diff --git a/docker/Dockerfile b/docker/Dockerfile index db5b3de6..a88aca21 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -17,13 +17,19 @@ RUN if [ -z "$DISABLE_MINIFY" ] || [ -z "$DISABLE_TRANSLATE" ]; then \ cd translate && \ node translate.js extractall && \ \ - if [ -z "$DISABLE_MINIFY" ]; then \ - node translate.js minifyall; \ - fi; \ + case "$DISABLE_MINIFY" in \ + false|no|FALSE|NO) \ + node translate.js minifyall;; \ + *) \ + echo "Setting MINIFY as disabled.";; \ + esac \ \ - if [ -z "$DISABLE_TRANSLATE" ]; then \ - node translate.js translateall; \ - fi \ + case "$DISABLE_TRANSLATE" in \ + false|no|FALSE|NO) \ + node translate.js translateall;; \ + *) \ + echo "Setting TRANSLATE as disabled.";; \ + esac \ fi # Possible more updated alternative? @minify-html/node@0.15.0 -> https://www.npmjs.com/package/@minify-html/node @@ -53,7 +59,7 @@ ENV LOCALSESSIONRECORDING="true" ENV MINIFY="true" ENV REGENSESSIONKEY="false" ENV REVERSE_PROXY="" -ENV REVERSE_PROXY_TLS_PORT="" +ENV REVERSE_PROXY_TLS_PORT="443" ENV WEBRTC="false" @@ -170,4 +176,4 @@ VOLUME /opt/meshcentral/meshcentral-backups COPY ./docker/entrypoint.sh ./entrypoint.sh COPY ./docker/config.json.template /opt/meshcentral/config.json.template -CMD ["bash", "/opt/meshcentral/entrypoint.sh"] \ No newline at end of file +ENTRYPOINT ["bash", "/opt/meshcentral/entrypoint.sh"] \ No newline at end of file diff --git a/docker/README.md b/docker/README.md index 31cf018e..070d1a3d 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,138 +1,185 @@ -# Create folder-structure and files +# MeshCentral Docker Configuration Guide -# TO BE REWRITTEN - In progress, for questions: dselen@nerthus.nl or @DaanSelen. +## Overview +This document provides a comprehensive guide to setting up and configuring MeshCentral in a Docker environment. It includes available options, security measures, and deployment instructions. -``` -| - meshcentral/ # this folder contains the persistent data - | - data/ # MeshCentral data-files - | - user_files/ # where file uploads for users live - | - web/ # location for site customization files - | - backup/ # location for the meshcentral-backups -| - .env # environment file with initial variables -| - docker-compose.yml +## Environment Variables +Below is a breakdown of environment variables used in this setup. + +### General MeshCentral Configuration +| Variable | Default Value | Description | +|----------|--------------|-------------| +| NODE_ENV | production | Specifies the Node.js environment. | +| CONFIG_FILE | /opt/meshcentral/meshcentral-data/config.json | Path to the configuration file. | +| DYNAMIC_CONFIG | true | Enables/disables dynamic configuration. This means config is being rechecked every container restart. | +| ALLOWPLUGINS | false | Enables/disables plugins. | +| ALLOW_NEW_ACCOUNTS | false | Enables/disables new account creation. | +| ALLOWED_ORIGIN | false | Enables/disables allowed origin policy. | +| ARGS | "" | Additional arguments for MeshCentral. | +| HOSTNAME | localhost | Specifies the hostname. | +| IFRAME | false | Enables/disables embedding in an iframe. | +| LOCALSESSIONRECORDING | true | Enables session recording. | +| MINIFY | true | Minifies the JavaScript and HTML output. | +| REGENSESSIONKEY | false | Regenerates the session key on each restart of the container. | +| REVERSE_PROXY | "" | Configures reverse proxy support through `certUrl`. | +| REVERSE_PROXY_TLS_PORT | "443" | Configures reverse proxy TLS port, will be combined with: `REVERSE_PROXY`. | +| WEBRTC | false | Enables/disables WebRTC support. | + +### Database Configuration + +#### MeshCentral Database Settings +| Variable | Default Value | Description | +|----------|--------------|-------------| +| USE_MONGODB | false | Enables MongoDB usage. | +| USE_POSTGRESQL | false | Enables