diff --git a/.gitignore b/.gitignore
index 58d02781..7873e81c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,6 +18,7 @@ meshcentral.db.json
mesherrors.txt
bob.json
.greenlockrc
+venv
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
diff --git a/docs/.vscode/launch.json b/docs/.vscode/launch.json
new file mode 100644
index 00000000..2ba986f6
--- /dev/null
+++ b/docs/.vscode/launch.json
@@ -0,0 +1,15 @@
+{
+ // Use IntelliSense to learn about possible attributes.
+ // Hover to view descriptions of existing attributes.
+ // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+ "version": "0.2.0",
+ "configurations": [
+ {
+ "type": "chrome",
+ "request": "launch",
+ "name": "Launch Chrome against localhost",
+ "url": "http://localhost:8080",
+ "webRoot": "${workspaceFolder}"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/docs/docs/design/images/2022-05-15-12-57-36.jpg b/docs/docs/design/images/2022-05-15-12-57-36.jpg
new file mode 100644
index 00000000..512291b4
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-12-57-36.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-12-57-36.png b/docs/docs/design/images/2022-05-15-12-57-36.png
deleted file mode 100644
index 2bb83c01..00000000
Binary files a/docs/docs/design/images/2022-05-15-12-57-36.png and /dev/null differ
diff --git a/docs/docs/design/images/2022-05-15-13-01-56.jpg b/docs/docs/design/images/2022-05-15-13-01-56.jpg
new file mode 100644
index 00000000..7afe1dfc
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-13-01-56.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-13-01-56.png b/docs/docs/design/images/2022-05-15-13-01-56.png
deleted file mode 100644
index 381e54b8..00000000
Binary files a/docs/docs/design/images/2022-05-15-13-01-56.png and /dev/null differ
diff --git a/docs/docs/design/images/2022-05-15-13-03-25.jpg b/docs/docs/design/images/2022-05-15-13-03-25.jpg
new file mode 100644
index 00000000..3bc384f0
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-13-03-25.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-13-03-25.png b/docs/docs/design/images/2022-05-15-13-03-25.png
deleted file mode 100644
index 6236bdbf..00000000
Binary files a/docs/docs/design/images/2022-05-15-13-03-25.png and /dev/null differ
diff --git a/docs/docs/design/images/2022-05-15-13-36-01.jpg b/docs/docs/design/images/2022-05-15-13-36-01.jpg
new file mode 100644
index 00000000..8cde181e
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-13-36-01.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-13-36-01.png b/docs/docs/design/images/2022-05-15-13-36-01.png
deleted file mode 100644
index 5cb7ac5e..00000000
Binary files a/docs/docs/design/images/2022-05-15-13-36-01.png and /dev/null differ
diff --git a/docs/docs/design/images/2022-05-15-13-41-26.jpg b/docs/docs/design/images/2022-05-15-13-41-26.jpg
new file mode 100644
index 00000000..4c884ebc
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-13-41-26.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-13-41-26.png b/docs/docs/design/images/2022-05-15-13-41-26.png
deleted file mode 100644
index 43cb3a22..00000000
Binary files a/docs/docs/design/images/2022-05-15-13-41-26.png and /dev/null differ
diff --git a/docs/docs/design/images/2022-05-15-13-44-41.jpg b/docs/docs/design/images/2022-05-15-13-44-41.jpg
new file mode 100644
index 00000000..a4b03e01
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-13-44-41.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-13-44-41.png b/docs/docs/design/images/2022-05-15-13-44-41.png
deleted file mode 100644
index a6cc15cc..00000000
Binary files a/docs/docs/design/images/2022-05-15-13-44-41.png and /dev/null differ
diff --git a/docs/docs/design/images/2022-05-15-13-47-26.jpg b/docs/docs/design/images/2022-05-15-13-47-26.jpg
new file mode 100644
index 00000000..13a0faae
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-13-47-26.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-13-47-26.png b/docs/docs/design/images/2022-05-15-13-47-26.png
deleted file mode 100644
index 9fefd71a..00000000
Binary files a/docs/docs/design/images/2022-05-15-13-47-26.png and /dev/null differ
diff --git a/docs/docs/design/images/2022-05-15-13-54-44.jpg b/docs/docs/design/images/2022-05-15-13-54-44.jpg
new file mode 100644
index 00000000..df3a4d0e
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-13-54-44.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-13-54-44.png b/docs/docs/design/images/2022-05-15-13-54-44.png
deleted file mode 100644
index 53a337aa..00000000
Binary files a/docs/docs/design/images/2022-05-15-13-54-44.png and /dev/null differ
diff --git a/docs/docs/design/images/2022-05-15-13-55-28.jpg b/docs/docs/design/images/2022-05-15-13-55-28.jpg
new file mode 100644
index 00000000..ca182160
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-13-55-28.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-13-55-28.png b/docs/docs/design/images/2022-05-15-13-55-28.png
deleted file mode 100644
index c67e3756..00000000
Binary files a/docs/docs/design/images/2022-05-15-13-55-28.png and /dev/null differ
diff --git a/docs/docs/design/images/2022-05-15-13-56-09.jpg b/docs/docs/design/images/2022-05-15-13-56-09.jpg
new file mode 100644
index 00000000..14fa5138
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-13-56-09.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-13-56-09.png b/docs/docs/design/images/2022-05-15-13-56-09.png
deleted file mode 100644
index 48aea2d3..00000000
Binary files a/docs/docs/design/images/2022-05-15-13-56-09.png and /dev/null differ
diff --git a/docs/docs/design/images/2022-05-15-13-56-46.jpg b/docs/docs/design/images/2022-05-15-13-56-46.jpg
new file mode 100644
index 00000000..ae5f411d
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-13-56-46.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-13-56-46.png b/docs/docs/design/images/2022-05-15-13-56-46.png
deleted file mode 100644
index 7e984676..00000000
Binary files a/docs/docs/design/images/2022-05-15-13-56-46.png and /dev/null differ
diff --git a/docs/docs/design/images/2022-05-15-13-58-06.jpg b/docs/docs/design/images/2022-05-15-13-58-06.jpg
new file mode 100644
index 00000000..d7d1e39d
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-13-58-06.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-13-58-06.png b/docs/docs/design/images/2022-05-15-13-58-06.png
deleted file mode 100644
index 1c1c8de6..00000000
Binary files a/docs/docs/design/images/2022-05-15-13-58-06.png and /dev/null differ
diff --git a/docs/docs/design/images/2022-05-15-13-58-29.jpg b/docs/docs/design/images/2022-05-15-13-58-29.jpg
new file mode 100644
index 00000000..d1346d3f
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-13-58-29.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-13-58-29.png b/docs/docs/design/images/2022-05-15-13-58-29.png
deleted file mode 100644
index 49b9444f..00000000
Binary files a/docs/docs/design/images/2022-05-15-13-58-29.png and /dev/null differ
diff --git a/docs/docs/design/images/2022-05-15-13-58-56.jpg b/docs/docs/design/images/2022-05-15-13-58-56.jpg
new file mode 100644
index 00000000..ac67852c
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-13-58-56.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-13-58-56.png b/docs/docs/design/images/2022-05-15-13-58-56.png
deleted file mode 100644
index e3df1f03..00000000
Binary files a/docs/docs/design/images/2022-05-15-13-58-56.png and /dev/null differ
diff --git a/docs/docs/design/images/2022-05-15-13-59-54.jpg b/docs/docs/design/images/2022-05-15-13-59-54.jpg
new file mode 100644
index 00000000..5db7e20c
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-13-59-54.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-13-59-54.png b/docs/docs/design/images/2022-05-15-13-59-54.png
deleted file mode 100644
index 2cce5c27..00000000
Binary files a/docs/docs/design/images/2022-05-15-13-59-54.png and /dev/null differ
diff --git a/docs/docs/design/images/2022-05-15-14-00-21.jpg b/docs/docs/design/images/2022-05-15-14-00-21.jpg
new file mode 100644
index 00000000..8df05a86
Binary files /dev/null and b/docs/docs/design/images/2022-05-15-14-00-21.jpg differ
diff --git a/docs/docs/design/images/2022-05-15-14-00-21.png b/docs/docs/design/images/2022-05-15-14-00-21.png
deleted file mode 100644
index a850d0a8..00000000
Binary files a/docs/docs/design/images/2022-05-15-14-00-21.png and /dev/null differ
diff --git a/docs/docs/design/images/Aspose.Words.61f7827a-f327-4beb-a49f-32222e664dff.002.jpg b/docs/docs/design/images/Aspose.Words.61f7827a-f327-4beb-a49f-32222e664dff.002.jpg
new file mode 100644
index 00000000..59357130
Binary files /dev/null and b/docs/docs/design/images/Aspose.Words.61f7827a-f327-4beb-a49f-32222e664dff.002.jpg differ
diff --git a/docs/docs/design/images/Aspose.Words.61f7827a-f327-4beb-a49f-32222e664dff.002.png b/docs/docs/design/images/Aspose.Words.61f7827a-f327-4beb-a49f-32222e664dff.002.png
deleted file mode 100644
index 3f524564..00000000
Binary files a/docs/docs/design/images/Aspose.Words.61f7827a-f327-4beb-a49f-32222e664dff.002.png and /dev/null differ
diff --git a/docs/docs/design/images/Aspose.Words.61f7827a-f327-4beb-a49f-32222e664dff.011.jpg b/docs/docs/design/images/Aspose.Words.61f7827a-f327-4beb-a49f-32222e664dff.011.jpg
new file mode 100644
index 00000000..f1f1a4ca
Binary files /dev/null and b/docs/docs/design/images/Aspose.Words.61f7827a-f327-4beb-a49f-32222e664dff.011.jpg differ
diff --git a/docs/docs/design/images/Aspose.Words.61f7827a-f327-4beb-a49f-32222e664dff.011.png b/docs/docs/design/images/Aspose.Words.61f7827a-f327-4beb-a49f-32222e664dff.011.png
deleted file mode 100644
index 399b7d36..00000000
Binary files a/docs/docs/design/images/Aspose.Words.61f7827a-f327-4beb-a49f-32222e664dff.011.png and /dev/null differ
diff --git a/docs/docs/design/index.md b/docs/docs/design/index.md
index 8ce7f819..9f76b148 100644
--- a/docs/docs/design/index.md
+++ b/docs/docs/design/index.md
@@ -1,55 +1,68 @@
# Design and Architecture
-
+
-Design and Architecture Guide [as .pdf](https://meshcentral.com/docs/MeshCentral2DesignArchitecture.pdf) [as .odt](https://github.com/Ylianst/MeshCentral/blob/master/docs/MeshCentral Design & Architecture v0.0.4.odt?raw=true)
-## Video Walkthru
+## đŹ Video Walkthru
-
+
-## Abstract
+## 𧞠Abstract
-This document attempts to describe the architecture and design of the second version of MeshCentral on which work started in late 2016. The document covers the overview of the design, goes in details about the protocol and various decisions and trade-offs. This document is intended for anyone that wants to understand the inner workings of MeshCentral or someone that wants to make a security review of the software. The software and added documentation and tutorial videos are available at:[ https://www.meshcommander.com/meshcentral2 ](https://www.meshcommander.com/meshcentral2)
+This document attempts to describe the architecture and design of the second version of MeshCentral on which work started in late 2016. The document covers the overview of the design, goes in details about the protocol and various decisions and trade-offs. This document is intended for anyone that wants to understand the inner workings of MeshCentral or someone that wants to make a security review of the software.
