update
This commit is contained in:
parent
5f0cba9ad8
commit
b67adc446a
|
@ -10,24 +10,26 @@ Powerful remote desktop toolset.
|
|||
|
||||
* [Official site](https://www.meshcommander.com/meshcentral2)
|
||||
* [Github](https://github.com/Ylianst/MeshCentral)
|
||||
* [unofficial DockerHub](https://hub.docker.com/r/typhonragewind/meshcentral)
|
||||
* [ghcr.io](https://github.com/ylianst/MeshCentral/pkgs/container/meshcentral)
|
||||
|
||||
Web based, can be a replacement for TeamViewer or Anydesk.<br>
|
||||
The server is written in javascript, running in node.js runtime.
|
||||
The client application is written mostly in C runnig Duktape javascript engine.
|
||||
|
||||
The architecture is relatively simple.<br>
|
||||
|
||||
* a server is running online, with ports 80/443 open
|
||||
* clients can visit the servers web and from it install Mesh Agent
|
||||
which allows full control of the device straight from servers webpage
|
||||
|
||||
For database the server uses a build in neDB, which should be enough for
|
||||
less than 100 clients deployments. Or MongoDB can be deployed for better
|
||||
performance and robustness but added complexity.
|
||||
|
||||
---
|
||||
The architecture is relatively simple.
|
||||
|
||||
* a server you host is accessible through a web site
|
||||
* clients can from this site install Mesh Agent
|
||||
which allows full control of the device from the servers web
|
||||
|
||||
Theres also an entire aspect of possibility of using
|
||||
Intel AMT - Active Management Technology.
|
||||
|
||||
---
|
||||
|
||||
![interface-pic](https://i.imgur.com/0egkM4J.png)
|
||||
|
||||
|
@ -38,14 +40,12 @@ performance and robustness but added complexity.
|
|||
└── ~/
|
||||
└── docker/
|
||||
└── meshcentral/
|
||||
├── data/
|
||||
├── meshcentral/
|
||||
├── .env
|
||||
└── docker-compose.yml
|
||||
```
|
||||
|
||||
* `data/` - persistent data for the MongoDB database
|
||||
* `meshcentral/` - web app persistent data
|
||||
* `meshcentral/` - persistent data, most notable is config.json in data\
|
||||
* `.env` - a file containing environment variables for docker compose
|
||||
* `docker-compose.yml` - a docker compose file, telling docker how to run the containers
|
||||
|
||||
|
@ -54,39 +54,45 @@ The directories are created by docker compose on the first run.
|
|||
|
||||
# docker-compose
|
||||
|
||||
There is no official docker image.
|
||||
So [This one is used.](https://github.com/Typhonragewind/meshcentral-docker)
|
||||
|
||||
Going with the more robust MongoDB version.
|
||||
The official docker image is hosted [on github.](https://github.com/ylianst/MeshCentral/pkgs/container/meshcentral)
|
||||
More info [here](https://github.com/Ylianst/MeshCentral/tree/master/docker)<br>
|
||||
This setup goes more robust way, with a separate container running mongodb.
