MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-07-15 11:51:49 -04:00
Code Issues Packages Projects Releases Wiki Activity

Dockerfile change.

Browse Source
This commit is contained in:
Daan 2025-03-23 21:02:30 +01:00
parent 660312eff3
commit 62443dd4f4
2 changed files with 184 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
docker/Dockerfile
View File

@ -17,13 +17,19 @@ RUN if [ -z "$DISABLE_MINIFY" ] || [ -z "$DISABLE_TRANSLATE" ]; then \
cd translate && \ cd translate && \
node translate.js extractall && \ node translate.js extractall && \
\ \
if [ -z "$DISABLE_MINIFY" ]; then \ case "$DISABLE_MINIFY" in \
node translate.js minifyall; \ false|no|FALSE|NO) \
fi; \ node translate.js minifyall;; \
*) \
echo "Setting MINIFY as disabled.";; \
esac \
\ \
if [ -z "$DISABLE_TRANSLATE" ]; then \ case "$DISABLE_TRANSLATE" in \
node translate.js translateall; \ false|no|FALSE|NO) \
fi \ node translate.js translateall;; \
*) \
echo "Setting TRANSLATE as disabled.";; \
esac \
fi fi
# Possible more updated alternative? @minify-html/node@0.15.0 -> https://www.npmjs.com/package/@minify-html/node # Possible more updated alternative? @minify-html/node@0.15.0 -> https://www.npmjs.com/package/@minify-html/node
@ -53,7 +59,7 @@ ENV LOCALSESSIONRECORDING="true"
ENV MINIFY="true" ENV MINIFY="true"
ENV REGENSESSIONKEY="false" ENV REGENSESSIONKEY="false"
ENV REVERSE_PROXY="" ENV REVERSE_PROXY=""
ENV REVERSE_PROXY_TLS_PORT="" ENV REVERSE_PROXY_TLS_PORT="443"
ENV WEBRTC="false" ENV WEBRTC="false"
@ -170,4 +176,4 @@ VOLUME /opt/meshcentral/meshcentral-backups
COPY ./docker/entrypoint.sh ./entrypoint.sh COPY ./docker/entrypoint.sh ./entrypoint.sh
COPY ./docker/config.json.template /opt/meshcentral/config.json.template COPY ./docker/config.json.template /opt/meshcentral/config.json.template
CMD ["bash", "/opt/meshcentral/entrypoint.sh"] ENTRYPOINT ["bash", "/opt/meshcentral/entrypoint.sh"]