-## Introduction
+---
+> **đ Note :**
+
+> The software and added documentation and tutorial videos are available at :
+[ https://www.meshcommander.com/meshcentral2 ](https://www.meshcommander.com/meshcentral2)
+
+---
+
+## đ Introduction
MeshCentral is a free open source web-based remote computer management software. After over 8 years of working on the first version of MeshCentral, work as moved to version 2 which this document described. In 2010, when MeshCentral v1 was first designed, the Internet was very different. HTML5 and WebSocket did not exists, no such thing as a software container, etc. With MeshCentral version 2, a complete redesign was made to make the software much more in line with modern Internet deployment models.
The advent of NodeJS, WebSocket, WebRTC and other web technologies coming out in the last 10 years has really made the design of MeshCentral v2 not only possible, but quite amazing. Being able to use a single programming language across platforms to JavaScript. Being able to easily exchange objects using web socket and JSON, being able to scale with WebRTC, deploy quickly with containers, etc. Looking back at the incredible advances in web technologies lead to an almost mandatory MeshCentral redesign.
-## Goals & Requirements
+## đŻ Goals & Requirements
-The goal of MeshCentral is to be the best open source remote management software in the world. Remote computer management is a big area with many different usages and requirements. To best suite this, itâs important to have software that is as flexible as possible. Additionally, there are many other goals:
+The goal of MeshCentral is to be the best open source remote management software in the world. Remote computer management is a big area with many different usages and requirements. To best suite this, itâs important to have software that is as flexible as possible.
-- Must be quick and easy to install.
-- Must install on all major operating systems and platforms.
-- Can be deployed on small computers and the cloud.
-- Can be deployed within containers.
-- Can be deployed in many network environments.
-- Must support both software agent and IntelÂŽ AMT hardware agent.
-- Must only use open source dependencies.
-- Must provide all basic remote management features (desktop, terminal, filesâŚ)
-- Must use the network efficiently.
-- Must have a real time user interface.
-- Must be easy to use.
-- Must be fast.
-- Etc.
+Additionally, there are many other goals :
+
+ > - **Must be quick and easy to install.**
+ > - **Must install on all major operating systems and platforms.**
+ > - **Can be deployed on small computers and the cloud.**
+ > - **Can be deployed within containers.**
+ > - **Can be deployed in many network environments.**
+ > - **Must support both software agent and IntelÂŽ AMT hardware agent.**
+ > - **Must only use open source dependencies.**
+ > - **Must provide all basic remote management features (desktop, terminal, filesâŚ)**
+ > - **Must use the network efficiently.**
+ > - **Must have a real time user interface.**
+ > - **Must be easy to use.**
+ > - **Must be fast.**
+ > - **Etc.**
Basically, all the requirements you would expect from open source software that can go viral. Since this software is sponsored by Intel, itâs going to support IntelÂŽ AMT really well, making it possible to manage a remote computer regardless of its OS or power state. IntelÂŽ AMT is not required to use this software, however itâs a great fit.
-## Design Overview
+## đĽď¸ Design Overview
-In this section, we do a very high level overview of MeshCentralâs design. MeshCentral has 3 big components: the server, the agent and the web application.
+In this section, we do a very high level overview of MeshCentralâs design. MeshCentral has 3 big components :
-
+ - *The server*,
+ - *The agent and*
+ - *The web application*.
+
+
There is of course more software that support these 3 components like the Windows Server Installer, ClickOnce application, MeshCentral Discovery Tool and more. These will be covered later. Most of the document will focus on these 3 main components. Another component that is significant but not part of the software itself is IntelÂŽ AMT (IntelÂŽ Active Management Technology). MeshCentral supports Intel AMT that acts like an optional hardware based agent for MeshCentral.
When it comes to programming languages used, MeshCentral is mostly built with JavaScript with the agent having significant portable C code. This makes things pretty simple since the browser, server and agents can share some of the code. More importantly, JavaScript is great at parsing JSON and so, the main protocol used between the components is JSON over Web Socket.
-
+
Itâs important to note that while JavaScript is used in all 3 components, the JavaScript runtime is very different. The JavaScript written to run within a browser sandbox uses different calls than the one running in NodeJS on the server or on the agent with DukTape.
@@ -57,57 +70,68 @@ This is probably a good time to introduce DukTape [(https://www.duktape.org/)](h
Another interesting design decision is that MeshCentral makes almost no use of RESTful APIâs. Instead, almost everything is done using WebSocket. This allows JSON objects to be exchanged fully asynchronously. There is no pushing the refresh button or polling as events are sent by all actors in real time.
-## MeshCentral server
+## đď¸ MeshCentral server
-The MeshCentral server is a NodeJS application that is published on NPM at: [https://www.npmjs.com/package/meshcentral](https://www.npmjs.com/package/meshcentral) Many administrators can get started quickly using ânpm install meshcentralâ once NodeJS is installed. MeshCentral will work on Node 6.x and higher.
+The MeshCentral server is a NodeJS application that is published on NPM at : [https://www.npmjs.com/package/meshcentral](https://www.npmjs.com/package/meshcentral) Many administrators can get started quickly using ânpm install meshcentralâ once NodeJS is installed. MeshCentral will work on Node 6.x and higher.
-## Dependencies
+## đŚ Dependencies
The server makes use of the following dependencies on NPM. These are all automatically installed by NPM when installing MeshCentral.
-Can be found in the file: `MeshCentralServer.njsproj`
+Can be found in the file : `MeshCentralServer.njsproj`
-The main takeaway is that MeshCentral is mostly an ExpressJS application. This is not a complete list of dependencies as many of these packages have their own dependencies creating a large tree. The security of these packages is a concern and all of the dependency tree is a concern. In addition to the dependencies that are âhard codedâ, there are a few more that are installed only when needed. These are:
+The main takeaway is that MeshCentral is mostly an ExpressJS application. This is not a complete list of dependencies as many of these packages have their own dependencies creating a large tree. The security of these packages is a concern and all of the dependency tree is a concern. In addition to the dependencies that are âhard codedâ, there are a few more that are installed only when needed. These are :
### node-windows
-**greenlock, le-store-certbot, le-challenge-fs**: Installed on all Windows install. Allows background service install:
+- **greenlock, le-store-certbot, le-challenge-fs** :
-**le-acme-core**: Installed only when Letâs Encrypt must be used:
+ > Installed on all Windows install. Allows background service install:
-**mongojs**: Installed when MongoDB is in used.
+- **le-acme-core** :
-**nodemailer**: Installed when SMTP server support is in used.
+ > Installed only when Letâs Encrypt must be used:
+
+- **mongojs** :
+
+ > Installed when MongoDB is in used.
+
+- **nodemailer** :
+
+ > Installed when SMTP server support is in used.
MeshCentral will run `npm install` automatically when any of these optional modules are needed but not currently available.
-## Understanding the different modes: LAN, WAN and Hybrid
+## đŹ Understanding the different modes: LAN, WAN and Hybrid
+
-## Code files and folders
+## đ Code files and folders
Someone would think the server is rather simple when taking a look at the MeshCentral server code files. At a high level, the entire server has 3 folders, 3 text files and a manageable number of .js files that are fairly self-descriptive. Here is a list of the source files and folders.
### Folders
-`agents`: Compiled agents, install scripts, tools and agent JavaScript.
+ `agents`: Compiled agents, install scripts, tools and agent JavaScript.
-`public`: Static web elements such as images, CSS, HTML and more.
+ `public`: Static web elements such as images, CSS, HTML and more.
-`views`: Main web application, login screen and messenger app.
+ `views`: Main web application, login screen and messenger app.
### Configuration & text files
`package.json`: Description of the MeshCentral package on NPM.
+
`sample-config.json`: A sample âconfig.jsonâ file to get started.
+
`readme.txt`: Readme file published with the MeshCentral package.
### Code files
-```
+```bash
amtevents.js | Used to decode Intel AMT WSMAN events.
amtmanager.js | Used to handle Intel AMT/CIRA things.
amtprovisioningserver.js | Used to Provision Intel AMT on a Local Network.
