update

2022-11-20 23:07:57 +01:00 · 2022-11-20 23:07:57 +01:00 · b67adc446a
parent 5f0cba9ad8
commit b67adc446a
1 changed files with 99 additions and 88 deletions
--- a/meshcrentral/readme.md
+++ b/meshcrentral/readme.md
@ -10,24 +10,26 @@ Powerful remote desktop toolset.

 * [Official site](https://www.meshcommander.com/meshcentral2)
 * [Github](https://github.com/Ylianst/MeshCentral)
-* [unofficial DockerHub](https://hub.docker.com/r/typhonragewind/meshcentral)
+* [ghcr.io](https://github.com/ylianst/MeshCentral/pkgs/container/meshcentral)

 Web based, can be a replacement for TeamViewer or Anydesk.<br>
 The server is written in javascript, running in node.js runtime.
 The client application is written mostly in C runnig Duktape javascript engine.

-The architecture is relatively simple.<br>
-
-* a server is running online, with ports 80/443 open
-* clients can visit the servers web and from it install Mesh Agent
-  which allows full control of the device straight from servers webpage
-
 For database the server uses a build in neDB, which should be enough for
 less than 100 clients deployments. Or MongoDB can be deployed for better
 performance and robustness but added complexity.

---
+The architecture is relatively simple.

+* a server you host is accessible through a web site
+* clients can from this site install Mesh Agent
+  which allows full control of the device from the servers web
+
+Theres also an entire aspect of possibility of using
+Intel AMT - Active Management Technology.
+
+---

 ![interface-pic](https://i.imgur.com/0egkM4J.png)

@ -38,14 +40,12 @@ performance and robustness but added complexity.
 └── ~/
    └── docker/
        └── meshcentral/
-            ├── data/
            ├── meshcentral/
            ├── .env
            └── docker-compose.yml
 ```

-* `data/` - persistent data for the MongoDB database
-* `meshcentral/` - web app persistent data
+* `meshcentral/` - persistent data, most notable is config.json in data\
 * `.env` - a file containing environment variables for docker compose
 * `docker-compose.yml` - a docker compose file, telling docker how to run the containers

@ -54,39 +54,45 @@ The directories are created by docker compose on the first run.

 # docker-compose

-There is no official docker image.
-So [This one is used.](https://github.com/Typhonragewind/meshcentral-docker)
-
-Going with the more robust MongoDB version.
+The official docker image is hosted [on github.](https://github.com/ylianst/MeshCentral/pkgs/container/meshcentral)
+More info [here](https://github.com/Ylianst/MeshCentral/tree/master/docker)<br>
+This setup goes more robust way, with a separate container running mongodb.

 `docker-compose.yml`
 ```yml
 services:
-    meshcentral_db:
-        image: mongo:latest
-        container_name: meshcentral_db
-        hostname: meshcentral_db
-        restart: unless-stopped
-        expose:
-            - 27017
-        volumes:
-            - ./meshcentral_db:/data/db
-    meshcentral:
-        image: typhonragewind/meshcentral:mongodb
-        container_name: meshcentral
-        hostname: meshcentral
-        restart: unless-stopped
-        env_file: .env
-        depends_on:
-            - meshcentral_db
-        volumes:
-            - ./meshcentral/data:/opt/meshcentral/meshcentral-data
-            - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
+
+  meshcentral-db:
+    image: mongo:latest
+    container_name: meshcentral-db
+    hostname: meshcentral-db
+    restart: unless-stopped
+    env_file: .env
+    volumes:
+      - ./meshcentral/mongodb_data:/data/db
+
+  meshcentral:
+    image: ghcr.io/ylianst/meshcentral:latest
+    container_name: meshcentral
+    hostname: meshcentral
+    restart: unless-stopped
+    env_file: .env
+    depends_on:
+      - meshcentral-db
+    volumes:
+      # config.json and other important files live here. A must for data persistence
+      - ./meshcentral/data:/opt/meshcentral/meshcentral-data
+      # where file uploads for users live
+      - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
+      # location for the meshcentral-backups - this should be mounted to an external storage
+      - ./meshcentral/backup:/opt/meshcentral/meshcentral-backup
+      # location for site customization files
+      - ./meshcentral/web:/opt/meshcentral/meshcentral-web

