From 118044bcf307c272237c887669ae87dcc215b5db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sch=C3=B6n?= Date: Mon, 6 Jun 2022 19:39:36 +0200 Subject: [PATCH 1/4] use meshcentral files from local repository instead of the npm module --- .dockerignore | 9 +++++++++ docker/Dockerfile | 29 +++++++++++++++++++++-------- docker/startup.sh | 13 ++++++------- 3 files changed, 36 insertions(+), 15 deletions(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..8615a470 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,9 @@ +.github/ +.vscode/ +docs/ +.gitignore +.gitlab-ci.yml +*.bat +*.sln +*.njsproj +*.md diff --git a/docker/Dockerfile b/docker/Dockerfile index 9ab749f6..49eb56a3 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -5,17 +5,30 @@ FROM node:slim #Add non-root user, add installation directories and assign proper permissions RUN mkdir -p /opt/meshcentral -#meshcentral installation +# meshcentral installation WORKDIR /opt/meshcentral -RUN npm install meshcentral -#Install dependencies for plugins -RUN npm install nedb -COPY config.json.template /opt/meshcentral/config.json.template -COPY startup.sh startup.sh -#environment variables +RUN mkdir /opt/meshcentral/meshcentral +COPY ./ /opt/meshcentral/meshcentral/ +COPY ./docker/config.json.template /opt/meshcentral/config.json.template +COPY ./docker/startup.sh startup.sh +RUN rm -rf ./docker + +# install dependencies from package.json +RUN cd meshcentral && npm install + +# install dependencies for plugins +RUN cd meshcentral && npm install nedb + +# minify files - first try throws Error: Cannot find module 'jsdom' +RUN cd meshcentral/translate && node translate.js minifyall; exit 0 +RUN cd meshcentral/translate && node translate.js minifyall + +# translate +RUN cd meshcentral/translate && node translate.js translateall +RUN cd meshcentral/translate && node translate.js extractall EXPOSE 80 443 @@ -23,4 +36,4 @@ EXPOSE 80 443 VOLUME /opt/meshcentral/meshcentral-data VOLUME /opt/meshcentral/meshcentral-files -CMD ["bash","/opt/meshcentral/startup.sh"] +CMD ["bash", "/opt/meshcentral/startup.sh"] diff --git a/docker/startup.sh b/docker/startup.sh index b0b3e555..54784772 100644 --- a/docker/startup.sh +++ b/docker/startup.sh @@ -11,7 +11,7 @@ export WEBRTC if [ -f "meshcentral-data/config.json" ] then - node node_modules/meshcentral + node meshcentral/meshcentral else cp config.json.template meshcentral-data/config.json sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/config.json @@ -21,11 +21,10 @@ if [ -f "meshcentral-data/config.json" ] sed -i "s/\"minify\": true/\"minify\": \"$MINIFY\"/" meshcentral-data/config.json sed -i "s/\"WebRTC\": false/\"WebRTC\": \"$WEBRTC\"/" meshcentral-data/config.json sed -i "s/\"AllowFraming\": false/\"AllowFraming\": \"$IFRAME\"/" meshcentral-data/config.json - if [ "$REVERSE_PROXY" != "false" ] - then - sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/config.json - node node_modules/meshcentral - exit + if [ "$REVERSE_PROXY" != "false" ]; then + sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/config.json + node meshcentral/meshcentral + exit fi - node node_modules/meshcentral --cert "$HOSTNAME" + node meshcentral/meshcentral --cert "$HOSTNAME" fi \ No newline at end of file From bdb244b8d3216546c9a49207456750fbae91881b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sch=C3=B6n?= Date: Mon, 6 Jun 2022 19:40:16 +0200 Subject: [PATCH 2/4] added mongodb-tools (mongodump) for autoBackup-option --- docker/Dockerfile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docker/Dockerfile b/docker/Dockerfile index 49eb56a3..045ba5c4 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -8,7 +8,15 @@ RUN mkdir -p /opt/meshcentral # meshcentral installation WORKDIR /opt/meshcentral +# add mongodb repository to apt +RUN apt-get update && apt-get install -y gnupg2 wget +RUN wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | apt-key add - +RUN echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main" | tee /etc/apt/sources.list.d/mongodb-org-5.0.list +# install mongodb +RUN apt-get update \ + && apt-get install -y mongodb-org-tools \ + && rm -rf /var/lib/apt/lists/* RUN mkdir /opt/meshcentral/meshcentral COPY ./ /opt/meshcentral/meshcentral/ From 11c3484c97f0fd93e21af153458dfd397d231638 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sch=C3=B6n?