Dockerfile change.

docker/Dockerfile

@@ -17,13 +17,19 @@ RUN if [ -z "$DISABLE_MINIFY" ] || [ -z "$DISABLE_TRANSLATE" ]; then \
         cd translate && \
         node translate.js extractall && \
 \
-        if [ -z "$DISABLE_MINIFY" ]; then \
-            node translate.js minifyall; \
-        fi; \
+        case "$DISABLE_MINIFY" in \
+            false|no|FALSE|NO) \
+                node translate.js minifyall;; \
+            *) \
+            echo "Setting MINIFY as disabled.";; \
+        esac \
 \
-        if [ -z "$DISABLE_TRANSLATE" ]; then \
-            node translate.js translateall; \
-        fi \
+        case "$DISABLE_TRANSLATE" in \
+            false|no|FALSE|NO) \
+                node translate.js translateall;; \
+            *) \
+                echo "Setting TRANSLATE as disabled.";; \
+        esac \
     fi
 # Possible more updated alternative? @minify-html/node@0.15.0 -> https://www.npmjs.com/package/@minify-html/node
 
@@ -53,7 +59,7 @@ ENV LOCALSESSIONRECORDING="true"
 ENV MINIFY="true"
 ENV REGENSESSIONKEY="false"
 ENV REVERSE_PROXY=""
-ENV REVERSE_PROXY_TLS_PORT=""
+ENV REVERSE_PROXY_TLS_PORT="443"
 ENV WEBRTC="false"
 
 
@@ -170,4 +176,4 @@ VOLUME /opt/meshcentral/meshcentral-backups
 COPY ./docker/entrypoint.sh ./entrypoint.sh
 COPY ./docker/config.json.template /opt/meshcentral/config.json.template
 
-CMD ["bash", "/opt/meshcentral/entrypoint.sh"]
+ENTRYPOINT  ["bash", "/opt/meshcentral/entrypoint.sh"]

docker/README.md

@@ -1,138 +1,185 @@
-# Create folder-structure and files
+# MeshCentral Docker Configuration Guide
 
-# TO BE REWRITTEN - In progress, for questions: dselen@nerthus.nl or @DaanSelen.
+## Overview
+This document provides a comprehensive guide to setting up and configuring MeshCentral in a Docker environment. It includes available options, security measures, and deployment instructions.
 
