Merge pull request #4083 from sschoen/Feature/docker

Updated docker environment
This commit is contained in:
Ylian Saint-Hilaire 2022-06-06 19:53:13 -07:00 committed by GitHub
commit 16dd0fba11
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 187 additions and 49 deletions

9
.dockerignore Normal file
View File

@ -0,0 +1,9 @@
.github/
.vscode/
docs/
.gitignore
.gitlab-ci.yml
*.bat
*.sln
*.njsproj
*.md

View File

@ -5,22 +5,45 @@ FROM node:slim
#Add non-root user, add installation directories and assign proper permissions #Add non-root user, add installation directories and assign proper permissions
RUN mkdir -p /opt/meshcentral RUN mkdir -p /opt/meshcentral
#meshcentral installation # meshcentral installation
WORKDIR /opt/meshcentral WORKDIR /opt/meshcentral
RUN npm install meshcentral # add mongodb repository to apt
RUN apt-get update && apt-get install -y gnupg2 wget
RUN wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | apt-key add -
RUN echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main" | tee /etc/apt/sources.list.d/mongodb-org-5.0.list
#Install dependencies for plugins # install mongodb
RUN npm install nedb RUN apt-get update \
&& apt-get install -y mongodb-org-tools \
&& rm -rf /var/lib/apt/lists/*
COPY config.json.template /opt/meshcentral/config.json.template RUN mkdir /opt/meshcentral/meshcentral
COPY startup.sh startup.sh COPY ./ /opt/meshcentral/meshcentral/
#environment variables COPY ./docker/config.json.template /opt/meshcentral/config.json.template
COPY ./docker/startup.sh startup.sh
RUN rm -rf ./docker
# install dependencies from package.json
RUN cd meshcentral && npm install
# install dependencies for plugins
RUN cd meshcentral && npm install nedb
# minify files - first try throws Error: Cannot find module 'jsdom'
RUN cd meshcentral/translate && node translate.js minifyall; exit 0
RUN cd meshcentral/translate && node translate.js minifyall
# translate
RUN cd meshcentral/translate && node translate.js translateall
RUN cd meshcentral/translate && node translate.js extractall
EXPOSE 80 443 EXPOSE 80 443
#volumes # volumes
VOLUME /opt/meshcentral/meshcentral-data VOLUME /opt/meshcentral/meshcentral-data
VOLUME /opt/meshcentral/meshcentral-files VOLUME /opt/meshcentral/meshcentral-files
VOLUME /opt/meshcentral/meshcentral-web
VOLUME /opt/meshcentral/meshcentral-backup
CMD ["bash","/opt/meshcentral/startup.sh"] CMD ["bash", "/opt/meshcentral/startup.sh"]

View File

@ -2,6 +2,7 @@
"$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json", "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
"settings": { "settings": {
"plugins":{"enabled": false}, "plugins":{"enabled": false},
"_mongoDb": null,
"cert": "myserver.mydomain.com", "cert": "myserver.mydomain.com",
"_WANonly": true, "_WANonly": true,
"_LANonly": true, "_LANonly": true,
@ -17,20 +18,20 @@
"WebRTC": false "WebRTC": false
}, },
"domains": { "domains": {
"": { "": {
"_title": "MyServer", "_title": "MyServer",
"_title2": "Servername", "_title2": "Servername",
"minify": true, "minify": true,
"NewAccounts": true, "NewAccounts": true,
"localSessionRecording": false, "localSessionRecording": false,
"_userNameIsEmail": true, "_userNameIsEmail": true,
"_certUrl": "my.reverse.proxy" "_certUrl": "my.reverse.proxy"
} }
}, },
"_letsencrypt": { "_letsencrypt": {
"__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>", "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>",
"_email": "myemail@mydomain.com", "_email": "myemail@mydomain.com",
"_names": "myserver.mydomain.com", "_names": "myserver.mydomain.com",
"production": false "production": false
} }
} }