= Date: Mon, 6 Jun 2022 19:40:49 +0200 Subject: [PATCH 3/4] added volumes for advanced site customization and backups --- docker/Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 045ba5c4..163ddf49 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -40,8 +40,10 @@ RUN cd meshcentral/translate && node translate.js extractall EXPOSE 80 443 -#volumes +# volumes VOLUME /opt/meshcentral/meshcentral-data VOLUME /opt/meshcentral/meshcentral-files +VOLUME /opt/meshcentral/meshcentral-web +VOLUME /opt/meshcentral/meshcentral-backup CMD ["bash", "/opt/meshcentral/startup.sh"] From e17e181d5befaad92e8d8f94f401fb148d0142f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sch=C3=B6n?= Date: Mon, 6 Jun 2022 19:44:13 +0200 Subject: [PATCH 4/4] added mongodb-service to docker-compose.yml (readme.md) --- docker/config.json.template | 21 +++--- docker/readme.md | 146 ++++++++++++++++++++++++++++++------ docker/startup.sh | 6 ++ 3 files changed, 140 insertions(+), 33 deletions(-) diff --git a/docker/config.json.template b/docker/config.json.template index 16c03fa7..e463ef4c 100644 --- a/docker/config.json.template +++ b/docker/config.json.template @@ -2,6 +2,7 @@ "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json", "settings": { "plugins":{"enabled": false}, + "_mongoDb": null, "cert": "myserver.mydomain.com", "_WANonly": true, "_LANonly": true, @@ -17,20 +18,20 @@ "WebRTC": false }, "domains": { - "": { - "_title": "MyServer", - "_title2": "Servername", - "minify": true, - "NewAccounts": true, - "localSessionRecording": false, - "_userNameIsEmail": true, - "_certUrl": "my.reverse.proxy" - } + "": { + "_title": "MyServer", + "_title2": "Servername", + "minify": true, + "NewAccounts": true, + "localSessionRecording": false, + "_userNameIsEmail": true, + "_certUrl": "my.reverse.proxy" + } }, "_letsencrypt": { "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>", "_email": "myemail@mydomain.com", "_names": "myserver.mydomain.com", - "production": false + "production": false } } \ No newline at end of file diff --git a/docker/readme.md b/docker/readme.md index d3802299..485e63b5 100644 --- a/docker/readme.md +++ b/docker/readme.md @@ -2,32 +2,132 @@ # How to create a docker image for meshcentral ``` -git clone https://github.com/Ylianst/MeshCentral.git -cd MeshCentral/docker -docker build -t meshcentral . +> git clone https://github.com/Ylianst/MeshCentral.git +> cd MeshCentral + +> docker build -f docker/Dockerfile --force-rm -t meshcentral . + +# (optional) cleanup after docker build: +> cd .. +> rm -rf MeshCentral/ ``` -docker-compose.yml example: +> | Argument | Description | +> | :--- | :--- | +> | -f docker/Dockerfile | Path/Name of the Dockerfile | +> | --force-rm | Always remove intermediate containers | +> | -t meshcentral | Name and optionally a tag in the 'name:tag' format | + +# Create folder-structure and files + +``` +| - meshcentral/ # this folder contains the persistent data + | - data/ # MeshCentral data-files + | - user_files/ # where file uploads for users live + | - web/ # location for site customization files + | - backup/ # location for the meshcentral-backups +| - .env # environment file with initial variables +| - docker-compose.yml +``` + +# Templates: +## .env: +```ini +NODE_ENV=production + +# initial mongodb-variables +MONGO_INITDB_ROOT_USERNAME=mongodbadmin +MONGO_INITDB_ROOT_PASSWORD=mongodbpasswd + +# initial meshcentral-variables +# the following options are only used if no config.json exists in the data-folder + +# your hostname +HOSTNAME=my.domain.com +USE_MONGODB=false +# set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy +REVERSE_PROXY=false +REVERSE_PROXY_TLS_PORT= +# set to true if you wish to enable iframe support +IFRAME=false +# set to false if you want disable self-service creation of new accounts besides the first (admin) +ALLOW_NEW_ACCOUNTS=true +# set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution +WEBRTC=false +# set to true to allow plugins +ALLOWPLUGINS=false +# set to true to allow session recording +LOCALSESSIONRECORDING=false +# set to enable or disable minification of json, reduces traffic +MINIFY=true +``` + +## docker-compose.yml: ```yaml version: '3' + services: - meshcentral: - restart: always - container_name: meshcentral - image: einar/meshcentral - ports: - - 8086:443 #MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs - environment: - - HOSTNAME=my.domain.com #your hostname - - REVERSE_PROXY=false #set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy - - REVERSE_PROXY_TLS_PORT= - - IFRAME=false #set to true if you wish to enable iframe support - - ALLOW_NEW_ACCOUNTS=true #set to false if you want disable self-service creation of new accounts besides the first (admin) - - WEBRTC=false #set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution - - ALLOWPLUGINS=false #set to true to allow plugins - - LOCALSESSIONRECORDING=false # set to true to allow session recording - - MINIFY=true #set to enable or disable minification of json, reduces traffic - volumes: - - ./meshcentral/data:/opt/meshcentral/meshcentral-data #config.json and other important files live here. A must for data persistence - - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files #where file uploads for users live + meshcentral: + restart: always + container_name: meshcentral + image: meshcentral + ports: + # MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs + - 8086:443 + env_file: + - .env + volumes: + # config.json and other important files live here. A must for data persistence + - ./meshcentral/data:/opt/meshcentral/meshcentral-data + # where file uploads for users live + - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files + # location for the meshcentral-backups - this should be mounted to an external storage + - ./meshcentral/backup:/opt/meshcentral/meshcentral-backup + # location for site customization files + - ./meshcentral/web:/opt/meshcentral/meshcentral-web +``` + +## docker-compose.yml mongodb: +```yaml +version: '3' + +networks: + meshcentral-tier: + driver: bridge + +services: + mongodb: + restart: always + container_name: mongodb + image: mongo:latest + env_file: + - .env + volumes: + # mongodb data-directory - A must for data persistence + - ./meshcentral/mongodb_data:/data/db + networks: + - meshcentral-tier + + meshcentral: + restart: always + container_name: meshcentral + image: meshcentral + depends_on: + - mongodb + ports: + # MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs + - 8086:443 + env_file: + - .env + volumes: + # config.json and other important files live here. A must for data persistence + - ./meshcentral/data:/opt/meshcentral/meshcentral-data + # where file uploads for users live + - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files + # location for the meshcentral-backups - this should be mounted to an external storage + - ./meshcentral/backup:/opt/meshcentral/meshcentral-backup + # location for site customization files + - ./meshcentral/web:/opt/meshcentral/meshcentral-web + networks: + - meshcentral-tier ``` diff --git a/docker/startup.sh b/docker/startup.sh index 54784772..62b14c47 100644 --- a/docker/startup.sh +++ b/docker/startup.sh @@ -8,12 +8,18 @@ export REVERSE_PROXY_TLS_PORT export IFRAME export ALLOW_NEW_ACCOUNTS export WEBRTC +export MONGO_INITDB_ROOT_USERNAME +export MONGO_INITDB_ROOT_PASSWORD +export USE_MONGODB if [ -f "meshcentral-data/config.json" ] then node meshcentral/meshcentral else cp config.json.template meshcentral-data/config.json + if [ $USE_MONGODB == true ]; then + sed -i "s/\"_mongoDb\": null/\"mongoDb\": \"mongodb:\/\/$MONGO_INITDB_ROOT_USERNAME:$MONGO_INITDB_ROOT_PASSWORD@mongodb:27017\"/" meshcentral-data/config.json + fi sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/config.json sed -i "s/\"NewAccounts\": true/\"NewAccounts\": \"$ALLOW_NEW_ACCOUNTS\"/" meshcentral-data/config.json sed -i "s/\"enabled\": false/\"enabled\": \"$ALLOWPLUGINS\"/" meshcentral-data/config.json