@@ -150,7 +174,15 @@ Someone would think the server is rather simple when taking a look at the MeshCe
```
-At a high level, the MeshCentral.js file will get the server started. By default, it will start the webserver.js on port 443, redirectserver.js on port 80 and mpssrver.js on port 4433. The webserver.js file will create a meshuser.js or meshagent.js instance each time a user or agent connects. The other files support various usages, but this is the basic working on the server.
+At a high level, the MeshCentral.js file will get the server started.
+
+By default, it will start :
+
+- `webserver.js` on port `443`,
+- `redirectserver.js` on port `80` and
+- `mpssrver.js` on port `4433`.
+
+The `webserver.js` file will create a `meshuser.js` or `meshagent.js` instance each time a user or agent connects. The other files support various usages, but this is the basic working on the server.
### Server database
@@ -158,23 +190,23 @@ One of the big design decision on the server is its database. We want something
By default, MeshCentral will just create and use a NeDB database, but can be configured to use MongoDB. The internal code path for both databases are almost exactly identical so the âdb.jsâ file handles both, almost the same way and the exact database in use is completely abstracted from the rest of the server code.
-## Certificates
+## đ Certificates
MeshCentral makes use of many certificates to accomplish many security tasks. When first running the server or an agent, both of these actors will generate certificates. The agent will generate one or two certificates on the first run and the server will generate four certificates.
-
+
In this section we review what certificates are created, what are their uses and how they are stored. Most administrators using MeshCentral will not need a deep understanding of this section to run the server, however, a basic understanding of this section can help understand how to best protect the serverâs critical security assets.
### Server Certificates
-As indicated above, the MeshCentral server creates four certificates when it first runs. It uses ForgeJS to perform certificate creation and all four certificates below are saved in the âmeshcentral-dataâ folder. The four certificates are:
+As indicated above, the MeshCentral server creates four certificates when it first runs. It uses ForgeJS to perform certificate creation and all four certificates below are saved in the `meshcentral-data` folder. The four certificates are:
#### Server root
`root-cert-public.crt`
-This is a self-signed root certificate that is used only to issue the 3 next certificates. This certificate can be useful when itâs installed as a root of trust in some situations. For example, when Intel AMT connects to the MPS server on port 4433, it will correctly connect only if this root certificate is loaded into Intel AMT as a trusted certificate. Browser can also be setup to trust this root certificate in order to create a trusted connection between a browser and the servers HTTPS port. This certificate is RSA3072 unless the option â--fastcert" is used, in that case a RSA2048 certificate is generated.
+This is a self-signed root certificate that is used only to issue the 3 next certificates. This certificate can be useful when itâs installed as a root of trust in some situations. For example, when Intel AMT connects to the MPS server on port `4433`, it will correctly connect only if this root certificate is loaded into Intel AMT as a trusted certificate. Browser can also be setup to trust this root certificate in order to create a trusted connection between a browser and the servers HTTPS port. This certificate is RSA3072 unless the option `--fastcert` is used, in that case a RSA2048 certificate is generated.
#### MPS certificate
@@ -186,27 +218,31 @@ This is a TLS certificate signed by the root above used as a TLS server certific
`webserver-cert-public.crt`
-This is the default certificate used to secure the HTTPS port 443. It is signed by the root above and is the certificate users will first see then connecting the browser to the server. Often, users will need to ignore the browser security warning. This certificate is RSA3072 unless the option â--fastcert" is used, in that case a RSA2048 certificate is generated. In production environments, this certificate is replaced with a real certificate. There are many ways to change this certificate for a more appropriate certificate in production environments:
+This is the default certificate used to secure the HTTPS port `443`. It is signed by the root above and is the certificate users will first see then connecting the browser to the server. Often, users will need to ignore the browser security warning. This certificate is RSA3072 unless the option `--fastcert` is used, in that case a RSA2048 certificate is generated. In production environments, this certificate is replaced with a real certificate.
-- You can replace the âwebserver-cert-\*â files in the âmeshcentral-dataâ folder.
-- You can use Letâs Encrypt which will override this certificate automatically.
-- You can use a reverse-proxy in front of the server with â--tlsoffload".
+There are many ways to change this certificate for a more appropriate certificate in production environments :
+
+- You can replace the `webserver-cert-\*` files in the `meshcentral-data` folder.
+
+- You can use Letâs Encrypt which will override this certificate automatically.
+
+- You can use a reverse-proxy in front of the server with `--tlsoffload`.
#### Agent certificate
`agentserver-cert-public.crt`
-This certificate is used to authenticate the server to agents. Itâs signed by the root above and when installing an agent, the hash of this certificate is given to the agent so that it can connect back to the server securely. This certificate is RSA3072 unless the option â--fastcert" is used, in that case a RSA2048 certificate is generated.
+This certificate is used to authenticate the server to agents. Itâs signed by the root above and when installing an agent, the hash of this certificate is given to the agent so that it can connect back to the server securely. This certificate is RSA3072 unless the option `--fastcert` is used, in that case a RSA2048 certificate is generated.
-The âmeshcentral-dataâ folder contains critical server information including private keys therefore, itâs important that it be well protected. Itâs important to backup the âmeshcentral-dataâ folder and keep the backup in a secure place. If, for example the âagent certificateâ on the server is lost, there is no hope for agents ever be able to connect back to this server. All agents will need to be re-installed with a new trusted certificate.
+The `meshcentral-data` folder contains critical server information including private keys therefore, itâs important that it be well protected. Itâs important to backup the `meshcentral-data` folder and keep the backup in a secure place. If, for example the âagent certificateâ on the server is lost, there is no hope for agents ever be able to connect back to this server. All agents will need to be re-installed with a new trusted certificate.
-If someone re-installs a server, placing the âmeshcentral-dataâ folder back with these certificates should allow the server to resume normal operations and accept connections for Intel AMT and agents as before.
+If someone re-installs a server, placing the `meshcentral-data` folder back with these certificates should allow the server to resume normal operations and accept connections for Intel AMT and agents as before.
### Agent Certificates
The mesh agent generates one or two RSA certificates when it first starts. On smaller IoT devices such as a Raspberry Pi, this can take a little while to do and the CPU will spike to 100% during this time. This is normal and only occurs the first time the agent runs.
-
+
The certificates are generated a little differently depending on the platform. On Windows, the Mesh Agent will use Microsoft cryptographic providers to harder the agent root cert. If available, the agent will use the platform TPM to harden the certificate. On other platforms, only one certificate is generated and used for both agent authentication to the server and WebRTC session authentication.
@@ -218,13 +254,13 @@ This certificate is the root trust of the agent. The SHA384 hash of this certifi
This is a certificate signed by the agent root above. Itâs currently only used by WebRTC to perform dTLS authentication to a remote browser. This certificate does not need to be signed by a trusted CA for WebRTC purposes since the hash of the certificate will be sent to the browser using a trusted path. If the agent root certificate is not hardened using platform cryptography, the secondary certificate is not created and the agent root cert is used for all purposes.
-A possible attack would occur if someone were to be able to access the agent root certificate. They could impersonate the agent to the server. Agents donât have any rights to perform management operations on the server or other agents, but by impersonating a agent, a rogue agent would pretend to be an office computer to which administrator would login with their username & password, especially when the root is not hardened. Some care should be taken to protect the âmeshagent.dbâ file and to not give important information to untrusted agents.
+A possible attack would occur if someone were to be able to access the agent root certificate. They could impersonate the agent to the server. Agents donât have any rights to perform management operations on the server or other agents, but by impersonating a agent, a rogue agent would pretend to be an office computer to which administrator would login with their username & password, especially when the root is not hardened. Some care should be taken to protect the `meshagent.db` file and to not give important information to untrusted agents.
-## TLS Security
+## đ TLS Security
MeshCentral makes heavy use of Transport Layer Security (TLS) and datagram-TLS (dTLS) to authenticate and encrypt network traffic between the browser, server and agent. Configuring TLS settings correctly is essential to making sure communications are secure and to minimize attacks on open ports.
-Probably the most important TLS configuration is for the MeshCentral server ports 443 and 4433. These two ports are exposed to the Internet and so, should be setup as securely as possible.
+Probably the most important TLS configuration is for the MeshCentral server ports `443` and `4433`. These two ports are exposed to the Internet and so, should be setup as securely as possible.
### MeshCentral HTTPS port 443
@@ -241,15 +277,15 @@ TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA (0xc013)
Note that these cipher suites are all perfect forward secrecy (PFS) suites and are considered cryptographically secure as of the writing of this document. When the server is deployed on the Internet,[ https://ssllabs.com ](https://ssllabs.com/)gives the server an A rating with no known vulnerabilities and no weak ciphers detected.
-
+
SSL Labs confirms that all major browsers should be able to connect correctly to this server.
### MeshCentral MPS port 4433
-The Manageability Presence Server (MPS) port 4433 is used for incoming Intel AMT CIRA connections. By default it uses a TLS certificate that is signed by a self-signed root certificates. This port is not intended to be connected to by typical browsers, only Intel AMT should connect to this port. Note that the TLS certificate generated by MeshCentral for port 4433 is RSA 2048bits, this is because older Intel AMT firmware donât support RSA 3072. Because the port is not secured using a trusted certificate, SSL Labs will not rate the security of this server.
+The Manageability Presence Server (MPS) port `4433` is used for incoming Intel AMT CIRA connections. By default it uses a TLS certificate that is signed by a self-signed root certificates. This port is not intended to be connected to by typical browsers, only Intel AMT should connect to this port. Note that the TLS certificate generated by MeshCentral for port `4433` is RSA 2048bits, this is because older Intel AMT firmware donât support RSA 3072. Because the port is not secured using a trusted certificate, SSL Labs will not rate the security of this server.
-
+
This is fully expected. Note that SSL Labs will not test servers that are not on port 443. To perform a test like this MeshCentral must be set temporarily with the MPS port set to 443 and the normal HTTPS port set to a different value.