-```
-| - meshcentral/        # this folder contains the persistent data
-  | - data/             # MeshCentral data-files
-  | - user_files/       # where file uploads for users live
-  | - web/              # location for site customization files
-  | - backup/           # location for the meshcentral-backups
-| - .env                # environment file with initial variables
-| - docker-compose.yml
+## Environment Variables
+Below is a breakdown of environment variables used in this setup.
+
+### General MeshCentral Configuration
+| Variable | Default Value | Description |
+|----------|--------------|-------------|
+| NODE_ENV | production | Specifies the Node.js environment. |
+| CONFIG_FILE | /opt/meshcentral/meshcentral-data/config.json | Path to the configuration file. |
+| DYNAMIC_CONFIG | true | Enables/disables dynamic configuration. This means config is being rechecked every container restart. |
+| ALLOWPLUGINS | false | Enables/disables plugins. |
+| ALLOW_NEW_ACCOUNTS | false | Enables/disables new account creation. |
+| ALLOWED_ORIGIN | false | Enables/disables allowed origin policy. |
+| ARGS | "" | Additional arguments for MeshCentral. |
+| HOSTNAME | localhost | Specifies the hostname. |
+| IFRAME | false | Enables/disables embedding in an iframe. |
+| LOCALSESSIONRECORDING | true | Enables session recording. |
+| MINIFY | true | Minifies the JavaScript and HTML output. |
+| REGENSESSIONKEY | false | Regenerates the session key on each restart of the container. |
+| REVERSE_PROXY | "" | Configures reverse proxy support through `certUrl`. |
+| REVERSE_PROXY_TLS_PORT | "443" | Configures reverse proxy TLS port, will be combined with: `REVERSE_PROXY`. |
+| WEBRTC | false | Enables/disables WebRTC support. |
+
+### Database Configuration
+
+#### MeshCentral Database Settings
+| Variable | Default Value | Description |
+|----------|--------------|-------------|
+| USE_MONGODB | false | Enables MongoDB usage. |
+| USE_POSTGRESQL | false | Enables PostgreSQL usage. |
+| USE_MARIADB | false | Enables MariaDB usage. |
+
+#### MongoDB Configuration
+| Variable | Default Value | Description |
+|----------|--------------|-------------|
+| MONGO_HOST | "" | MongoDB server hostname. |
+| MONGO_PORT | 27017 | MongoDB server port. |
+| MONGO_USERNAME | "" | MongoDB username. |
+| MONGO_PASS | "" | MongoDB password. |
+| MONGO_URL | "" | Overrides other MongoDB connection settings. |
+
+#### PostgreSQL Configuration
+| Variable | Default Value | Description |
+|----------|--------------|-------------|
+| PSQL_HOST | "" | PostgreSQL server hostname. |
+| PSQL_PORT | 5432 | PostgreSQL server port. |
+| PSQL_USER | "" | PostgreSQL username. |
+| PSQL_PASS | "" | PostgreSQL password. |
+| PSQL_DATABASE | "" | PostgreSQL database name. |
+
+#### MariaDB Configuration
+| Variable | Default Value | Description |
+|----------|--------------|-------------|
+| MARIADB_HOST | "" | MariaDB server hostname. |
+| MARIADB_PORT | 3306 | MariaDB server port. |
+| MARIADB_USER | "" | MariaDB username. |
+| MARIADB_PASS | "" | MariaDB password. |
+| MARIADB_DATABASE | "" | MariaDB database name. |
+
+## Deployment Instructions
+
+### Running with Docker CLI
+```sh
+docker run -d \
+  -e HOSTNAME=myserver.domain.com \
+  -e ALLOW_NEW_ACCOUNTS=true \
+  -e USE_MONGODB=true \
+  -e MONGO_HOST=mongodb \
+  -e MONGO_PORT=27017 \
+  -v meshcentral-data:/opt/meshcentral/meshcentral-data \
+  -p 443:443 \
+  ghcr.io/ylianst/meshcentral:<tag>
 ```
 
-# Templates
-
-## .env
-You can place the `config.json` file directly under `./meshcentral/data/`, or use the following `.env` file instead.
+### Running with Docker Compose
+```yaml
+services:
+  meshcentral:
+    image: ghcr.io/ylianst/meshcentral:<tag>
+    environment:
+      - HOSTNAME=myserver.domain.com
+      - ALLOW_NEW_ACCOUNTS=true
+      - USE_MONGODB=true
+      - MONGO_HOST=mongodb
+      - MONGO_PORT=27017
+    volumes:
+      - meshcentral-data:/opt/meshcentral/meshcentral-data
+    ports:
+      - "443:443"
+volumes:
+  meshcentral-data:
+```
 
+### Using an `.env` File
+Create a `.env` file:
 ```ini
-NODE_ENV = "production"
-# Leave CONFIG_FILE as per default by using this, or removing it completely from the list. Otherwise if you know what you are doing, you can use this.
-CONFIG_FILE = "/opt/meshcentral/meshcentral-data/config.json"
-# DYNAMIC_CONFIG enables the config to be rechecked on every restart. If disabled then the container runtime will not change the config.json.
-DYNAMIC_CONFIG = "true"
+# Environment variables
+NODE_ENV=production
+CONFIG_FILE=/opt/meshcentral/meshcentral-data/config.json
+DYNAMIC_CONFIG=true
 
-# Environment variables for the MeshCentral Config.json
-ALLOWPLUGINS = "false"
-ALLOW_NEW_ACCOUNTS = "false"
-ALLOWED_ORIGIN = "false"
-ARGS = ""
-HOSTNAME = "localhost"
-IFRAME = "false"
-LOCALSESSIONRECORDING = "true"
-MINIFY = "true"
-REGENSESSIONKEY = "false"
-REVERSE_PROXY = ""
-REVERSE_PROXY_TLS_PORT = ""
-WEBRTC = "false"
+# MeshCentral Configuration
+ALLOWPLUGINS=false
+ALLOW_NEW_ACCOUNTS=false
+ALLOWED_ORIGIN=false
+ARGS=
+HOSTNAME=localhost
+IFRAME=false
+LOCALSESSIONRECORDING=true
+MINIFY=true
+REGENSESSIONKEY=false
+REVERSE_PROXY=
+REVERSE_PROXY_TLS_PORT=
+WEBRTC=false
 
-# MongoDB Variables
-INCLUDE_MONGODB_TOOLS = "false"
-USE_MONGODB = "false"
-MONGO_HOST = ""
-MONGO_PORT = "27017"
-MONGO_USERNAME = ""
-MONGO_PASS = ""
-MONGO_URL = ""
+# MongoDB Configuration
+USE_MONGODB=false
+MONGO_HOST=
+MONGO_PORT=27017
+MONGO_USERNAME=
+MONGO_PASS=
+MONGO_URL=
 
