Merge pull request #4083 from sschoen/Feature/docker

Updated docker environment

.dockerignore

@@ -0,0 +1,9 @@
+.github/
+.vscode/
+docs/
+.gitignore
+.gitlab-ci.yml
+*.bat
+*.sln
+*.njsproj
+*.md

docker/Dockerfile

@@ -5,22 +5,45 @@ FROM node:slim
 #Add non-root user, add installation directories and assign proper permissions
 RUN mkdir -p /opt/meshcentral
 
-#meshcentral installation
+# meshcentral installation
 WORKDIR /opt/meshcentral
 
-RUN npm install meshcentral
+# add mongodb repository to apt
+RUN apt-get update && apt-get install -y gnupg2 wget
+RUN wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | apt-key add -
+RUN echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main" | tee /etc/apt/sources.list.d/mongodb-org-5.0.list
 
-#Install dependencies for plugins
-RUN npm install nedb
+# install mongodb
+RUN apt-get update \
+    && apt-get install -y mongodb-org-tools \
+    && rm -rf /var/lib/apt/lists/*
 
-COPY config.json.template /opt/meshcentral/config.json.template
-COPY startup.sh startup.sh
-#environment variables
+RUN mkdir /opt/meshcentral/meshcentral
+COPY ./ /opt/meshcentral/meshcentral/
+COPY ./docker/config.json.template /opt/meshcentral/config.json.template
+COPY ./docker/startup.sh startup.sh
+RUN rm -rf ./docker
+
+# install dependencies from package.json
+RUN cd meshcentral && npm install
+
+# install dependencies for plugins
+RUN cd meshcentral && npm install nedb
+
+# minify files - first try throws Error: Cannot find module 'jsdom'
+RUN cd meshcentral/translate && node translate.js minifyall; exit 0
+RUN cd meshcentral/translate && node translate.js minifyall
+
+# translate
+RUN cd meshcentral/translate && node translate.js translateall
+RUN cd meshcentral/translate && node translate.js extractall
 
 EXPOSE 80 443
 
-#volumes
+# volumes
 VOLUME /opt/meshcentral/meshcentral-data
 VOLUME /opt/meshcentral/meshcentral-files
+VOLUME /opt/meshcentral/meshcentral-web
+VOLUME /opt/meshcentral/meshcentral-backup
 
-CMD ["bash","/opt/meshcentral/startup.sh"]
+CMD ["bash", "/opt/meshcentral/startup.sh"]

docker/config.json.template

@@ -2,6 +2,7 @@
   "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
   "settings": {
     "plugins":{"enabled": false},
+    "_mongoDb": null,
     "cert": "myserver.mydomain.com",
     "_WANonly": true,
     "_LANonly": true,

docker/readme.md

@@ -2,32 +2,132 @@
 # How to create a docker image for meshcentral
 
 ```
-git clone https://github.com/Ylianst/MeshCentral.git
-cd MeshCentral/docker
-docker build -t meshcentral .
+> git clone https://github.com/Ylianst/MeshCentral.git
+> cd MeshCentral
+
+> docker build -f docker/Dockerfile --force-rm -t meshcentral .
+
+# (optional) cleanup after docker build:
+> cd ..
+> rm -rf MeshCentral/
 ```
 