293
docker/README.md
View File

@ -1,138 +1,185 @@
# Create folder-structure and files # MeshCentral Docker Configuration Guide
# TO BE REWRITTEN - In progress, for questions: dselen@nerthus.nl or @DaanSelen. ## Overview
This document provides a comprehensive guide to setting up and configuring MeshCentral in a Docker environment. It includes available options, security measures, and deployment instructions.
``` ## Environment Variables
| - meshcentral/ # this folder contains the persistent data Below is a breakdown of environment variables used in this setup.
| - data/ # MeshCentral data-files
| - user_files/ # where file uploads for users live ### General MeshCentral Configuration
| - web/ # location for site customization files | Variable | Default Value | Description |
| - backup/ # location for the meshcentral-backups |----------|--------------|-------------|
| - .env # environment file with initial variables | NODE_ENV | production | Specifies the Node.js environment. |
| - docker-compose.yml | CONFIG_FILE | /opt/meshcentral/meshcentral-data/config.json | Path to the configuration file. |
| DYNAMIC_CONFIG | true | Enables/disables dynamic configuration. This means config is being rechecked every container restart. |
| ALLOWPLUGINS | false | Enables/disables plugins. |
| ALLOW_NEW_ACCOUNTS | false | Enables/disables new account creation. |
| ALLOWED_ORIGIN | false | Enables/disables allowed origin policy. |
| ARGS | "" | Additional arguments for MeshCentral. |
| HOSTNAME | localhost | Specifies the hostname. |
| IFRAME | false | Enables/disables embedding in an iframe. |
| LOCALSESSIONRECORDING | true | Enables session recording. |
| MINIFY | true | Minifies the JavaScript and HTML output. |
| REGENSESSIONKEY | false | Regenerates the session key on each restart of the container. |
| REVERSE_PROXY | "" | Configures reverse proxy support through `certUrl`. |
| REVERSE_PROXY_TLS_PORT | "443" | Configures reverse proxy TLS port, will be combined with: `REVERSE_PROXY`. |
| WEBRTC | false | Enables/disables WebRTC support. |
### Database Configuration
#### MeshCentral Database Settings
| Variable | Default Value | Description |
|----------|--------------|-------------|
| USE_MONGODB | false | Enables MongoDB usage. |
| USE_POSTGRESQL | false | Enables PostgreSQL usage. |
| USE_MARIADB | false | Enables MariaDB usage. |
#### MongoDB Configuration
| Variable | Default Value | Description |
|----------|--------------|-------------|
| MONGO_HOST | "" | MongoDB server hostname. |
| MONGO_PORT | 27017 | MongoDB server port. |
| MONGO_USERNAME | "" | MongoDB username. |
| MONGO_PASS | "" | MongoDB password. |
| MONGO_URL | "" | Overrides other MongoDB connection settings. |
#### PostgreSQL Configuration
| Variable | Default Value | Description |
|----------|--------------|-------------|
| PSQL_HOST | "" | PostgreSQL server hostname. |
| PSQL_PORT | 5432 | PostgreSQL server port. |
| PSQL_USER | "" | PostgreSQL username. |
| PSQL_PASS | "" | PostgreSQL password. |
| PSQL_DATABASE | "" | PostgreSQL database name. |
#### MariaDB Configuration
| Variable | Default Value | Description |
|----------|--------------|-------------|
| MARIADB_HOST | "" | MariaDB server hostname. |
| MARIADB_PORT | 3306 | MariaDB server port. |
| MARIADB_USER | "" | MariaDB username. |
| MARIADB_PASS | "" | MariaDB password. |
| MARIADB_DATABASE | "" | MariaDB database name. |
## Deployment Instructions
### Running with Docker CLI
```sh
docker run -d \
-e HOSTNAME=myserver.domain.com \
-e ALLOW_NEW_ACCOUNTS=true \
-e USE_MONGODB=true \
-e MONGO_HOST=mongodb \
-e MONGO_PORT=27017 \
-v meshcentral-data:/opt/meshcentral/meshcentral-data \
-p 443:443 \
ghcr.io/ylianst/meshcentral:<tag>
``` ```
# Templates ### Running with Docker Compose
```yaml
## .env services:
You can place the `config.json` file directly under `./meshcentral/data/`, or use the following `.env` file instead. meshcentral:
image: ghcr.io/ylianst/meshcentral:<tag>
environment:
- HOSTNAME=myserver.domain.com
- ALLOW_NEW_ACCOUNTS=true
- USE_MONGODB=true
- MONGO_HOST=mongodb
- MONGO_PORT=27017
volumes:
- meshcentral-data:/opt/meshcentral/meshcentral-data
ports:
- "443:443"
volumes:
meshcentral-data:
```
### Using an `.env` File
Create a `.env` file:
```ini ```ini
NODE_ENV = "production" # Environment variables
# Leave CONFIG_FILE as per default by using this, or removing it completely from the list. Otherwise if you know what you are doing, you can use this. NODE_ENV=production
CONFIG_FILE = "/opt/meshcentral/meshcentral-data/config.json" CONFIG_FILE=/opt/meshcentral/meshcentral-data/config.json
# DYNAMIC_CONFIG enables the config to be rechecked on every restart. If disabled then the container runtime will not change the config.json. DYNAMIC_CONFIG=true
DYNAMIC_CONFIG = "true"