@@ -271,9 +307,9 @@ TLS\_RSA\_WITH\_AES\_128\_CBC\_SHA (0x2f)
```
-The suites starting with âTLS\_RSA\_â donât have perfect forward secrecy (PFS) and so, are considered weak by SSL Labs. However, these are generally the suites that are supported by Intel AMT.
+The suites starting with `TLS\_RSA\_` donât have perfect forward secrecy (PFS) and so, are considered weak by SSL Labs. However, these are generally the suites that are supported by Intel AMT.
-## Agent to server handshake
+## đ°ď¸ Agent to server handshake
One interesting aspect of MeshCentralâs design is how the agent connects to the server. We wanted a way for the agent to connect to the server that would be similar to how browsers connect to web servers. This allows for a large number of agents to connect just like if a large number of browsers where connecting. All of the infrastructure that helps web serverâs scale would be put to use in the same way for agent connections. For example: TLS offload hardware, load balancers, reverse-proxies, web server scaling, etc. could all be put to use. It also makes the server easier to setup because only one port (HTTPS 443) is needed for both users and agents.
@@ -283,7 +319,7 @@ The public facing web certificate of the server can change frequently. For examp
To handle all this, the agent performs a TLS connection to the server and will first see the web certificate of the server. It will then exchange a set of web socket binary messages to the server to perform a secondary authentication with the server.
-
+
The secondary check allows the agent to confirm that this server does own the private key of the private certificate expected by the agent. The agent caches the hash of the âouterâ web certificate. When re-connecting, if the agent sees the same outer web certificate, it will skip the secondary check. For obvious security raisons, itâs important that the agent not accept any management messages until the secondary check is completed or skipped.
@@ -291,42 +327,44 @@ To prevent man-in-the-middle attacks, the secondary check also âpinsâ the ou
The agent connection design allows for reverse-proxies and TLS offload hardware. The agent will first connect a TLS session to the offload hardware. Clear traffic flows between the offload hardware and the server which will perform the secondary check if needed.
-
+
To makes all this work, the MeshCentral server must be able to fetch the hash of the outer web certificate from the reverse proxy. In this case, the server does not need the private key to the web certificate. Note that when the outer web certificate is updated, the server may have to perform many secondary checks at the same time causing a server slowdown during this time. To help with this, MeshCentral will offload the RSA signing operation to many slave processes (as many as the CPU core count on the server) to speed this up. In addition, native NodeJS RSA signing is used (not ForgeJS).
The details of the secondary certificate check look like the diagram below. To boost speed, the exchange is fully asynchronous and both sides send the first message as soon as the TLS connection completes.
-
+
Note that these messages are binary (not JSON). The agent must be able to connect to the server independently of the JavaScript that is running in DukTape. So this exchange is handled by native C code in the agent. Binary message 1 is sent immediately after the TLS connection is setup. Both sides will send binary message 2 when message 1 is received and message 3 when message 2 is received.
In addition, there are two extra messages of interest that can be sent by the agent right at the start. The agent may send the server message number 4 if the secondary check can be skipped and may send binary message number 5 indicating what server hash it expects to verify. Message number 5 is interesting because a server may have many âidentitiesâ at the same time, and so, the server will use message number 5 in order to use the right Agent Server certificate.
-In order to be as secure as possible, all hashes use SHA384 and certificates are RSA3072 and nonces are generated on both sides using a cryptographic random source. The server and agent signatures are computed like this:
+In order to be as secure as possible, all hashes use SHA384 and certificates are RSA3072 and nonces are generated on both sides using a cryptographic random source.
-
+The server and agent signatures are computed like this :
+
+
While the server will often skip its RSA signature operation due to the agents caching the outer web certificate, the server must perform an RSA verify to each agent connection. This canât be skipped but is needed to authenticate the agent.
Once connected, the trust relationship between the server and the agent is one-way. That is, the server has management rights on the agent, but the agent does not have any right on the server. This is important since the agent does not, by default, have any credentials to the server. Any agent can connect to the server and claim to be part of a device group.
-## Browser to agent relay and WebRTC
+## đ Browser to agent relay and WebRTC
Browsers and agents often need to communicate to each other. Data sessions are used for desktop, terminal, file transfers, etc. and must be setup securely.
To setup a session between a browser and the agent, the server will send a URL to both sides to connect to. The URL is generated by the server and includes a unique connection token. It is sent to both the browser and agent using the web socket control channel and a JSON message. Both sides perform a websocket connection to the target URL and the server will âpipeâ both sessions together to act as a passive relay. For security, the agent will only accept connections to the URL given by the server if the server has the same outer web certificate as its control connection. Also note that in this mode, the session is not end-to-end encrypted. The server is performing a TLS decrypt and re-encrypt and the traffic cost is high as each byte of data has to be received and sent again.
-
+
-The relay server is just websocket server that will wait for connections with session tokens. When two connection with the same connection token arrive, the server makes sure that at least one of the two connections is an authenticated user, it then sends the character âcâ on both sides to inform both parties that the relay is starting and then pipes both sessions together. Once the session is started, the browser and agent are free to send messages to each other. Note that when the server sends the relay URL to the agent, it also sends to the agent the userâs permissions flags. This may be used by the agent to limit what the user can do on this session.
+The relay server is just websocket server that will wait for connections with session tokens. When two connection with the same connection token arrive, the server makes sure that at least one of the two connections is an authenticated user, it then sends the character `c` on both sides to inform both parties that the relay is starting and then pipes both sessions together. Once the session is started, the browser and agent are free to send messages to each other. Note that when the server sends the relay URL to the agent, it also sends to the agent the userâs permissions flags. This may be used by the agent to limit what the user can do on this session.
With this design, the flow control between the browser and agent is simple, each session gets its own end-to-end connection and the server will apply appropriate TCP back pressure on both sides as needed.
A unique feature of MeshCentral is its use of WebRTC. WebRTC was introduced in major browsers as a way to allow browsers to directly communicate to each other and perform audio/video streaming. The mesh agent has a WebRTC data-only stack that is custom built for this project in C code. Itâs compatible with Chrome and Firefox implementations and once a session is set up, allows data to flow directly from the browser to the agent, bypassing the server.
-
+
The use of WebRTC allows MeshCentral to scale better, to offer a faster user experience and lower hosting costs all at the same time. However, WebRTC is not easy, especially when you must maintain the C code for it and have to keep up with browser implementations, but the benefits are clear.
@@ -334,7 +372,7 @@ To setup WebRTC, browsers typically use STUN and TURN servers to get traffic thr
To perform the switch-over, both browser and agent will exchange WebRTC control messages over the newly established web socket relay session.
-
+
In order to differentiate session traffic from WebRTC control traffic, the browser and agent agree to send WebRTC setup traffic using web socket text fragments. All other session traffic is sent using binary fragments. The agent has a special API allowing a session to be piped for a single fragment type. So we can perform a remote desktop session to the agent while trying to setup WebRTC at the same time.
@@ -342,32 +380,54 @@ The browser will kick off the WebRTC setup sending the initial WebRTC offer with
On the agent side, the new WebRTC session inherits the user access rights of the web socket. Currently, the web socket channel is still maintained open. While itâs not strickly needed, the web socket session terminates more cleanly than WebRTC and so, oddly its closure is used to signal the end of the WebRTC session.
-## Messenger
+## đŹ Messenger
-MeshCentral includes its own messaging web application it can be used to chat, transfer files and optionally used for audio and video chat. Itâs used to support two different usages: User-to-user and user-to-computer communication. In the first usage, two users that are connected to the same MeshCentral server at the same time can chat. If you are a MeshCentral administrator, you can see the list of currently logged in users and hit the chat button to launch a chat invitation. If accepted, the Messenger is open on both sides and the session starts. Alternatively, while managing a remote computer, an administrator can hit the chat button to cause the remote computer to open a web browser to the chat application.
+MeshCentral includes its own messaging web application it can be used to chat, transfer files and optionally used for audio and video chat. Itâs used to support two different usages :
+
+ - *User-to-user and*
+
+ - *user-to-computer communication.*
+
+ In the first usage, two users that are connected to the same MeshCentral server at the same time can chat. If you are a MeshCentral administrator, you can see the list of currently logged in users and hit the chat button to launch a chat invitation. If accepted, the Messenger is open on both sides and the session starts. Alternatively, while managing a remote computer, an administrator can hit the chat button to cause the remote computer to open a web browser to the chat application.
-
+
-The chat app is standalone web application that is served by the MeshCentral server using a connection token and title in the URL. Once loaded in its own web frame, the messenger web application will get the connection token and title from the URL and proceed to connect to the URL using web socket. The same web socket relay that is used for browser-to-agent connections is also used in this case for browser-to-browser connections. The server relay acts the same and pipes both sessions together after sending the character âcâ to both sides. At this point, the messenger application will show the remote user as connected and chat and file transfers can start. File transfers are just a set of binary messages sent over the web socket session with lots of JSON control messages.
+The chat app is standalone web application that is served by the MeshCentral server using a connection token and title in the URL. Once loaded in its own web frame, the messenger web application will get the connection token and title from the URL and proceed to connect to the URL using web socket. The same web socket relay that is used for browser-to-agent connections is also used in this case for browser-to-browser connections. The server relay acts the same and pipes both sessions together after sending the character `c` to both sides. At this point, the messenger application will show the remote user as connected and chat and file transfers can start. File transfers are just a set of binary messages sent over the web socket session with lots of JSON control messages.
Once the web socket session is setup, the messenger application will then attempt to perform a switch over to WebRTC. Both web application start by selecting a random number (not cryptographic) and the highest number will initiate the WebRTC offer. The other party will answer and both sides will trade interface candidates as they are discovered. If successful, the web socket session are flushed and the traffic is switched over to WebRTC. Because the switchover is done cleanly, it can occur while in the middle of a file transfer without the file being corrupted.