PostgreSQL usage. | +| USE_MARIADB | false | Enables MariaDB usage. | + +#### MongoDB Configuration +| Variable | Default Value | Description | +|----------|--------------|-------------| +| MONGO_HOST | "" | MongoDB server hostname. | +| MONGO_PORT | 27017 | MongoDB server port. | +| MONGO_USERNAME | "" | MongoDB username. | +| MONGO_PASS | "" | MongoDB password. | +| MONGO_URL | "" | Overrides other MongoDB connection settings. | + +#### PostgreSQL Configuration +| Variable | Default Value | Description | +|----------|--------------|-------------| +| PSQL_HOST | "" | PostgreSQL server hostname. | +| PSQL_PORT | 5432 | PostgreSQL server port. | +| PSQL_USER | "" | PostgreSQL username. | +| PSQL_PASS | "" | PostgreSQL password. | +| PSQL_DATABASE | "" | PostgreSQL database name. | + +#### MariaDB Configuration +| Variable | Default Value | Description | +|----------|--------------|-------------| +| MARIADB_HOST | "" | MariaDB server hostname. | +| MARIADB_PORT | 3306 | MariaDB server port. | +| MARIADB_USER | "" | MariaDB username. | +| MARIADB_PASS | "" | MariaDB password. | +| MARIADB_DATABASE | "" | MariaDB database name. | + +## Deployment Instructions + +### Running with Docker CLI +```sh +docker run -d \ + -e HOSTNAME=myserver.domain.com \ + -e ALLOW_NEW_ACCOUNTS=true \ + -e USE_MONGODB=true \ + -e MONGO_HOST=mongodb \ + -e MONGO_PORT=27017 \ + -v meshcentral-data:/opt/meshcentral/meshcentral-data \ + -p 443:443 \ + ghcr.io/ylianst/meshcentral: ``` -# Templates - -## .env -You can place the `config.json` file directly under `./meshcentral/data/`, or use the following `.env` file instead. +### Running with Docker Compose +```yaml +services: + meshcentral: + image: ghcr.io/ylianst/meshcentral: + environment: + - HOSTNAME=myserver.domain.com + - ALLOW_NEW_ACCOUNTS=true + - USE_MONGODB=true + - MONGO_HOST=mongodb + - MONGO_PORT=27017 + volumes: + - meshcentral-data:/opt/meshcentral/meshcentral-data + ports: + - "443:443" +volumes: + meshcentral-data: +``` +### Using an `.env` File +Create a `.env` file: ```ini -NODE_ENV = "production" -# Leave CONFIG_FILE as per default by using this, or removing it completely from the list. Otherwise if you know what you are doing, you can use this. -CONFIG_FILE = "/opt/meshcentral/meshcentral-data/config.json" -# DYNAMIC_CONFIG enables the config to be rechecked on every restart. If disabled then the container runtime will not change the config.json. -DYNAMIC_CONFIG = "true" +# Environment variables +NODE_ENV=production +CONFIG_FILE=/opt/meshcentral/meshcentral-data/config.json +DYNAMIC_CONFIG=true -# Environment variables for the MeshCentral Config.json -ALLOWPLUGINS = "false" -ALLOW_NEW_ACCOUNTS = "false" -ALLOWED_ORIGIN = "false" -ARGS = "" -HOSTNAME = "localhost" -IFRAME = "false" -LOCALSESSIONRECORDING = "true" -MINIFY = "true" -REGENSESSIONKEY = "false" -REVERSE_PROXY = "" -REVERSE_PROXY_TLS_PORT = "" -WEBRTC = "false" +# MeshCentral Configuration +ALLOWPLUGINS=false +ALLOW_NEW_ACCOUNTS=false +ALLOWED_ORIGIN=false +ARGS= +HOSTNAME=localhost +IFRAME=false +LOCALSESSIONRECORDING=true +MINIFY=true +REGENSESSIONKEY=false +REVERSE_PROXY= +REVERSE_PROXY_TLS_PORT= +WEBRTC=false -# MongoDB Variables -INCLUDE_MONGODB_TOOLS = "false" -USE_MONGODB = "false" -MONGO_HOST = "" -MONGO_PORT = "27017" -MONGO_USERNAME = "" -MONGO_PASS = "" -MONGO_URL = "" +# MongoDB Configuration +USE_MONGODB=false +MONGO_HOST= +MONGO_PORT=27017 +MONGO_USERNAME= +MONGO_PASS= +MONGO_URL= -# PostgreSQL Variables -INCLUDE_POSTGRESQL_TOOLS = "false" -USE_POSTGRESQL = "false" -PSQL_HOST = "" -PSQL_PORT = "5432" -PSQL_USER = "" -PSQL_PASS = "" -PSQL_DATABASE = "" +# PostgreSQL Configuration +USE_POSTGRESQL=false +PSQL_HOST= +PSQL_PORT=5432 +PSQL_USER= +PSQL_PASS= +PSQL_DATABASE= -# MariaDB/MySQL Variables (Alpine Linux only provides MariaDB