-docker-compose.yml example:
+> | Argument             | Description                                        |
+> | :---                 | :---                                               |
+> | -f docker/Dockerfile | Path/Name of the Dockerfile                        |
+> | --force-rm           | Always remove intermediate containers              |
+> | -t meshcentral       | Name and optionally a tag in the 'name:tag' format |
+
+# Create folder-structure and files
+
+```
+| - meshcentral/        # this folder contains the persistent data
+  | - data/             # MeshCentral data-files
+  | - user_files/       # where file uploads for users live
+  | - web/              # location for site customization files
+  | - backup/           # location for the meshcentral-backups
+| - .env                # environment file with initial variables
+| - docker-compose.yml
+```
+
+# Templates:
+## .env:
+```ini
+NODE_ENV=production
+
+# initial mongodb-variables
+MONGO_INITDB_ROOT_USERNAME=mongodbadmin
+MONGO_INITDB_ROOT_PASSWORD=mongodbpasswd
+
+# initial meshcentral-variables
+# the following options are only used if no config.json exists in the data-folder
+
+# your hostname
+HOSTNAME=my.domain.com
+USE_MONGODB=false
+# set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy 
+REVERSE_PROXY=false
+REVERSE_PROXY_TLS_PORT=
+# set to true if you wish to enable iframe support
+IFRAME=false
+# set to false if you want disable self-service creation of new accounts besides the first (admin)
+ALLOW_NEW_ACCOUNTS=true
+# set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution
+WEBRTC=false
+# set to true to allow plugins
+ALLOWPLUGINS=false
+# set to true to allow session recording
+LOCALSESSIONRECORDING=false
+# set to enable or disable minification of json, reduces traffic
+MINIFY=true
+```
+
+## docker-compose.yml:
 ```yaml
 version: '3'
+
 services:
   meshcentral:
     restart: always
     container_name: meshcentral
-        image: einar/meshcentral
+    image: meshcentral
     ports:
-            - 8086:443  #MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs
-        environment:
-            - HOSTNAME=my.domain.com     #your hostname
-            - REVERSE_PROXY=false     #set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy
-            - REVERSE_PROXY_TLS_PORT=
-            - IFRAME=false    #set to true if you wish to enable iframe support
-            - ALLOW_NEW_ACCOUNTS=true    #set to false if you want disable self-service creation of new accounts besides the first (admin)
-            - WEBRTC=false  #set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution
-            - ALLOWPLUGINS=false #set to true to allow plugins
-            - LOCALSESSIONRECORDING=false # set to true to allow session recording
-            - MINIFY=true #set to enable or disable minification of json, reduces traffic
+      # MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs
+      - 8086:443
+    env_file:
+      - .env
     volumes:
-            - ./meshcentral/data:/opt/meshcentral/meshcentral-data    #config.json and other important files live here. A must for data persistence
-            - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files    #where file uploads for users live
+      # config.json and other important files live here. A must for data persistence
+      - ./meshcentral/data:/opt/meshcentral/meshcentral-data
+      # where file uploads for users live
+      - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
+      # location for the meshcentral-backups - this should be mounted to an external storage
+      - ./meshcentral/backup:/opt/meshcentral/meshcentral-backup
+      # location for site customization files
+      - ./meshcentral/web:/opt/meshcentral/meshcentral-web
+```
+
+## docker-compose.yml mongodb:
+```yaml
+version: '3'
+
+networks:
+  meshcentral-tier:
+    driver: bridge
+
+services:
+  mongodb:
+    restart: always
+    container_name: mongodb
+    image: mongo:latest
+    env_file:
+      - .env
+    volumes:
+      # mongodb data-directory - A must for data persistence
+      - ./meshcentral/mongodb_data:/data/db
+    networks:
+      - meshcentral-tier
+
+  meshcentral:
+    restart: always
+    container_name: meshcentral
+    image: meshcentral
+    depends_on:
+      - mongodb
+    ports:
+      # MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs
+      - 8086:443
+    env_file:
+      - .env
+    volumes:
+      # config.json and other important files live here. A must for data persistence
+      - ./meshcentral/data:/opt/meshcentral/meshcentral-data
+      # where file uploads for users live
+      - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
+      # location for the meshcentral-backups - this should be mounted to an external storage
+      - ./meshcentral/backup:/opt/meshcentral/meshcentral-backup
+      # location for site customization files
+      - ./meshcentral/web:/opt/meshcentral/meshcentral-web
+    networks:
+      - meshcentral-tier
 ```

docker/startup.sh

@@ -8,12 +8,18 @@ export REVERSE_PROXY_TLS_PORT
 export IFRAME
 export ALLOW_NEW_ACCOUNTS
 export WEBRTC
+export MONGO_INITDB_ROOT_USERNAME
+export MONGO_INITDB_ROOT_PASSWORD
+export USE_MONGODB
 
 if [ -f "meshcentral-data/config.json" ]
     then
-        node node_modules/meshcentral 
+        node meshcentral/meshcentral 
     else
         cp config.json.template meshcentral-data/config.json
+        if [ $USE_MONGODB == true ]; then
+            sed -i "s/\"_mongoDb\": null/\"mongoDb\": \"mongodb:\/\/$MONGO_INITDB_ROOT_USERNAME:$MONGO_INITDB_ROOT_PASSWORD@mongodb:27017\"/" meshcentral-data/config.json
+        fi
         sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/config.json
         sed -i "s/\"NewAccounts\": true/\"NewAccounts\": \"$ALLOW_NEW_ACCOUNTS\"/" meshcentral-data/config.json
         sed -i "s/\"enabled\": false/\"enabled\": \"$ALLOWPLUGINS\"/" meshcentral-data/config.json
@@ -21,11 +27,10 @@ if [ -f "meshcentral-data/config.json" ]
         sed -i "s/\"minify\": true/\"minify\": \"$MINIFY\"/" meshcentral-data/config.json
         sed -i "s/\"WebRTC\": false/\"WebRTC\": \"$WEBRTC\"/" meshcentral-data/config.json
         sed -i "s/\"AllowFraming\": false/\"AllowFraming\": \"$IFRAME\"/" meshcentral-data/config.json
-        if [ "$REVERSE_PROXY" != "false" ]
-            then 
+        if [ "$REVERSE_PROXY" != "false" ]; then
             sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/config.json
-                node node_modules/meshcentral
+            node meshcentral/meshcentral
             exit
         fi
-        node node_modules/meshcentral --cert "$HOSTNAME"     
+        node meshcentral/meshcentral --cert "$HOSTNAME"
 fi