-
+
Finally, the web application will determine if the local computer is attached to a microphone and if it has a camera. If so, these options are offered in the chat window and audio/video chat is available for use. The chat app allows for one way setup of audio & video sessions. This is typically what is needed in support scenarios where the audio/video session is one-way.
The messenger web application will setup a separate WebRTC connection for audio/video in each direction but the code is present to augment the WebRTC control channel with audio/video which is a bit more efficient but more testing is needed before defaulting to this mode.
-## Additional Resources
+## đĄ Additional Resources
-In addition to this document, there are a growing set of MeshCentral resources at: [https://www.meshcommander.com/meshcentral2.](https://www.meshcommander.com/meshcentral2) This includes an Installerâs documents, a Userâs Guide and plenty of YouTube tutorial videos. For developers, itâs best to start on the MeshCentral GitHub repository at:[ https://github.com/Ylianst/MeshCentral](https://github.com/Ylianst/MeshCentral). If any issues are found, itâs best to create a new issue in GitHub or mail [ylianst@gmail.com](mailto:ylianst@gmail.com)
+In addition to this document, there are a growing set of MeshCentral resources at :
-## Conclusion
+ - **[https://www.meshcommander.com/meshcentral2.](https://www.meshcommander.com/meshcentral2)** :
+
+ This includes an Installerâs documents, a Userâs Guide and plenty of YouTube tutorial videos.
+
+For developers, itâs best to start on the MeshCentral GitHub repository at :
+
+ - **[ https://github.com/Ylianst/MeshCentral](https://github.com/Ylianst/MeshCentral)**
+
+If any issues are found, itâs best to create a new issue in GitHub or mail [ylianst@gmail.com](mailto:ylianst@gmail.com)
+
+## đ Conclusion
MeshCentral is a free, open source and powerful remote management solution that is cross- platform. In this document, we have covered the goals, overview, design and some details of the software. Itâs hoped that this document will encourage developers to take a look at MeshCentral for more usages and review its security in detail. MeshCentralâs use of modern web technologies make it a unique and amazing solution for remote management of computers. As with any good software, MeshCentral will continue to be updated and evolve.
## License
MeshCentral and this document are both opens source and licensed using Apache 2.0, the full license can be found at [https://www.apache.org/licenses/LICENSE-2.0](https://www.apache.org/licenses/LICENSE-2.0)
+
+## PDF and ODT handout(s).
+
+[MeshCentral Guide](https://meshcentral.com/docs/MeshCentral2UserGuide.pdf)
+
+MeshCmd Guide [as .pdf](https://meshcentral.com/docs/MeshCmdUserGuide.pdf) [as .odt](https://github.com/Ylianst/MeshCentral/blob/master/docs/MeshCentral User's Guide v0.2.9.odt?raw=true)
\ No newline at end of file
diff --git a/docs/MeshCentral ADFS SSO Guide 0.0.1.odt b/docs/docs/documents/MeshCentral ADFS SSO Guide 0.0.1.odt
similarity index 100%
rename from docs/MeshCentral ADFS SSO Guide 0.0.1.odt
rename to docs/docs/documents/MeshCentral ADFS SSO Guide 0.0.1.odt
diff --git a/docs/MeshCentral Design & Architecture v0.0.4.odt b/docs/docs/documents/MeshCentral Design & Architecture v0.0.4.odt
similarity index 100%
rename from docs/MeshCentral Design & Architecture v0.0.4.odt
rename to docs/docs/documents/MeshCentral Design & Architecture v0.0.4.odt
diff --git a/docs/MeshCentral Install Guide v0.1.0.odt b/docs/docs/documents/MeshCentral Install Guide v0.1.0.odt
similarity index 100%
rename from docs/MeshCentral Install Guide v0.1.0.odt
rename to docs/docs/documents/MeshCentral Install Guide v0.1.0.odt
diff --git a/docs/MeshCentral Intel AMT Guide v0.0.1.odt b/docs/docs/documents/MeshCentral Intel AMT Guide v0.0.1.odt
similarity index 100%
rename from docs/MeshCentral Intel AMT Guide v0.0.1.odt
rename to docs/docs/documents/MeshCentral Intel AMT Guide v0.0.1.odt
diff --git a/docs/MeshCentral Router User Guide v0.0.2.odt b/docs/docs/documents/MeshCentral Router User Guide v0.0.2.odt
similarity index 100%
rename from docs/MeshCentral Router User Guide v0.0.2.odt
rename to docs/docs/documents/MeshCentral Router User Guide v0.0.2.odt
diff --git a/docs/MeshCentral Satellite v0.0.1.odt b/docs/docs/documents/MeshCentral Satellite v0.0.1.odt
similarity index 100%
rename from docs/MeshCentral Satellite v0.0.1.odt
rename to docs/docs/documents/MeshCentral Satellite v0.0.1.odt
diff --git a/docs/MeshCentral User's Guide v0.2.9.odt b/docs/docs/documents/MeshCentral User's Guide v0.2.9.odt
similarity index 100%
rename from docs/MeshCentral User's Guide v0.2.9.odt
rename to docs/docs/documents/MeshCentral User's Guide v0.2.9.odt
diff --git a/docs/MeshCmd User's Guide v0.0.3.odt b/docs/docs/documents/MeshCmd User's Guide v0.0.3.odt
similarity index 100%
rename from docs/MeshCmd User's Guide v0.0.3.odt
rename to docs/docs/documents/MeshCmd User's Guide v0.0.3.odt
diff --git a/docs/MeshCtrl User's Guide v0.0.1.odt b/docs/docs/documents/MeshCtrl User's Guide v0.0.1.odt
similarity index 100%
rename from docs/MeshCtrl User's Guide v0.0.1.odt
rename to docs/docs/documents/MeshCtrl User's Guide v0.0.1.odt
diff --git a/docs/docs/how-to-contribute/index.md b/docs/docs/how-to-contribute/index.md
index ed3d87aa..9ec09744 100644
--- a/docs/docs/how-to-contribute/index.md
+++ b/docs/docs/how-to-contribute/index.md
@@ -1,56 +1,99 @@
-# Contribute to MeshCentral
+# Contribute to MeshCentral
-## Contributing to MeshCentral via GitHub Pull Request
+---
+## đ¤ Contributing to MeshCentral via GitHub Pull Request
-If you're looking to contribute beyond translations, such as updating documentation or enhancing the software by adding features or fixing bugs, the process involves several key steps:
+If you're looking to contribute beyond translations, such as updating documentation or enhancing the software by adding features or fixing bugs, the process involves several key steps :
-1. **Fork the Repository:** Start by forking the [MeshCentral](https://github.com/Ylianst/MeshCentral) repository on GitHub. This creates a copy of the repository under your own GitHub account, allowing you to make changes without affecting the original project.
+1. **Fork the Repository :**
+
+ > Start by forking the [MeshCentral](https://github.com/Ylianst/MeshCentral) repository on GitHub.
+
+ > This creates a copy of the repository under your own GitHub account, allowing you to make changes without affecting the original project.
2. **Make Your Changes**
- - In your forked repository, create a new branch to keep your changes organized. This helps in managing different contributions separately.
- - Make the necessary changes in your repository. This could involve updating documentation files or modifying code to add new features or fix bugs.
-3. **Review Your Changes:** Before submitting your work, carefully review the changes youâve made. Check the "Files Changed" section on GitHub to ensure that all modifications are intended and correctly implemented.
+ > - In your forked repository, create a new branch to keep your changes organized. This helps in managing different contributions separately.
+
+ > - Make the necessary changes in your repository. This could involve updating documentation files or modifying code to add new features or fix bugs.
+
+3. **Review Your Changes :**
+
+ > Before submitting your work, carefully review the changes youâve made. Check the "Files Changed" section on GitHub to ensure that all modifications are intended and correctly implemented.
4. **Submit a Pull Request**
- - Once your changes are ready and reviewed, submit a pull request (PR) from your branch to the `master` branch of the main MeshCentral repository.
- - When creating the pull request, provide a clear and detailed description of what changes have been made and why. This helps maintainers understand the purpose of your contributions.
-5. **Wait for Review:** After submitting your pull request, wait for a project maintainer to review your contribution. Review time can vary depending on the complexity of the changes and the availability of the maintainers.
+ > - Once your changes are ready and reviewed, submit a pull request (PR) from your branch to the `master` branch of the main MeshCentral repository.
+ > - When creating the pull request, provide a clear and detailed description of what changes have been made and why. This helps maintainers understand the purpose of your contributions.
-6. **Respond to Feedback:** The maintainer may request further modifications or provide feedback on your pull request. Be prepared to make additional changes based on their suggestions to ensure that your contribution meets the projectâs standards and requirements.
+5. **Wait for Review :**
-7. **Final Steps:** Once your pull request is approved and merged by a maintainer, your contributions will be incorporated into the MeshCentral project. Congratulations, and thank you for helping improve MeshCentral!
+ > After submitting your pull request, wait for a project maintainer to review your contribution. Review time can vary depending on the complexity of the changes and the availability of the maintainers.
+
+6. **Respond to Feedback :**
+
+ > The maintainer may request further modifications or provide feedback on your pull request. Be prepared to make additional changes based on their suggestions to ensure that your contribution meets the projectâs standards and requirements.
+
+7. **Final Steps :**
+
+ > Once your pull request is approved and merged by a maintainer, your contributions will be incorporated into the MeshCentral project. Congratulations, and thank you for helping improve MeshCentral!
---
-## Contribute to MeshCentral's Multilingual Support
+## đŁď¸ Contribute to MeshCentral's Multilingual Support
To make MeshCentral multilingual, your contributions are crucial. Follow these steps to translate the interface into various languages.
-1. **Remove Local Translations:** Delete `translate.json` from your `meshcentral-data` folder. This file contains your local copy of translations, which may become outdated as new features and texts are added.