 networks:
  default:
    name: $DOCKER_MY_NETWORK
-    external: true
+    external: true      
 ```

 `.env`
@ -96,30 +102,70 @@ MY_DOMAIN=example.com
 DOCKER_MY_NETWORK=caddy_net
 TZ=Europe/Bratislava

-# RUSTDESK
-HOSTNAME=mesh.example.com
-REVERSE_PROXY=10     #set to your reverse proxy IP
-REVERSE_PROXY_TLS_PORT=443
-IFRAME=false #set to true if you wish to enable iframe support
-ALLOW_NEW_ACCOUNTS=false    
-WEBRTC=false  #set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution
+# MESHCENTRAL
 NODE_ENV=production
+
+# initial mongodb-variables
+MONGO_INITDB_ROOT_USERNAME=mongodbadmin
+MONGO_INITDB_ROOT_PASSWORD=mongodbpasswd
+
+# initial meshcentral-variables
+# the following options are only used if no config.json exists in the data-folder
+
+# your hostname
+HOSTNAME=mesh.example.com
+USE_MONGODB=true
+# set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy 
+REVERSE_PROXY=example.com
+REVERSE_PROXY_TLS_PORT=443
+# set to true if you wish to enable iframe support
+IFRAME=false
+# set to false if you want disable self-service creation of new accounts besides the first (admin)
+ALLOW_NEW_ACCOUNTS=true
+# set to true to enable WebRTC - per documentation it is not officially released with meshcentral and currently experimental. Use with caution
+WEBRTC=false
+# set to true to allow plugins
+ALLOWPLUGINS=false
+# set to true to allow session recording
+LOCALSESSIONRECORDING=false
+# set to enable or disable minification of json, reduces traffic
+MINIFY=true
 ```

-# Port forwarding
+Bit of an issue is that the official project expects to find the database
+at the hostname `mongodb`. It's hardcoded in the
+[startup.sh](https://github.com/Ylianst/MeshCentral/blob/master/docker/startup.sh)
+which on first run generates `config.json`.<br> 
+This is not ideal as one likely will run several containers and 
+undescriptive container name or hostname is annoying.<br>

-as can be seen in the compose
+To deal with this, **run it first time for few minutes, then down it, edit the** 
+`.\meshcentral\data\config.json` and change the mongoDb line to look like this:

-* **21115 - 21119** TCP need to be forwarded to docker host<br>
-* **21116** is TCP and UDP 
+    "settings": {
+      "mongoDb": "mongodb://mongodbadmin:mongodbpasswd@meshcentral-db:27017",
+    },

-21115 is used for the NAT type test,
-21116/UDP is used for the ID registration and heartbeat service,
-21116/TCP is used for TCP hole punching and connection service,
-21117 is used for the Relay services,
-and 21118 and 21119 are used to support web clients. 
+if meshcentral container shows: *ERROR: Unable to parse /opt/meshcentral/meshcentral-data/config.json*<br>
+you need to down it, delete the `meshcentral` with the persistent data,
+and up it again, now let it run longer before downing and editing the database path.

-[source](https://rustdesk.com/docs/en/self-host/install/)
+# Reverse proxy
+
+Caddy v2 is used, details
+[here](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/caddy_v2).</br>
+
+`Caddyfile`
+```
+mesh.{$MY_DOMAIN} {
+    reverse_proxy meshcentral:443 {
+        transport http {
+            tls
+            tls_insecure_skip_verify
+        }
+    }
+}
+```

 ---

@ -128,46 +174,11 @@ and 21118 and 21119 are used to support web clients.
 # The usage on clients


-* download and install the client apps from [the official site](https://rustdesk.com/)
-* three dots near ID > ID/Relay Server > ID Server: rust.example.com > OK
-* the green dot at the bottom should stay green saying "ready"
-* done
-* in the docker server logs you should see machines public IP and ID code it was given

-# Encrypted use
-
-![settings-pic](https://i.imgur.com/6mKkSuh.png)
-
-For encrypted communication and to prevent undesirables access to the server
-
-* the encryption public key is on the docker host:<br>
-  `~/docker/rustdesk/data/id_ed25519.pub`
-* you can manually add it to any client application<br>
-  three dots near ID > ID/Relay Server > Key: 3AVva64bn1ea2vsDuOuQH3i8+2M=
-* to only allow clients with the key on server:<br>
-  in the env_file set `ENCRYPTED_ONLY=1` and down/up the compose.
-
-[On windows](https://rustdesk.com/docs/en/self-host/install/#put-config-in-rustdeskexe-file-name-windows-only)
-one can deploy client with these settings pre-set by renaming
-the installation file to: `rustdesk-host=<host-ip-or-name>,key=<public-key-string>.exe`
-
-example: `rustdesk-host=rust.example.com,key=3AVva64bn1ea2vsDuOuQH3i8+2M=.exe`
-
-If by chance the public key contains symbols not usable in windows filenames,
-down the container, delete the files `id_ed25519` and `id_ed25519.pub`,
-up the container

 # Trouble shooting

-From what I read, most client side issues come from two differently set rustdesk
-client applications running on the same machine.<br>

-Uninstall/remove all, plus delete:
-
-* `C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\RustDesk`
-* `%AppData%\RustDesk`
-
-restart and do fresh client install

 # Update