View File

@ -2,32 +2,132 @@
# How to create a docker image for meshcentral # How to create a docker image for meshcentral
``` ```
git clone https://github.com/Ylianst/MeshCentral.git > git clone https://github.com/Ylianst/MeshCentral.git
cd MeshCentral/docker > cd MeshCentral
docker build -t meshcentral .
> docker build -f docker/Dockerfile --force-rm -t meshcentral .
# (optional) cleanup after docker build:
> cd ..
> rm -rf MeshCentral/
``` ```
docker-compose.yml example: > | Argument | Description |
> | :--- | :--- |
> | -f docker/Dockerfile | Path/Name of the Dockerfile |
> | --force-rm | Always remove intermediate containers |
> | -t meshcentral | Name and optionally a tag in the 'name:tag' format |
# Create folder-structure and files
```
| - meshcentral/ # this folder contains the persistent data
| - data/ # MeshCentral data-files
| - user_files/ # where file uploads for users live
| - web/ # location for site customization files
| - backup/ # location for the meshcentral-backups
| - .env # environment file with initial variables
| - docker-compose.yml
```
# Templates:
## .env:
```ini
NODE_ENV=production
# initial mongodb-variables
MONGO_INITDB_ROOT_USERNAME=mongodbadmin
MONGO_INITDB_ROOT_PASSWORD=mongodbpasswd
# initial meshcentral-variables
# the following options are only used if no config.json exists in the data-folder
# your hostname
HOSTNAME=my.domain.com
USE_MONGODB=false
# set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy
REVERSE_PROXY=false
REVERSE_PROXY_TLS_PORT=
# set to true if you wish to enable iframe support
IFRAME=false
# set to false if you want disable self-service creation of new accounts besides the first (admin)
ALLOW_NEW_ACCOUNTS=true
# set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution
WEBRTC=false
# set to true to allow plugins
ALLOWPLUGINS=false
# set to true to allow session recording
LOCALSESSIONRECORDING=false
# set to enable or disable minification of json, reduces traffic
MINIFY=true
```
## docker-compose.yml:
```yaml ```yaml
version: '3' version: '3'
services: services:
meshcentral: meshcentral:
restart: always restart: always
container_name: meshcentral container_name: meshcentral
image: einar/meshcentral image: meshcentral
ports: ports:
- 8086:443 #MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs # MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs
environment: - 8086:443
- HOSTNAME=my.domain.com #your hostname env_file:
- REVERSE_PROXY=false #set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy - .env
- REVERSE_PROXY_TLS_PORT= volumes:
- IFRAME=false #set to true if you wish to enable iframe support # config.json and other important files live here. A must for data persistence
- ALLOW_NEW_ACCOUNTS=true #set to false if you want disable self-service creation of new accounts besides the first (admin) - ./meshcentral/data:/opt/meshcentral/meshcentral-data
- WEBRTC=false #set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution # where file uploads for users live
- ALLOWPLUGINS=false #set to true to allow plugins - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
- LOCALSESSIONRECORDING=false # set to true to allow session recording # location for the meshcentral-backups - this should be mounted to an external storage
- MINIFY=true #set to enable or disable minification of json, reduces traffic - ./meshcentral/backup:/opt/meshcentral/meshcentral-backup
volumes: # location for site customization files
- ./meshcentral/data:/opt/meshcentral/meshcentral-data #config.json and other important files live here. A must for data persistence - ./meshcentral/web:/opt/meshcentral/meshcentral-web
- ./meshcentral/user_files:/opt/meshcentral/meshcentral-files #where file uploads for users live ```
## docker-compose.yml mongodb:
```yaml
version: '3'
networks:
meshcentral-tier:
driver: bridge
services:
mongodb:
restart: always
container_name: mongodb
image: mongo:latest
env_file:
- .env
volumes:
# mongodb data-directory - A must for data persistence
- ./meshcentral/mongodb_data:/data/db
networks:
- meshcentral-tier
meshcentral:
restart: always
container_name: meshcentral
image: meshcentral
depends_on:
- mongodb
ports:
# MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs
- 8086:443
env_file:
- .env
volumes:
# config.json and other important files live here. A must for data persistence
- ./meshcentral/data:/opt/meshcentral/meshcentral-data
# where file uploads for users live
- ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
# location for the meshcentral-backups - this should be mounted to an external storage
- ./meshcentral/backup:/opt/meshcentral/meshcentral-backup
# location for site customization files
- ./meshcentral/web:/opt/meshcentral/meshcentral-web
networks:
- meshcentral-tier
``` ```

View File

@ -8,12 +8,18 @@ export REVERSE_PROXY_TLS_PORT
export IFRAME export IFRAME
export ALLOW_NEW_ACCOUNTS export ALLOW_NEW_ACCOUNTS
export WEBRTC export WEBRTC
export MONGO_INITDB_ROOT_USERNAME
export MONGO_INITDB_ROOT_PASSWORD
export USE_MONGODB
if [ -f "meshcentral-data/config.json" ] if [ -f "meshcentral-data/config.json" ]
then then
node node_modules/meshcentral node meshcentral/meshcentral
else else
cp config.json.template meshcentral-data/config.json cp config.json.template meshcentral-data/config.json
if [ $USE_MONGODB == true ]; then
sed -i "s/\"_mongoDb\": null/\"mongoDb\": \"mongodb:\/\/$MONGO_INITDB_ROOT_USERNAME:$MONGO_INITDB_ROOT_PASSWORD@mongodb:27017\"/" meshcentral-data/config.json
fi
sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/config.json sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/config.json
sed -i "s/\"NewAccounts\": true/\"NewAccounts\": \"$ALLOW_NEW_ACCOUNTS\"/" meshcentral-data/config.json sed -i "s/\"NewAccounts\": true/\"NewAccounts\": \"$ALLOW_NEW_ACCOUNTS\"/" meshcentral-data/config.json
sed -i "s/\"enabled\": false/\"enabled\": \"$ALLOWPLUGINS\"/" meshcentral-data/config.json sed -i "s/\"enabled\": false/\"enabled\": \"$ALLOWPLUGINS\"/" meshcentral-data/config.json
@ -21,11 +27,10 @@ if [ -f "meshcentral-data/config.json" ]
sed -i "s/\"minify\": true/\"minify\": \"$MINIFY\"/" meshcentral-data/config.json sed -i "s/\"minify\": true/\"minify\": \"$MINIFY\"/" meshcentral-data/config.json
sed -i "s/\"WebRTC\": false/\"WebRTC\": \"$WEBRTC\"/" meshcentral-data/config.json sed -i "s/\"WebRTC\": false/\"WebRTC\": \"$WEBRTC\"/" meshcentral-data/config.json
sed -i "s/\"AllowFraming\": false/\"AllowFraming\": \"$IFRAME\"/" meshcentral-data/config.json sed -i "s/\"AllowFraming\": false/\"AllowFraming\": \"$IFRAME\"/" meshcentral-data/config.json
if [ "$REVERSE_PROXY" != "false" ] if [ "$REVERSE_PROXY" != "false" ]; then
then sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/config.json
sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/config.json node meshcentral/meshcentral
node node_modules/meshcentral exit
exit
fi fi
node node_modules/meshcentral --cert "$HOSTNAME" node meshcentral/meshcentral --cert "$HOSTNAME"
fi fi