+1. **Remove Local Translations :**
-2. **Access MeshCentral:** Ensure you are logged into MeshCentral.
-3. **Open Translation Tool:** Visit `https://YOURMESHCENTRALSERVER.COM/translator.htm` to access the translation interface.
-4. **Choose a Language:** Select the language you wish to translate from the list provided.
+ > Delete `translate.json` from your `meshcentral-data` folder. This file contains your local copy of translations, which may become outdated as new features and texts are added.
-5. **Translate Text:** Use the search function or scroll through the list to find text segments you want to translate. Utilize the "show no translations only" checkbox to filter untranslated texts.
-6. **Enter Translations:** For each text segment, enter your translation in the bottom box (not the top one) and click `SET (F1)`.
-7. **Repeat Translation:** Continue translating by repeating steps 5 and 6 for other texts as desired.
+2. **Access MeshCentral :**
+
+ > Ensure you are logged into MeshCentral.
+
+3. **Open Translation Tool:**
+
+ > Visit `https://YOURMESHCENTRALSERVER.COM/translator.htm` to access the translation interface.
+
+4. **Choose a Language :**
+
+ > Select the language you wish to translate from the list provided.
+
+5. **Translate Text :**
+
+ > Use the search function or scroll through the list to find text segments you want to translate. Utilize the "show no translations only" checkbox to filter untranslated texts.
+
+6. **Enter Translations :**
+
+ > For each text segment, enter your translation in the bottom box (not the top one) and click `SET (F1)`.
+
+7. **Repeat Translation :** Continue translating by repeating steps 5 and 6 for other texts as desired.
8. **Save and Apply Translations**
- - Click `SAVE TO SERVER (F3)` to save your translations to `meshcentral-data/translate.json` locally in your MeshCentral server.
- - Optionally, click `SAVE TO FILE (F4)` to download the `translate.json` file for offline review or sharing.
-9. **Deploy Translations:** Click `TRANSLATE SERVER` and allow some time for the process to complete (approximately 5-15 minutes depending on server specifications). This command line output will indicate when the translation is complete.
-
+ > - Click `SAVE TO SERVER (F3)` to save your translations to `meshcentral-data/translate.json` locally in your MeshCentral server.
+ > - Optionally, click `SAVE TO FILE (F4)` to download the `translate.json` file for offline review or sharing.
-10. **Finalize Changes:** Itâs crucial to restart MeshCentral to ensure that the translated files are picked up correctly.
-11. **Share your translations:** Once a language translation is complete, take the latest `translation.json` and share it by emailing it to the maintainer (Ylianst, `ylianst@gmail.com`) or by submitting it to the MeshCentral GitHub repository via a pull request.
+9. **Deploy Translations :**
+
+ > Click `TRANSLATE SERVER` and allow some time for the process to complete (approximately 5-15 minutes depending on server specifications). This command line output will indicate when the translation is complete.
+
+ > 
+
+10. **Finalize Changes :**
+
+ > Itâs crucial to restart MeshCentral to ensure that the translated files are picked up correctly.
+
+11. **Share your translations :**
+
+ > Once a language translation is complete, take the latest `translation.json` and share it by emailing it to the maintainer (Ylianst, `ylianst@gmail.com`) or by submitting it to the MeshCentral GitHub repository via a pull request.
---
-#### Additional Information:
- - If you make any changes to `default.handlebars`, run the translate server to propagate these modifications to the language-specific handlebar files located in `node_modules/meshcentral/views/translations`.
+!!! note
+ Additional Information :
+
+ If you make any changes to `default.handlebars`, run the translate server to propagate these modifications to the language-specific handlebar files located in `node_modules/meshcentral/views/translations`.
By following these steps, you help MeshCentral support any language you choose, making it more accessible worldwide. By sharing your translations with us, you also help make these languages available to other users, improving the community and extending the software's reach.
diff --git a/docs/docs/index.md b/docs/docs/index.md
index fabdc903..a9064236 100644
--- a/docs/docs/index.md
+++ b/docs/docs/index.md
@@ -4,60 +4,68 @@
MeshCentral is a full computer management web site. With MeshCentral, you can run your own web server to remotely manage and control computers on a local network or anywhere on the internet. Once you get the server started, create device group and download and install an agent on each computer you want to manage. A minute later, the new computer will show up on the web site and you can take control of it. MeshCentral includes full web-based remote desktop, terminal and file management capability.
-For more information, [visit MeshCentral.com](https://www.meshcentral.com/).
+For more information, [visit MeshCentral.com](https://meshcentral.com).
-## Social Media
+## đ Social Media
-[YouTube](https://www.youtube.com/channel/UCJWz607A8EVlkilzcrb-GKg/videos)
+  [YouTube](https://www.youtube.com/channel/UCJWz607A8EVlkilzcrb-GKg/videos)
+  [Reddit](https://www.reddit.com/r/MeshCentral/)
+  [Telegram](https://t.me/meshcentral)
+  [Discord](https://discord.gg/wF9UT3Vjdj)
+  [BlueSky](https://bsky.app/profile/meshcentral.bsky.social)
+  [BlogSpot](https://meshcentral2.blogspot.com/)
-[Reddit](https://www.reddit.com/r/MeshCentral/)
+## đ Documentation
-[BlueSky](https://bsky.app/profile/meshcentral.bsky.social)
+The [User's Guide](meshcentral/index.md) contains information every administrator should know including usage, the server configuration file, databases, TLS offloading, Lets Encrypt, IP Filtering, Email setup, embedding, server port aliasing, reverse proxy setup, multi factor authentication, branding & terms of use, HashiCorp Vault support, and SSO.
-[BlogSpot](https://meshcentral2.blogspot.com/)
+The [Installation Guide](install/install.md) has detailed instructions for installing the MeshCentral Server on Windows 8.1, Windows 10, Windows 2012 R2, Amazon Linux 2, Raspberry Pi, Microsoft Azure, Google Cloud, Ubuntu 18, Ubuntu 16 and OpenBSD.
-## Documentation
+The [Design and Architecture Guide](design/index.md) is a short document that includes information on the design overview, dependencies, source code descriptions of each file, certificates, TLS security, the agent to server handshake, browser to agent relay and WebRTC and the messenger service.
-The [User's Guide](meshcentral) contains information every administrator should know including usage, the server configuration file, databases, TLS offloading, Lets Encrypt, IP Filtering, Email setup, embedding, server port aliasing, reverse proxy setup, multi factor authentication, branding & terms of use, HashiCorp Vault support, and SSO.
+## đş Video Tutorials
-The [Installation Guide](install/install2.md) has detailed instructions for installing the MeshCentral Server on Windows 8.1, Windows 10, Windows 2012 R2, Amazon Linux 2, Raspberry Pi, Microsoft Azure, Google Cloud, Ubuntu 18, Ubuntu 16 and OpenBSD.
+You can watch many tutorial videos on the [MeshCentral YouTube Channel](https://www.youtube.com/channel/UCJWz607A8EVlkilzcrb-GKg/videos). Here are some essential ones to get you started :
-The [Design and Architecture Guide](design) is a short document that includes information on the design overview, dependencies, source code descriptions of each file, certificates, TLS security, the agent to server handshake, browser to agent relay and WebRTC and the messenger service.
+**[MeshCentral - Installation](https://www.youtube.com/results?search_query=MeshCentral+Installation)**
+Installing MeshCentral on **Windows**, **Linux**, and **macOS**.
-## Video Tutorials
-You can watch many tutorial videos on the [MeshCentral YouTube Channel](https://www.youtube.com/channel/UCJWz607A8EVlkilzcrb-GKg/videos). Two videos to get started involve installation and basic usages.
+**[MeshCentral - Basics](https://www.youtube.com/results?search_query=MeshCentral+Basics)**
+Learn how to install the agent and use remote **desktop**, **terminal**, and **file access** features.
-Installing MeshCentral on Windows, Linux and macOS.
-[MeshCentral - Installation](https://www.youtube.com/watch?v=GsQbWZmRRAU)
-Basic Usages including installing the agent and remote desktop, terminal and file access.
-[MeshCentral - Basics](https://www.youtube.com/watch?v=D9Q7M7PdTg0)
+**[MeshCentral - Two Factor Authentication](https://www.youtube.com/results?search_query=MeshCentral+Two+Factor+Authentication)**
+Secure your MeshCentral instance with **two-factor authentication**.
-MeshCentral support for two-factor authentication.
-[MeshCentral - Two Factor Authentication](https://www.youtube.com/watch?v=luLZKcma9l0)
-How to setup MeshCentral with the NGINX reverse proxy.
-[MeshCentral - NGINX Reverse Proxy](https://www.youtube.com/watch?v=YSmiLyKSX2I)
+**[MeshCentral - NGINX Reverse Proxy](https://www.youtube.com/results?search_query=MeshCentral+NGINX+Reverse+Proxy)**
+Configure MeshCentral with an **NGINX reverse proxy** for better security and scalability.
-Installing and using the MeshCentral Android agent.
-[MeshCentral - Android](https://www.youtube.com/watch?v=wi1HYdW00Bk)
-Using MeshCentral Router to port map TCP connections.
-[MeshCentral - Basics](https://www.youtube.com/watch?v=BubeVRmbCRM)
+**[MeshCentral - Android](https://www.youtube.com/results?search_query=MeshCentral+Android)**
+Install and use the **MeshCentral Android agent** for mobile device management.
-## Feedback
-If you encounter a problem or have a suggestion to improve the product, you may file an [issue report](https://github.com/Ylianst/MeshCentral/issues/)
+**[MeshCentral - Basics](https://www.youtube.com/results?search_query=MeshCentral+Router+Port+Mapping)**
+Use **MeshCentral Router** to **port map TCP connections** securely.