-# PostgreSQL Variables
-INCLUDE_POSTGRESQL_TOOLS = "false"
-USE_POSTGRESQL = "false"
-PSQL_HOST = ""
-PSQL_PORT = "5432"
-PSQL_USER = ""
-PSQL_PASS = ""
-PSQL_DATABASE = ""
+# PostgreSQL Configuration
+USE_POSTGRESQL=false
+PSQL_HOST=
+PSQL_PORT=5432
+PSQL_USER=
+PSQL_PASS=
+PSQL_DATABASE=
 
-# MariaDB/MySQL Variables (Alpine Linux only provides MariaDB binaries)
-INCLUDE_MARIADB_TOOLS = "false"
-USE_MARIADB = "false"
-MARIADB_HOST = ""
-MARIADB_PORT = "3306"
-MARIADB_USER = ""
-MARIADB_PASS = ""
-MARIADB_DATABASE = ""
+# MariaDB/MySQL Configuration
+USE_MARIADB=false
+MARIADB_HOST=
+MARIADB_PORT=3306
+MARIADB_USER=
+MARIADB_PASS=
+MARIADB_DATABASE=
+
+# Build options
+INCLUDE_MONGODB_TOOLS=false
+INCLUDE_POSTGRESQL_TOOLS=false
+INCLUDE_MARIADB_TOOLS=false
+PREINSTALL_LIBS=false
+```
+Then run Docker Compose:
+```sh
+docker-compose --env-file .env up -d
 ```
 
-## docker-compose.yml
+# MeshCentral Docker Build Process
 
-```yaml
-services:
-  meshcentral:
-    restart: always
-    container_name: meshcentral
-    # use the official meshcentral container
-    image: ghcr.io/ylianst/meshcentral:latest
-    ports:
-      - 8086:443
-    env_file:
-      - .env
-    volumes:
-      # config.json and other important files live here. A must for data persistence
-      - ./meshcentral/data:/opt/meshcentral/meshcentral-data
-      # where file uploads for users live
-      - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
-      # location for the meshcentral-backups - this should be mounted to an external storage
-      - ./meshcentral/backup:/opt/meshcentral/meshcentral-backups
-      # location for site customization files
-      - ./meshcentral/web:/opt/meshcentral/meshcentral-web
+This document explains the build process for the MeshCentral Docker image, along with details on various build arguments and how to use them.
+
+## Build Arguments
+
+The following build arguments are available for customizing the build process:
+
+- **DISABLE_MINIFY**: Disable HTML/JS minification during the build.
+- **DISABLE_TRANSLATE**: Disable translation of strings in MeshCentral.
+- **INCLUDE_MONGODB_TOOLS**: Include MongoDB client and related tools.
+- **INCLUDE_POSTGRESQL_TOOLS**: Include PostgreSQL client tools.
+- **INCLUDE_MARIADB_TOOLS**: Include MariaDB/MySQL client tools.
+- **PREINSTALL_LIBS**: Pre-install specific libraries like `ssh2`, `semver`, `nodemailer`, etc.
+
+### Build Commands with Arguments
+
+Here are the shell commands to build the Docker image with different configurations.
+
+#### 1. Build with Minify and Translate Disabled
+If you want to disable both HTML/JS minification and translation during the build process, use the following command:
+
+```sh
+docker build --build-arg DISABLE_MINIFY=no --build-arg DISABLE_TRANSLATE=no -t meshcentral .
 ```
 
-## docker-compose.yml mongodb
-
-```yaml
-version: '3'
-
-networks:
-  meshcentral-tier:
-    driver: bridge
-
-services:
-  mongodb:
-    restart: always
-    container_name: mongodb
-    image: mongo:latest
-    env_file:
-      - .env
-    volumes:
-      # mongodb data-directory - A must for data persistence
-      - ./meshcentral/mongodb_data:/data/db
-    networks:
-      - meshcentral-tier
-
-  meshcentral:
-    restart: always
-    container_name: meshcentral
-    # use the official meshcentral container
-    image: ghcr.io/ylianst/meshcentral:latest
-    depends_on:
-      - mongodb
-    ports:
-      # MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs
-      - 8086:443
-    env_file:
-      - .env
-    volumes:
-      # config.json and other important files live here. A must for data persistence
-      - ./meshcentral/data:/opt/meshcentral/meshcentral-data
-      # where file uploads for users live
-      - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
-      # location for the meshcentral-backups - this should be mounted to an external storage
-      - ./meshcentral/backup:/opt/meshcentral/meshcentral-backups
-      # location for site customization files
-      - ./meshcentral/web:/opt/meshcentral/meshcentral-web
-    networks:
-      - meshcentral-tier
-```
+## Security Measures
+- Only exposing port 443 to minimize attack surface.
+- Using environment variables for sensitive credentials.
+- Removing unnecessary files after installation.
+- Enforcing proper permissions on configuration files.