|
||||
|
||||
`docker-compose.yml`
|
||||
```yml
|
||||
services:
|
||||
meshcentral_db:
|
||||
image: mongo:latest
|
||||
container_name: meshcentral_db
|
||||
hostname: meshcentral_db
|
||||
restart: unless-stopped
|
||||
expose:
|
||||
- 27017
|
||||
volumes:
|
||||
- ./meshcentral_db:/data/db
|
||||
meshcentral:
|
||||
image: typhonragewind/meshcentral:mongodb
|
||||
container_name: meshcentral
|
||||
hostname: meshcentral
|
||||
restart: unless-stopped
|
||||
env_file: .env
|
||||
depends_on:
|
||||
- meshcentral_db
|
||||
volumes:
|
||||
- ./meshcentral/data:/opt/meshcentral/meshcentral-data
|
||||
- ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
|
||||
|
||||
meshcentral-db:
|
||||
image: mongo:latest
|
||||
container_name: meshcentral-db
|
||||
hostname: meshcentral-db
|
||||
restart: unless-stopped
|
||||
env_file: .env
|
||||
volumes:
|
||||
- ./meshcentral/mongodb_data:/data/db
|
||||
|
||||
meshcentral:
|
||||
image: ghcr.io/ylianst/meshcentral:latest
|
||||
container_name: meshcentral
|
||||
hostname: meshcentral
|
||||
restart: unless-stopped
|
||||
env_file: .env
|
||||
depends_on:
|
||||
- meshcentral-db
|
||||
volumes:
|
||||
# config.json and other important files live here. A must for data persistence
|
||||
- ./meshcentral/data:/opt/meshcentral/meshcentral-data
|
||||
# where file uploads for users live
|
||||
- ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
|
||||
# location for the meshcentral-backups - this should be mounted to an external storage
|
||||
- ./meshcentral/backup:/opt/meshcentral/meshcentral-backup
|
||||
# location for site customization files
|
||||
- ./meshcentral/web:/opt/meshcentral/meshcentral-web
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: $DOCKER_MY_NETWORK
|
||||
external: true
|
||||
external: true
|
||||
```
|
||||
|
||||
`.env`
|
||||
|
@ -96,30 +102,70 @@ MY_DOMAIN=example.com
|
|||
DOCKER_MY_NETWORK=caddy_net
|
||||
TZ=Europe/Bratislava
|
||||
|
||||
# RUSTDESK
|
||||
HOSTNAME=mesh.example.com
|
||||
REVERSE_PROXY=10 #set to your reverse proxy IP
|
||||
REVERSE_PROXY_TLS_PORT=443
|
||||
IFRAME=false #set to true if you wish to enable iframe support
|
||||
ALLOW_NEW_ACCOUNTS=false
|
||||
WEBRTC=false #set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution
|
||||
# MESHCENTRAL
|
||||
NODE_ENV=production
|
||||
|
||||
# initial mongodb-variables
|
||||
MONGO_INITDB_ROOT_USERNAME=mongodbadmin
|
||||
MONGO_INITDB_ROOT_PASSWORD=mongodbpasswd
|
||||
|
||||
# initial meshcentral-variables
|
||||
# the following options are only used if no config.json exists in the data-folder
|
||||
|
||||
# your hostname
|
||||
HOSTNAME=mesh.example.com
|
||||
USE_MONGODB=true
|
||||
# set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy
|
||||
REVERSE_PROXY=example.com
|
||||
REVERSE_PROXY_TLS_PORT=443
|
||||
# set to true if you wish to enable iframe support
|
||||
IFRAME=false
|
||||
# set to false if you want disable self-service creation of new accounts besides the first (admin)
|
||||
ALLOW_NEW_ACCOUNTS=true
|
||||
# set to true to enable WebRTC - per documentation it is not officially released with meshcentral and currently experimental. Use with caution
|
||||
WEBRTC=false
|
||||
# set to true to allow plugins
|
||||
ALLOWPLUGINS=false
|
||||
# set to true to allow session recording
|
||||
LOCALSESSIONRECORDING=false
|
||||
# set to enable or disable minification of json, reduces traffic
|
||||
MINIFY=true
|
||||
```
|
||||
|
||||
# Port forwarding
|
||||
Bit of an issue is that the official project expects to find the database
|
||||
at the hostname `mongodb`. It's hardcoded in the
|
||||
[startup.sh](https://github.com/Ylianst/MeshCentral/blob/master/docker/startup.sh)
|
||||
which on first run generates `config.json`.<br>
|
||||
This is not ideal as one likely will run several containers and
|
||||
undescriptive container name or hostname is annoying.<br>
|
||||
|
||||
as can be seen in the compose
|
||||
To deal with this, **run it first time for few minutes, then down it, edit the**
|
||||
`.\meshcentral\data\config.json` and change the mongoDb line to look like this:
|
||||
|
||||
* **21115 - 21119** TCP need to be forwarded to docker host<br>
|
||||
* **21116** is TCP and UDP
|
||||
"settings": {
|
||||
"mongoDb": "mongodb://mongodbadmin:mongodbpasswd@meshcentral-db:27017",
|
||||
},
|
||||
|
||||
21115 is used for the NAT type test,
|
||||
21116/UDP is used for the ID registration and heartbeat service,
|
||||
21116/TCP is used for TCP hole punching and connection service,
|
||||
21117 is used for the Relay services,
|
||||
and 21118 and 21119 are used to support web clients.