+
+## đŹ Feedback
+
+If you encounter a problem or have a suggestion to improve the product, you may file an [GitHub Issue](https://github.com/Ylianst/MeshCentral/issues/).
If you are filing a problem report, you should include:
-* The version of the software you are using
-* The Operating System and version
-* The observed output
-* The expected output
-* Any troubleshooting you took to resolve the issue yourself
-* Any other similar reports~~
+* The version of the software you are using.
+> For example: 1.1.46
+* The Operating System and version.
+> For example: Debian 12
+* Any troubleshooting you took to resolve the issue yourself.
+> For example: Reinstalling MeshCentral (including OS)
+* Any other similar reports.
+> For example: other GitHub issues.
+* The observed output.
+* The expected output.
If you are having issues with the following other products, you should file a report on their respective issue pages
[MeshAgent](https://github.com/Ylianst/MeshAgent/issues)
diff --git a/docs/docs/install/abstract.md b/docs/docs/install/abstract.md
new file mode 100644
index 00000000..392b720f
--- /dev/null
+++ b/docs/docs/install/abstract.md
@@ -0,0 +1,16 @@
+# Installation
+
+## 𧞠Abstract
+
+These guides are specifically intended to help users install and configure MeshCentral.
+Once installed, you can take a look at the MeshCentral userâs guide,
+for information on how to configure MeshCentral for your specific use.
+In this document, we will look at installing MeshCentral on different operating systems like:
+
+And remember! The `config.json` is case insensitive in its keys.
+
+ - đ˘ **[Quick-start](./quickstart.md)**
+
+ - đ§ **[Advanced Information](./advanced.md)**
+
+ - đŞ **[Windows-specific](./windows.md)**
diff --git a/docs/docs/install/advanced.md b/docs/docs/install/advanced.md
new file mode 100644
index 00000000..2e56053c
--- /dev/null
+++ b/docs/docs/install/advanced.md
@@ -0,0 +1,91 @@
+# đŚ NPM Installation for Advanced Users
+
+
+
+## Prerequisites and Verification
+
+Before beginning the installation, ensure **Node.js** and **NPM** (Node Package Manager) are installed on your host operating system.
+
+If your server is behind an HTTP/HTTPS proxy, you may need to configure NPM's proxy settings.
+
+### 1\. Verify Node.js and NPM
+
+Open your command-line terminal (CMD/PowerShell on Windows, or Shell on Linux) and run the following commands to check the installed versions:
+
+ * **Node.js:**
+ ```shell
+ node -v
+ ```
+ * **NPM:**
+ ```shell
+ npm -v
+ ```
+
+-----
+
+### 2\. Configure Proxy Settings (If Applicable)
+
+If your server requires a proxy to access the internet, you must set the proxy configurations for NPM. **Skip this step if not needed.**
+
+```shell
+# Set HTTP proxy
+npm config set proxy http://proxy.com:88
+# Set HTTPS proxy
+npm config set https-proxy http://proxy.com:88
+```
+
+-----
+
+## MeshCentral Installation
+
+### 3\. Install MeshCentral
+
+Create a dedicated directory for the installation, change into it, and use NPM to install the MeshCentral package.
+
+**Recommendation:** On Linux, use the `/opt` directory.
+
+> â ď¸ **Important:** Do not use `sudo` when executing the `npm install meshcentral` command.
+
+```shell
+# Create the directory
+mkdir -p /opt/meshcentral
+# Move into the directory
+cd /opt/meshcentral
+# Install MeshCentral
+npm install meshcentral
+```
+
+-----
+
+### 4\. Start the Server
+
+Once the download is complete, start the MeshCentral server.
+
+> â ď¸ **Crucial:** **Do not** `cd` into the `node_modules/meshcentral` directory to run the server. Running it from the directory **above** `node_modules` is required for features like auto-install and self-update to function correctly.
+
+```shell
+node node_modules/meshcentral [arguments]
+```
+
+> **LAN-Only Mode:** If you run the command without arguments, MeshCentral will default to **LAN-only mode**, meaning you can only manage computers on the local network.
+
+-----
+
+### 5\. Configure for WAN/Internet Access (Optional)
+
+To manage computers over the internet (**WAN** or **Hybrid Mode**), your server needs a **static IP** or a **DNS record** that resolves to its public address. This is how remote mesh agents "call home."
+
+While command-line parameters exist, it's **highly recommended to use a configuration file** for persistent settings.
+
+Here are examples of starting the server and generating initial certificates for a public address:
+
+```shell
+# Using a domain name
+node node_modules/meshcentral --cert servername.domain.com
+# Using an IP address
+node node_modules/meshcentral --cert 1.2.3.4
+```
+
+> **Note:** The first time you run in WAN or Hybrid Mode, MeshCentral will generate necessary **certificates**, which may take a few minutes.
+
+Once running, immediately create your **admin account** by navigating to `https://127.0.0.1` (or your public hostname) in a web browser.
\ No newline at end of file
diff --git a/docs/docs/install/container.md b/docs/docs/install/container.md
new file mode 100644
index 00000000..e0f88651
--- /dev/null
+++ b/docs/docs/install/container.md
@@ -0,0 +1,109 @@
+# đł Container (OCI-specification).
+
+[Open Container Initiative](https://opencontainers.org/)
+
+The following section explains possible ways to install MeshCentral locally with the use of Docker or Podman.
+For the syntax, docker will be used as default. This is done because podman also supports this syntax.
+
+đ References:
+
+- [Docker](https://www.docker.com/)
+- [Podman](https://podman.io/)
+
+!!!warning
+ Do not use the built-in MeshCentral update functionality (when using containers).
+ Update the container the 'docker way', by updating the image itself.
+
+### đˇď¸ Basic Tags:
+
+| Tag-name | Explanation |
+|--------|-----|
+| `master` | This tag belongs to the image which is built on every new commit to the main branch, therefor it has the latest code. |
+| `latest` | This tag takes the latest released version of MeshCentral. |
+| `1.1.51` | You can also specify the specific MeshCentral release with its tag, for example: `ghcr.io/ylianst/meshcentral:1.1.43` |
+
+### All Tags
+
+All master tags below follow the master branch of MeshCentral, the latest and version numbered versions follow the releases.
+
+| Tag-name | Explanation |
+| -------- | ----------- |
+| `master-slim` | Docker image with no database packages present, which makes it the most lean. Uses NeDB. |
+| `master-mongodb` | Docker image with the MongoDB packages installed. |
+| `master-postgresql` | Docker image with the PostgreSQL packages installed |
+| `master-mysql` | Docker image with the MySQL packages installed |
+| `1.1.51-slim` and `latest-slim` | Docker image with no database packages present, which makes it the most lean. Uses NeDB. |
+| `1.1.51-mongodb` and `latest-mongodb` | Docker image with the MongoDB packages installed. |
+| `1.1.51-postgresql` and `latest-postgresql` | Docker image with the PostgreSQL packages installed. |
+| `1.1.51-mysql` and `latest-mysql` | Docker image with the MySQL packages installed. |
+
+---
+> **đ Note:**
+Refer to [this page](https://github.com/Ylianst/MeshCentral/pkgs/container/meshcentral) for more information on the container status.
+---
+
+## đ Docker/Podman
+
+For single-machine setups such as Docker and Podman.
+
+### Pulling the image:
+
+To pull the container image use the following container registry.
+
+```sh
+docker pull ghcr.io/ylianst/meshcentral:latest
+```
+
+### Docker CLI:
+
+If you want to run the container from the Terminal, you can use the following command:
+
+```sh linenums="1"
+docker run -d \
+ --name meshcentral \
+ --restart unless-stopped \
+ -p 80:80 \
+ -p 443:443 \
+ -v data:/opt/meshcentral/meshcentral-data \
+ -v user_files:/opt/meshcentral/meshcentral-files \
+ -v backup:/opt/meshcentral/meshcentral-backups \
+ -v web:/opt/meshcentral/meshcentral-web \
+ ghcr.io/ylianst/meshcentral:latest
+```
+
+### Docker Compose:
+
+If you want to use a docker compose yaml file, please refer to the example below.
+
+```yaml linenums="1"
+services:
+ meshcentral:
+ image: ghcr.io/ylianst/meshcentral:latest
+ environment:
+ - DYNAMIC_CONFIG=false # Show the option but disable it by default, for safety.
+ volumes:
+ - meshcentral-data:/opt/meshcentral/meshcentral-data
+ - meshcentral-files:/opt/meshcentral/meshcentral-files
+ - meshcentral-web:/opt/meshcentral/meshcentral-web
+ - meshcentral-backups:/opt/meshcentral/meshcentral-backups
+ ports:
+ - "80:80"
+ - "443:443"
+volumes:
+ meshcentral-data:
+ meshcentral-files:
+ meshcentral-web:
+ meshcentral-backups:
+```
+
+Refer to [the Dockerfile](https://github.com/Ylianst/MeshCentral/blob/5032755c2971955161105922e723461385a6c874/docker/Dockerfile#L70-L123) for its environment variables.
+
+## â¸ď¸ Kubernetes
+
+###
+
+> Using YAML deployment files.
+
+## đ Extra sources
+
+> [Github Docker Resources](https://github.com/Ylianst/MeshCentral/tree/master/docker)
\ No newline at end of file
diff --git a/docs/docs/install/database/local.md b/docs/docs/install/database/local.md
new file mode 100644
index 00000000..1c08ead4
--- /dev/null
+++ b/docs/docs/install/database/local.md
@@ -0,0 +1,52 @@
+# This section will go into how to configure a local database as backend.
+
+Following [the schema](https://github.com/Ylianst/MeshCentral/blob/master/meshcentral-config-schema.json) we make the following changes to our `config.json`.
+Some requires keys have been omitted to further the focus on database configuration. Don't remove these as well.