binaries) -INCLUDE_MARIADB_TOOLS = "false" -USE_MARIADB = "false" -MARIADB_HOST = "" -MARIADB_PORT = "3306" -MARIADB_USER = "" -MARIADB_PASS = "" -MARIADB_DATABASE = "" +# MariaDB/MySQL Configuration +USE_MARIADB=false +MARIADB_HOST= +MARIADB_PORT=3306 +MARIADB_USER= +MARIADB_PASS= +MARIADB_DATABASE= + +# Build options +INCLUDE_MONGODB_TOOLS=false +INCLUDE_POSTGRESQL_TOOLS=false +INCLUDE_MARIADB_TOOLS=false +PREINSTALL_LIBS=false +``` +Then run Docker Compose: +```sh +docker-compose --env-file .env up -d ``` -## docker-compose.yml +# MeshCentral Docker Build Process -```yaml -services: - meshcentral: - restart: always - container_name: meshcentral - # use the official meshcentral container - image: ghcr.io/ylianst/meshcentral:latest - ports: - - 8086:443 - env_file: - - .env - volumes: - # config.json and other important files live here. A must for data persistence - - ./meshcentral/data:/opt/meshcentral/meshcentral-data - # where file uploads for users live - - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files - # location for the meshcentral-backups - this should be mounted to an external storage - - ./meshcentral/backup:/opt/meshcentral/meshcentral-backups - # location for site customization files - - ./meshcentral/web:/opt/meshcentral/meshcentral-web +This document explains the build process for the MeshCentral Docker image, along with details on various build arguments and how to use them. + +## Build Arguments + +The following build arguments are available for customizing the build process: + +- **DISABLE_MINIFY**: Disable HTML/JS minification during the build. +- **DISABLE_TRANSLATE**: Disable translation of strings in MeshCentral. +- **INCLUDE_MONGODB_TOOLS**: Include MongoDB client and related tools. +- **INCLUDE_POSTGRESQL_TOOLS**: Include PostgreSQL client tools. +- **INCLUDE_MARIADB_TOOLS**: Include MariaDB/MySQL client tools. +- **PREINSTALL_LIBS**: Pre-install specific libraries like `ssh2`, `semver`, `nodemailer`, etc. + +### Build Commands with Arguments + +Here are the shell commands to build the Docker image with different configurations. + +#### 1. Build with Minify and Translate Disabled +If you want to disable both HTML/JS minification and translation during the build process, use the following command: + +```sh +docker build --build-arg DISABLE_MINIFY=no --build-arg DISABLE_TRANSLATE=no -t meshcentral . ``` -## docker-compose.yml mongodb - -```yaml -version: '3' - -networks: - meshcentral-tier: - driver: bridge - -services: - mongodb: - restart: always - container_name: mongodb - image: mongo:latest - env_file: - - .env - volumes: - # mongodb data-directory - A must for data persistence - - ./meshcentral/mongodb_data:/data/db - networks: - - meshcentral-tier - - meshcentral: - restart: always - container_name: meshcentral - # use the official meshcentral container - image: ghcr.io/ylianst/meshcentral:latest - depends_on: - - mongodb - ports: - # MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs - - 8086:443 - env_file: - - .env - volumes: - # config.json and other important files live here. A must for data persistence - - ./meshcentral/data:/opt/meshcentral/meshcentral-data - # where file uploads for users live - - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files - # location for the meshcentral-backups - this should be mounted to an external storage - - ./meshcentral/backup:/opt/meshcentral/meshcentral-backups - # location for site customization files - - ./meshcentral/web:/opt/meshcentral/meshcentral-web - networks: - - meshcentral-tier -``` +## Security Measures +- Only exposing port 443 to minimize attack surface. +- Using environment variables for sensitive credentials. +- Removing unnecessary files after installation. +- Enforcing proper permissions on configuration files. \ No newline at end of file