line 284: Line 287:
 ==== So what are we changing and why? ==== ==== So what are we changing and why? ====
  
-  * TLDR:      * Mesh Central uses a self signed certificate to talk to clients.+  * TLDR:  
 +      * Mesh Central uses a self signed certificate to talk to clients.
       * Since ours is behind NPM it can't communicate directly and hashes won't match.       * Since ours is behind NPM it can't communicate directly and hashes won't match.
       * We need to tell it to instead use NPM's certificate       * We need to tell it to instead use NPM's certificate
Line 291: Line 295:
   - "TLSOffload": "nginx-proxy-manager" - set Docker hostname or IP address of your NPM installation, don't put port here   - "TLSOffload": "nginx-proxy-manager" - set Docker hostname or IP address of your NPM installation, don't put port here
   - "port": 443, - change if you don't use 443. If your NPM isn't on the same docker host this should be the exposed port (for example 8786) but I haven't tested it so I don't really know.   - "port": 443, - change if you don't use 443. If your NPM isn't on the same docker host this should be the exposed port (for example 8786) but I haven't tested it so I don't really know.
-  - "certUrl": "https://meshcentral.laptopwiki.eu:443" - Public FQDN of your Mesh Central server, including the port * Save the file (Press Ctrl+O and Enter to save changes and Ctrl+X to exit Nano) \ * Start the Docker Compose project ''sudo docker compose up -d +  - "certUrl": "https://meshcentral.laptopwiki.eu:443" - Public FQDN of your Mesh Central server, including the port * Save the file (Press Ctrl+O and Enter to save changes and Ctrl+X to exit Nano) \ * Start the Docker Compose project ''sudo docker compose up -d '' // 
-''+ 
 =====  NGINX Proxy Manager ===== =====  NGINX Proxy Manager =====
-  - Add a new Proxy host as you would with any other Docker container +  - Add a new Proxy host as you would with any other Docker container \\  {{:laptopwiki:guides:docker:meshcentral_npm1.png?400}} 
-  - The following screenshot has an error - **SCHEME = https** \\ {{:laptopwiki:guides:docker:meshcentral_npm1.png?400}} +  - Check Cache Assets, Block Common Exploits and Websockets Support - In SSL, select your certificate, force SSL and enable HTTP/2 
-  - Check Cache Assets, Block Common Exploits and Websockets Support +  - In the **Advanced**  tab paste the following <code>proxy_set_header CF-Connecting-IP $proxy_add_x_forwarded_for;
-  - In SSL, select your certificate, force SSL and enable HTTP/2 +
-  - In the **Advanced**   tab paste the following <code>proxy_set_header CF-Connecting-IP $proxy_add_x_forwarded_for;+
 proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Host $host:$server_port;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Line 304: Line 307:
 proxy_read_timeout 200s; proxy_read_timeout 200s;
 proxy_connect_timeout 200s; proxy_connect_timeout 200s;
-proxy_send_timeout 200s;</code> +proxy_send_timeout 200s; </code> \\ {{:laptopwiki:guides:docker:meshcentral_npm2.png?400}}  
- +==== If Cloudflare Proxy  ===== 
-===== If Cloudflare Proxy ===== +  - As of August 2023, MeshCentral no longer works through Cloudflare Proxy, see [[https://github.com/Ylianst/MeshCentral/issues/5302|https://github.com/Ylianst/MeshCentral/issues/5302]] 
-  - As of August 2023, MeshCentral no longer works through Cloudflare Proxy, see  [[https://github.com/Ylianst/MeshCentral/issues/5302|https://github.com/Ylianst/MeshCentral/issues/5302]] - <del>This setup works fine through Cloudflare Proxy, assuming</del>+  - <del>This setup works fine through Cloudflare Proxy, assuming</del>
   - <del>Cloudflare Dashboard → yourdomain.tld → SSL/TLS → Overview → FULL</del>   - <del>Cloudflare Dashboard → yourdomain.tld → SSL/TLS → Overview → FULL</del>
   - <del>This is necessary so that the Cloudflare Proxy and your local certificate match and Cloudflare doesn't try to redirect</del>   - <del>This is necessary so that the Cloudflare Proxy and your local certificate match and Cloudflare doesn't try to redirect</del>
Line 313: Line 316:
 ==== Unable to connect web socket ==== ==== Unable to connect web socket ====
   * If you get this error after logging into the Mesh Central WebUI do:   * If you get this error after logging into the Mesh Central WebUI do:
-  * Go to NPM - In Proxy Host → your Mesh Central Host → Check **Websockets Support**+     Go to NPM - In Proxy Host → your Mesh Central Host → Check **Websockets Support**  
 +    *  
 + 
 +—- [[:laptopwiki:staff:index|dustojnikhummer]] 20/09/2024 17:28 //
  
  
----- 
-[[:laptopwiki:staff:index|dustojnikhummer]] 20/09/2024 17:28 
  • laptopwiki/guides/docker/meshcentral.1736154547.txt.gz
  • Last modified: 08/03/2025 18:58
  • (external edit)