laptopwiki:guides:docker:meshcentral

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
laptopwiki:guides:docker:meshcentral [29/07/2023 23:50] – [Deploying container] dustojnikhummerlaptopwiki:guides:docker:meshcentral [12/01/2024 21:14] (current) – [If Cloudflare Proxy] dustojnikhummer
Line 1: Line 1:
 ====== Mesh Central in Docker behind NGINX Proxy Manager Reverse Proxy ====== ====== Mesh Central in Docker behind NGINX Proxy Manager Reverse Proxy ======
   * What is Nginx Proxy Manager (also known as NPM): [[https://nginxproxymanager.com/]]   * What is Nginx Proxy Manager (also known as NPM): [[https://nginxproxymanager.com/]]
-  * What is Mesh Central: https://meshcentral.com/info/+  * What is Mesh Central: [[https://meshcentral.com/info/]] 
 +  * Container we will be using, including base of my docker-compose.yml:  
 +    * [[https://hub.docker.com/r/typhonragewind/meshcentral]] 
 +    * [[https://github.com/Typhonragewind/meshcentral-docker]] 
 + 
 +====== Prerequisites ====== 
 +  - Docker environment on Linux 
 +  - Portainer, docker-compose installed 
 +  - Ports 80/443 port forwarded to your Docker host 
 +  - Reverse proxy being Nginx Proxy Manager, not Traefik as I don't use it 
 +  - Nginx Proxy Manager listening for ports 80/443 
 ===== Deploying container ===== ===== Deploying container =====
   * We will be using an unofficial, but as of writing this article still maintained and community approved, Docker version of Mesh Central   * We will be using an unofficial, but as of writing this article still maintained and community approved, Docker version of Mesh Central
Line 62: Line 73:
       * For example, TZ=Europe/Prague, TZ=America/New_York, TZ=Australia/Sydney       * For example, TZ=Europe/Prague, TZ=America/New_York, TZ=Australia/Sydney
     * Storage mounts (I had issues with MeshCentral Volume paths, so that is why I'm using volumes)     * Storage mounts (I had issues with MeshCentral Volume paths, so that is why I'm using volumes)
-    * ALLOW_NEW_ACCOUNTS=false, setting true would allow users to register \\ With FALSE on first start you can create an account, that will be your admin, after that registrations get disabled+    * ALLOW_NEW_ACCOUNTS=false, setting true would allow users to register \\ With FALSE on first start you can create an account, that will be your admin, after that registrations get disabled \\ This can also be set in config.json 
 + 
 +===== Config File ===== 
 +  * You will find the config file in the container's **/opt/meshcentral/meshcentral-data** folder 
 +    * Since I used a Docker Volume, I can use Portainer to see where that is mounted on my server's filesystem \\ For example: /var/lib/docker/volumes/meshcentral_data/_data 
 +    * {{:laptopwiki:guides:docker:meshcentral_portainer1.jpg?1000|}} 
 +  * Open the config.json file with <code> sudo nano /var/lib/docker/volumes/meshcentral_data/_data/config.json </code> 
 +  * If this is your initial installation, the config file will be pretty barebones 
 +  * Modify it according to this example, changing stuff like your FQDN 
 +<code> 
 + 
 +
 +  "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json", 
 +  "settings":
 +    "cert": "meshcentral.laptopwiki.eu", 
 +    "_WANonly": true, 
 +    "_LANonly": true, 
 +    "_sessionKey": "generate_password_here",  
 +    "port": 443, 
 +    "_aliasPort": 443, 
 +    "redirPort": 80, 
 +    "_redirAliasPort": 80, 
 +    "AgentPong": 300, 
 +    "TLSOffload": "nginx-proxy-manager", 
 +    "_ignoreAgentHashCheck": false, 
 +    "SelfUpdate": false, 
 +    "AllowFraming": "false", 
 +    "mongodb": "mongodb://mongodb:27017/mesh", 
 +    "mongodbcol": "mesh", 
 +    "WebRTC": "false" 
 +  }, 
 +  "domains":
 +        "":
 +          "_title": "Mesh Central", 
 +          "_title2": "Mesh Central", 
 +          "_minify": true, 
 +          "NewAccounts": "false", 
 +          "_userNameIsEmail": true, 
 +          "certUrl": "https://meshcentral.laptopwiki.eu:443" 
 +        } 
 +  }, 
 +  "_letsencrypt":
 +    "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>", 
 +    "_email": "[email protected]", 
 +    "_names": "myserver.mydomain.com", 
 +        "production": false 
 +  } 
 +
 +</code> 
 + 
 +  * Note: I did not touch the letsencrypt section here at all, since we are handling our SSL certificate elsewhere 
 +==== So what are we changing and why? ==== 
 +  * TLDR: 
 +    * Mesh Central uses a self signed certificate to talk to clients. 
 +    * Since ours is behind NPM it can't communicate directly and hashes won't match. 
 +    * We need to tell it to instead use NPM's certificate 
 +  - "cert": "meshcentral.laptopwiki.eu" - to tell Mesh Central what certificate to use - works even if you use a wildcard certificate (*.laptopwiki.eu) 
 +  - "_sessionKey": "generate_password_here", - please use a password manager to generate a random password here 
 +  - "TLSOffload": "nginx-proxy-manager" - set Docker hostname or IP address of your NPM installation, don't put port here 
 +  - "port": 443, - change if you don't use 443. If your NPM isn't on the same docker host this should be the exposed port (for example 8786) but I haven't tested it so I don't really know. 
 +  - "certUrl": "https://meshcentral.laptopwiki.eu:443" - Public FQDN of your Mesh Central server, including the port 
 +  * Save the file (Press Ctrl+O and Enter to save changes and Ctrl+X to exit Nano) 
 +  * Restart the container 
 + 
 +===== NGINX Proxy Manager ===== 
 +  - Add a new Proxy host as you would with any other Docker container \\ {{:laptopwiki:guides:docker:meshcentral_npm1.jpg?400|}} 
 +  - Don't forget to check **Websockets Support** 
 +  - In SSL select your certificate, force SSL and enable HTTP/2 
 +  - In the **Advanced** tab paste the following 
 +<code> 
 +proxy_set_header CF-Connecting-IP $proxy_add_x_forwarded_for; 
 +proxy_set_header X-Forwarded-Host $host:$server_port; 
 +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 +proxy_set_header X-Forwarded-Proto $scheme; 
 +</code> 
 +===== If Cloudflare Proxy ===== 
 +  * As of August 2023, MeshCentral no longer works through Cloudflare Proxy, see [[https://github.com/Ylianst/MeshCentral/issues/5302]] 
 +  - <del>This setup works fine through Cloudflare Proxy, assuming</del> 
 +  - <del>Cloudflare Dashboard -> yourdomain.tld -> SSL/TLS -> Overview -> FULL</del> 
 +  - <del>This is necessary so that the Cloudflare Proxy and your local certificate match and Cloudflare doesn't try to redirect</del> 
 + 
 +===== Issues ===== 
 +==== Unable to connect web socket ==== 
 +  - If you get this error after logging into the Mesh Central WebUI do: 
 +  - Go to NPM 
 +  - In Proxy Host -> your Mesh Central Host -> Check **Websockets Support** 
 + 
 + --- //[[laptopwiki:staff:index|dustojnikhummer]] 30/07/2023 00:11//
  • laptopwiki/guides/docker/meshcentral.1690667417.txt.gz
  • Last modified: 29/07/2023 23:50
  • by dustojnikhummer