"WANonly":{"type":"boolean","default":false,"description":"When enabled, only MeshCentral WAN features are enabled and agents will connect to the server using a well known DNS name."},
"LANonly":{"type":"boolean","default":false,"description":"When enabled, only MeshCentral LAN features are enabled and agents will find the server using multicast LAN packets."},
"maintenanceMode":{"type":"boolean","default":false,"description":"When enabled the server is in maintenance mode, only administrators can login. Use the maintenance command in server console to change."},
"agentPort":{"type":"integer","minimum":1,"maximum":65535,"description":"When set, enabled a new HTTPS server port that only accepts agent connections."},
"agentPortBind":{"type":"string","description":"When set, binds the agent port to a specific network interface."},
"agentAliasPort":{"type":"integer","minimum":1,"maximum":65535,"description":"When set, indicates the actual publically visible agent-only port. If not set, the AgentPort value is used."},
"agentAliasDNS":{"type":"string","format":"hostname","description":"When set, specified the DNS name used by agents to connect to the agent-only port."},
"agentPortTls":{"type":"boolean","default":true,"description":"Indicates if the agent-only port must perform TLS, this should be set to false if TLS is performed in front of this server."},
"agentCoreDump":{"type":"boolean","default":false,"description":"Automatically activates and transfers any agent crash dump files to the server in meshcentral-data/coredumps."},
"ignoreAgentHashCheck":{"type":"boolean","default":false,"description":"When true, the agent no longer checked the TLS certificate of the server. This should be used for debugging only."},
"allowFraming":{"type":"boolean","default":false,"description":"When enabled, the MeshCentral web site can be embedded within another website's iframe."},
"cookieEncoding":{"type":"string","enum":["hex","base64"],"default":"base64","description":"Encoding format of cookies in the HTTP headers, this is typically Base64 but some reverse proxies will require HEX."},
"webRTC":{"type":"boolean","default":false,"description":"When enabled, allows use of WebRTC to allow direct network traffic between the agent and browser."},
"nice404":{"type":"boolean","default":true,"description":"By default, a nice looking 404 error page is displayed when needed. Set this to false to disable it."},
"selfUpdate":{"type":"boolean","default":false,"description":"When true, this server will attempt to self-update everyday after midnight."},
"browserPing":{"type":"integer","minimum":1,"description":"When specified, sends data to the browser at x seconds interval and expects a response from the browser."},
"browserPong":{"type":"integer","minimum":1,"description":"When specified, sends data to the browser at x seconds interval."},
"agentPing":{"type":"integer","minimum":1,"description":"When specified, sends data to the agent at x seconds interval and expects a response from the agent."},
"agentPong":{"type":"integer","minimum":1,"description":"When specified, sends data to the agent at x seconds interval."},
"orphanAgentUser":{"type":"string","default":null,"description":"If an agent attempts to connect to a unknown device group, automatically create a new device group and grant access to the specified user. Example: admin"},
"agentwscompression":{"type":"boolean","default":true,"description":"Enables agent-side, websocket per-message deflate compression. wscompression must also be true for this to work."},
"authLog":{"type":"string","default":null,"description":"File path and name of the authentication log to be created. This log can be parsed by Fail2ban."},
"description":"When this server is in LAN mode, you may discover this server using a multicast discovery tool. When discovery happens, the name and info fields are sent back to the discovery tool.",
"key":{"type":"string","description":"When set, encrypts all LAN discovery traffic to agents and tools using this key. This is only useful in LAN/Hybrid mode when agents and tools user multicast to find the server."}
"description":"Enabled automated upload of the server backups to a Google Drive account, once enabled you need to go in \"My Server\" tab as administrator to associate the account.",
"properties":{
"folderName":{"type":"integer","default":"MeshCentral-Backups","description":"The name of the folder to create in the Google Drive account."},
"maxFiles":{"type":"string","default":null,"description":"The maximum number of files to keep in the Google Drive folder, older files will be removed if needed."}
"folderName":{"type":"integer","default":"MeshCentral-Backups","description":"The name of the folder to create in the WebDAV account."},
"maxFiles":{"type":"string","default":null,"description":"The maximum number of files to keep in the WebDAV folder, older files will be removed if needed."}
"title":{"type":"string","default":"MeshCentral","description":"The title of this web site. All web pages will have this title."},
"title2":{"type":"string","default":null,"description":"Secondary title text that is placed on the upper right on the title on many web pages."},
"titlePicture":{"type":"string","default":null,"description":"Web site .png logo file that is 450x66 in size placed in meshcentral-data that is used on the top of many pages."},
"loginPicture":{"type":"string","default":null,"description":"Web site .png logo file placed in meshcentral-data that used on the login page when sitestyle is 2."},
"loginKey":{"type":["string","array"],"items":{"type":"string"},"default":null,"description":"Requires that users add the value ?key=xxx in the URL in order to see the web site."},
"userNameIsEmail":{"type":"boolean","default":false,"description":"When enabled, the username of each account is also the email address of the account."},
"welcomePicture":{"type":"string","description":"Name of the PNG or JPEG file that will be shown on the login screen. Put this file in the meshcentral-data folder and place the file name here."},
"loginfooter":{"type":"string","default":null,"description":"This is a HTML string displayed at the bottom of the web page when a user is not logged in."},
"description":"https url when to get the TLS certificate that MeshAgent's will see when connecting to this server. This setting is used when a reverse proxy like NGINX is used in front of MeshCentral."