# Environment variables for the MeshCentral Config.json # MeshCentral Configuration
ALLOWPLUGINS = "false" ALLOWPLUGINS=false
ALLOW_NEW_ACCOUNTS = "false" ALLOW_NEW_ACCOUNTS=false
ALLOWED_ORIGIN = "false" ALLOWED_ORIGIN=false
ARGS = "" ARGS=
HOSTNAME = "localhost" HOSTNAME=localhost
IFRAME = "false" IFRAME=false
LOCALSESSIONRECORDING = "true" LOCALSESSIONRECORDING=true
MINIFY = "true" MINIFY=true
REGENSESSIONKEY = "false" REGENSESSIONKEY=false
REVERSE_PROXY = "" REVERSE_PROXY=
REVERSE_PROXY_TLS_PORT = "" REVERSE_PROXY_TLS_PORT=
WEBRTC = "false" WEBRTC=false
# MongoDB Variables # MongoDB Configuration
INCLUDE_MONGODB_TOOLS = "false" USE_MONGODB=false
USE_MONGODB = "false" MONGO_HOST=
MONGO_HOST = "" MONGO_PORT=27017
MONGO_PORT = "27017" MONGO_USERNAME=
MONGO_USERNAME = "" MONGO_PASS=
MONGO_PASS = "" MONGO_URL=
MONGO_URL = ""
# PostgreSQL Variables # PostgreSQL Configuration
INCLUDE_POSTGRESQL_TOOLS = "false" USE_POSTGRESQL=false
USE_POSTGRESQL = "false" PSQL_HOST=
PSQL_HOST = "" PSQL_PORT=5432
PSQL_PORT = "5432" PSQL_USER=
PSQL_USER = "" PSQL_PASS=
PSQL_PASS = "" PSQL_DATABASE=
PSQL_DATABASE = ""
# MariaDB/MySQL Variables (Alpine Linux only provides MariaDB binaries) # MariaDB/MySQL Configuration
INCLUDE_MARIADB_TOOLS = "false" USE_MARIADB=false
USE_MARIADB = "false" MARIADB_HOST=
MARIADB_HOST = "" MARIADB_PORT=3306
MARIADB_PORT = "3306" MARIADB_USER=
MARIADB_USER = "" MARIADB_PASS=
MARIADB_PASS = "" MARIADB_DATABASE=
MARIADB_DATABASE = ""
# Build options
INCLUDE_MONGODB_TOOLS=false
INCLUDE_POSTGRESQL_TOOLS=false
INCLUDE_MARIADB_TOOLS=false
PREINSTALL_LIBS=false
```
Then run Docker Compose:
```sh
docker-compose --env-file .env up -d
``` ```
## docker-compose.yml # MeshCentral Docker Build Process
```yaml This document explains the build process for the MeshCentral Docker image, along with details on various build arguments and how to use them.
services:
meshcentral: ## Build Arguments
restart: always
container_name: meshcentral The following build arguments are available for customizing the build process:
# use the official meshcentral container
image: ghcr.io/ylianst/meshcentral:latest - **DISABLE_MINIFY**: Disable HTML/JS minification during the build.
ports: - **DISABLE_TRANSLATE**: Disable translation of strings in MeshCentral.
- 8086:443 - **INCLUDE_MONGODB_TOOLS**: Include MongoDB client and related tools.
env_file: - **INCLUDE_POSTGRESQL_TOOLS**: Include PostgreSQL client tools.
- .env - **INCLUDE_MARIADB_TOOLS**: Include MariaDB/MySQL client tools.
volumes: - **PREINSTALL_LIBS**: Pre-install specific libraries like `ssh2`, `semver`, `nodemailer`, etc.
# config.json and other important files live here. A must for data persistence
- ./meshcentral/data:/opt/meshcentral/meshcentral-data ### Build Commands with Arguments
# where file uploads for users live
- ./meshcentral/user_files:/opt/meshcentral/meshcentral-files Here are the shell commands to build the Docker image with different configurations.
# location for the meshcentral-backups - this should be mounted to an external storage
- ./meshcentral/backup:/opt/meshcentral/meshcentral-backups #### 1. Build with Minify and Translate Disabled
# location for site customization files If you want to disable both HTML/JS minification and translation during the build process, use the following command:
- ./meshcentral/web:/opt/meshcentral/meshcentral-web
```sh
docker build --build-arg DISABLE_MINIFY=no --build-arg DISABLE_TRANSLATE=no -t meshcentral .
``` ```
## docker-compose.yml mongodb ## Security Measures
- Only exposing port 443 to minimize attack surface.
```yaml - Using environment variables for sensitive credentials.
version: '3' - Removing unnecessary files after installation.
- Enforcing proper permissions on configuration files.
networks:
meshcentral-tier:
driver: bridge
services:
mongodb:
restart: always
container_name: mongodb
image: mongo:latest
env_file:
- .env
volumes:
# mongodb data-directory - A must for data persistence
- ./meshcentral/mongodb_data:/data/db
networks:
- meshcentral-tier
meshcentral:
restart: always
container_name: meshcentral
# use the official meshcentral container
image: ghcr.io/ylianst/meshcentral:latest
depends_on:
- mongodb
ports:
# MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs
- 8086:443
env_file:
- .env
volumes:
# config.json and other important files live here. A must for data persistence
- ./meshcentral/data:/opt/meshcentral/meshcentral-data
# where file uploads for users live
- ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
# location for the meshcentral-backups - this should be mounted to an external storage
- ./meshcentral/backup:/opt/meshcentral/meshcentral-backups
# location for site customization files
- ./meshcentral/web:/opt/meshcentral/meshcentral-web
networks:
- meshcentral-tier
```