|
||||
if meshcentral container shows: *ERROR: Unable to parse /opt/meshcentral/meshcentral-data/config.json*<br>
|
||||
you need to down it, delete the `meshcentral` with the persistent data,
|
||||
and up it again, now let it run longer before downing and editing the database path.
|
||||
|
||||
[source](https://rustdesk.com/docs/en/self-host/install/)
|
||||
# Reverse proxy
|
||||
|
||||
Caddy v2 is used, details
|
||||
[here](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/caddy_v2).</br>
|
||||
|
||||
`Caddyfile`
|
||||
```
|
||||
mesh.{$MY_DOMAIN} {
|
||||
reverse_proxy meshcentral:443 {
|
||||
transport http {
|
||||
tls
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
|
@ -128,46 +174,11 @@ and 21118 and 21119 are used to support web clients.
|
|||
# The usage on clients
|
||||
|
||||
|
||||
* download and install the client apps from [the official site](https://rustdesk.com/)
|
||||
* three dots near ID > ID/Relay Server > ID Server: rust.example.com > OK
|
||||
* the green dot at the bottom should stay green saying "ready"
|
||||
* done
|
||||
* in the docker server logs you should see machines public IP and ID code it was given
|
||||
|
||||
# Encrypted use
|
||||
|
||||
![settings-pic](https://i.imgur.com/6mKkSuh.png)
|
||||
|
||||
For encrypted communication and to prevent undesirables access to the server
|
||||
|
||||
* the encryption public key is on the docker host:<br>
|
||||
`~/docker/rustdesk/data/id_ed25519.pub`
|
||||
* you can manually add it to any client application<br>
|
||||
three dots near ID > ID/Relay Server > Key: 3AVva64bn1ea2vsDuOuQH3i8+2M=
|
||||
* to only allow clients with the key on server:<br>
|
||||
in the env_file set `ENCRYPTED_ONLY=1` and down/up the compose.
|
||||
|
||||
[On windows](https://rustdesk.com/docs/en/self-host/install/#put-config-in-rustdeskexe-file-name-windows-only)
|
||||
one can deploy client with these settings pre-set by renaming
|
||||
the installation file to: `rustdesk-host=<host-ip-or-name>,key=<public-key-string>.exe`
|
||||
|
||||
example: `rustdesk-host=rust.example.com,key=3AVva64bn1ea2vsDuOuQH3i8+2M=.exe`
|
||||
|
||||
If by chance the public key contains symbols not usable in windows filenames,
|
||||
down the container, delete the files `id_ed25519` and `id_ed25519.pub`,
|
||||
up the container
|
||||
|
||||
# Trouble shooting
|
||||
|
||||
From what I read, most client side issues come from two differently set rustdesk
|
||||
client applications running on the same machine.<br>
|
||||
|
||||
Uninstall/remove all, plus delete:
|
||||
|
||||
* `C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\RustDesk`
|
||||
* `%AppData%\RustDesk`
|
||||
|
||||
restart and do fresh client install
|
||||
|
||||
# Update
|
||||
|
||||
|
|
Loading…
Reference in New Issue