"twoFactorCookieDurationDays":{"type":"integer","default":30,"description":"Number of days that a user is allowed to remember this device for when completing 2FA. Set this to 0 to remove this option."},
"auth":{"type":"string","default":null,"enum":[null,"sspi","ldap"],"description":"Type of user authentication to use, this can be SSPI on Windows or LDAP. If not set, username/password is used."},
"ldapUserKey":{"type":"string"},
"ldapUserName":{"type":"string"},
"ldapUserEmail":{"type":"string"},
"ldapUserRealName":{"type":"string"},
"ldapUserPhoneNumber":{"type":"string"},
"ldapOptions":{"type":"object","description":"LDAP options passed to ldapauth-fork"},
"agentInviteCodes":{"type":"boolean","default":false,"description":"Enabled a feature where you can set one or more invitation codes in a device group. You can then give a invitation link to users who can use it to download the agent."},
"agentNoProxy":{"type":"boolean","default":false,"description":"When enabled, all newly installed MeshAgents will be instructed to no use a HTTP/HTTPS proxy even if one is configured on the remote system"},
"description":"This section is used to indicate if parts of the meshagent.tag file should be used to set server-side device properties.",
"additionalProperties":false,
"properties":{
"ServerName":{"type":"integer","default":0,"description":"Action taken if one of the lines in meshagent.tag contains ~ServerName:name. 0=Ignore, 1=Set."},
"ServerDesc":{"type":"integer","default":0,"description":"Action taken if one of the lines in meshagent.tag contains ~ServerDesc:desc. 0=Ignore, 1=Set, 2=SetIfEmpty."},
"ServerTags":{"type":"integer","default":0,"description":"Action taken if one of the lines in meshagent.tag contains ~ServerTags:tag1,tag2,tag3. 0=Ignore, 1=Set, 2=SetIfEmpty, 3=Append."}
"geoLocation":{"type":"boolean","default":false,"description":"Enables the geo-location feature and device location map in the user interface, this feature is not being worked on."},
"novnc":{"type":"boolean","default":true,"description":"When enabled, activates the built-in web-based noVNC client."},
"mstsc":{"type":"boolean","default":false,"description":"When enabled, activates the built-in web-based RDP client."},
"webEmailsPath":{"type":"string","description":"Path where to find custom email templates for this domain."},
"description":"Use this section to customize the agent branding.",
"properties":{
"displayName":{"type":"string","default":"MeshCentral Agent","description":"The name of the agent as displayed to the user."},
"description":{"type":"string","default":"Mesh Agent background service","description":"The description of the agent as displayed to the user."},
"companyName":{"type":"string","default":"Mesh Agent","description":"This will be used as the path to install the agent, by default this is 'Mesh Agent' in Windows and 'meshagent' in other OS's."},
"serviceName":{"type":"string","default":"Mesh Agent","description":"The name of the background service, by default this is 'Mesh Agent' in Windows and 'meshagent' in other OS's but should be set to an all lower case, no space string."},
"onlySelectedDeviceGroups":{"type":"boolean","default":false,"description":"When enabled, only device groups with the session recording feature turned on will be recorded. When false, all devices are recorded."},
"description":"If your server has a proper DNS name and it public facing on the Internet with a public facing HTTP server on port 80, you can get a free TLS certificate.",
"email":{"type":"string","format":"email","description":"Email address of the administrator of this server. Make sure this is a valid email address otherwise the certificate request will fail."},
"production":{"type":"boolean","default":false,"description":"By default a test certificate will be obtained from Let's Encrypt. Always start by getting a test certificate and make sure that works before setting this to true and obtaining a production certificaite. Making too many bad requests for a production certificate will get you banned for a long period of time."}