+
+By default MeshCentral uses NeDB so therefor to change that to another database type, do the following:
+
+---
+
+### MeshCentral Cheatsheet:
+
+Sqlite3:
+```json
+{
+ "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
+ "__comment__": "Omitted these keys to focus on the database",
+ "settings": {
+ "sqlite3": {
+ "name": "meshcentral-db"
+ }
+ },
+ "domains": {
+ "": {
+ "__comment__": "Omitted these keys to focus on the database",
+ }
+ },
+ "_letsencrypt": {
+ "__comment__": "Omitted these keys to focus on the database",
+ }
+}
+```
+
+Acebase:
+```json
+{
+ "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
+ "__comment__": "Omitted these keys to focus on the database",
+ "settings": {
+ "acebase": {
+ "sponsor": false
+ }
+ },
+ "domains": {
+ "": {
+ "__comment__": "Omitted these keys to focus on the database",
+ }
+ },
+ "_letsencrypt": {
+ "__comment__": "Omitted these keys to focus on the database",
+ }
+}
+```
\ No newline at end of file
diff --git a/docs/docs/install/database/mariadb.md b/docs/docs/install/database/mariadb.md
new file mode 100644
index 00000000..e7c0db5d
--- /dev/null
+++ b/docs/docs/install/database/mariadb.md
@@ -0,0 +1,84 @@
+# This section will go into how to configure MySQL/MariaDB as a database backend.
+
+Following [the schema](https://github.com/Ylianst/MeshCentral/blob/master/meshcentral-config-schema.json) we make the following changes to our `config.json`.
+Some requires keys have been omitted to further the focus on database configuration. Don't remove these as well.
+
+---
+
+### MeshCentral Cheatsheet:
+
+Database specific:
+
+MariaDB:
+```json
+{
+ "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
+ "__comment__": "Omitted these keys to focus on the database",
+ "settings": {
+ "mariaDB": {
+ "host": "my-mariadb-hostname",
+ "port": "3306",
+ "user": "my-mariadb-user",
+ "password": "my-mariadb-password",
+ "database": "meshcentral-database"
+ }
+ },
+ "domains": {
+ "": {
+ "__comment__": "Omitted these keys to focus on the database",
+ }
+ },
+ "_letsencrypt": {
+ "__comment__": "Omitted these keys to focus on the database",
+ }
+}
+```
+
+Mysql:
+```json
+{
+ "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
+ "__comment__": "Omitted these keys to focus on the database",
+ "settings": {
+ "mySQL": {
+ "host": "my-mysql-hostname",
+ "port": "3306",
+ "user": "my-mysql-user",
+ "password": "my-mysql-password",
+ "database": "meshcentral-database"
+ }
+ },
+ "domains": {
+ "": {
+ "__comment__": "Omitted these keys to focus on the database",
+ }
+ },
+ "_letsencrypt": {
+ "__comment__": "Omitted these keys to focus on the database",
+ }
+}
+```
+
+### MariaDB/MySQL Cheatsheet:
+
+```bash
+mariadb -u root -p
+```
+or
+```bash
+mysql -u root -p
+```
+
+```sql
+-- Create the database
+CREATE DATABASE meshcentral;
+
+-- Create the user (restricting login to localhost)
+CREATE USER 'meshcentral'@'localhost' IDENTIFIED BY 'my-very-secure-password';
+
+-- Grant privileges
+GRANT ALL PRIVILEGES ON meshcentral.* TO 'meshcentral'@'localhost';
+
+-- Apply changes
+FLUSH PRIVILEGES;
+```
\ No newline at end of file
diff --git a/docs/docs/install/database/mongodb.md b/docs/docs/install/database/mongodb.md
new file mode 100644
index 00000000..7c20f762
--- /dev/null
+++ b/docs/docs/install/database/mongodb.md
@@ -0,0 +1,28 @@
+# This section will go into how to configure MongoDB as a database backend.
+
+Following [the schema](https://github.com/Ylianst/MeshCentral/blob/master/meshcentral-config-schema.json) we make the following changes to our `config.json`.
+Some requires keys have been omitted to further the focus on database configuration. Don't remove these as well.
+
+---
+
+### MeshCentral Cheatsheet:
+
+MongoDB is configured using the MongoDB connection string.
+
+```json
+{
+ "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
+ "__comment__": "Omitted these keys to focus on the database",
+ "settings": {
+ "mongoDb": "mongodb://localhost:27017/meshcentral"
+ },
+ "domains": {
+ "": {
+ "__comment__": "Omitted these keys to focus on the database",
+ }
+ },
+ "_letsencrypt": {
+ "__comment__": "Omitted these keys to focus on the database",
+ }
+}
+```
\ No newline at end of file
diff --git a/docs/docs/install/database/postgresql.md b/docs/docs/install/database/postgresql.md
new file mode 100644
index 00000000..5f14c688
--- /dev/null
+++ b/docs/docs/install/database/postgresql.md
@@ -0,0 +1,57 @@
+# This section will go into how to configure PostgreSQL as a database backend.
+
+Following [the schema](https://github.com/Ylianst/MeshCentral/blob/master/meshcentral-config-schema.json) we make the following changes to our `config.json`.
+Some requires keys have been omitted to further the focus on database configuration. Don't remove these as well.
+
+---
+
+### MeshCentral Cheatsheet:
+
+The postgres installation inside `settings` is rather straightforward if you are familiar with it on MeshCentral its side.
+
+```json
+{
+ "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
+ "__comment__": "Omitted these keys to focus on the database",
+ "settings": {
+ "postgres": {
+ "host": "my-postgresql-hostname",
+ "port": "5432",
+ "user": "my-postgresql-user",
+ "password": "my-postgresql-password",
+ "database": "meshcentral-database"
+ }
+ },
+ "domains": {
+ "": {
+ "__comment__": "Omitted these keys to focus on the database",
+ }
+ },
+ "_letsencrypt": {
+ "__comment__": "Omitted these keys to focus on the database",
+ }
+}
+```
+
+> More options are available if needed. Refer to the schema above.
+
+### Postgres Cheatsheet
+
+```bash
+# Log into the server
+psql -U postgres
+```
+
+```sql
+
+-- Create the database user
+postgres=# CREATE USER meshcentral WITH PASSWORD 'your-very-strong-password';
+CREATE ROLE
+
+-- Create the database and set the above user as owner
+postgres=# CREATE DATABASE meshcentral OWNER meshcentral;
+CREATE DATABASE
+
+-- Exit the database
+postgres=# exit
+```
\ No newline at end of file
diff --git a/docs/docs/install/images/2022-05-16-23-45-01.jpg b/docs/docs/install/images/2022-05-16-23-45-01.jpg
new file mode 100644
index 00000000..bf695da1
Binary files /dev/null and b/docs/docs/install/images/2022-05-16-23-45-01.jpg differ
diff --git a/docs/docs/install/images/2022-05-16-23-45-01.png b/docs/docs/install/images/2022-05-16-23-45-01.png
deleted file mode 100644
index a89c1faf..00000000
Binary files a/docs/docs/install/images/2022-05-16-23-45-01.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-16-23-47-10.jpg b/docs/docs/install/images/2022-05-16-23-47-10.jpg
new file mode 100644
index 00000000..db149d22
Binary files /dev/null and b/docs/docs/install/images/2022-05-16-23-47-10.jpg differ
diff --git a/docs/docs/install/images/2022-05-16-23-47-10.png b/docs/docs/install/images/2022-05-16-23-47-10.png
deleted file mode 100644
index dee2e04a..00000000
Binary files a/docs/docs/install/images/2022-05-16-23-47-10.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-16-23-47-36.jpg b/docs/docs/install/images/2022-05-16-23-47-36.jpg
new file mode 100644
index 00000000..13fabd92
Binary files /dev/null and b/docs/docs/install/images/2022-05-16-23-47-36.jpg differ
diff --git a/docs/docs/install/images/2022-05-16-23-47-36.png b/docs/docs/install/images/2022-05-16-23-47-36.png
deleted file mode 100644
index b2762629..00000000
Binary files a/docs/docs/install/images/2022-05-16-23-47-36.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-16-23-53-08.jpg b/docs/docs/install/images/2022-05-16-23-53-08.jpg
new file mode 100644
index 00000000..ae50d1ac
Binary files /dev/null and b/docs/docs/install/images/2022-05-16-23-53-08.jpg differ
diff --git a/docs/docs/install/images/2022-05-16-23-53-08.png b/docs/docs/install/images/2022-05-16-23-53-08.png
deleted file mode 100644
index 0218cded..00000000
Binary files a/docs/docs/install/images/2022-05-16-23-53-08.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-01-10.jpg b/docs/docs/install/images/2022-05-17-00-01-10.jpg
new file mode 100644
index 00000000..ef229ab1
Binary files /dev/null and b/docs/docs/install/images/2022-05-17-00-01-10.jpg differ
diff --git a/docs/docs/install/images/2022-05-17-00-01-10.png b/docs/docs/install/images/2022-05-17-00-01-10.png
deleted file mode 100644
index cfaf80f8..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-01-10.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-01-52.jpg b/docs/docs/install/images/2022-05-17-00-01-52.jpg
new file mode 100644
index 00000000..c184ced4
Binary files /dev/null and b/docs/docs/install/images/2022-05-17-00-01-52.jpg differ
diff --git a/docs/docs/install/images/2022-05-17-00-01-52.png b/docs/docs/install/images/2022-05-17-00-01-52.png
deleted file mode 100644
index 697217bd..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-01-52.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-02-25.jpg b/docs/docs/install/images/2022-05-17-00-02-25.jpg
new file mode 100644
index 00000000..a8b1c75b
Binary files /dev/null and b/docs/docs/install/images/2022-05-17-00-02-25.jpg differ
diff --git a/docs/docs/install/images/2022-05-17-00-02-25.png b/docs/docs/install/images/2022-05-17-00-02-25.png
deleted file mode 100644
index af704235..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-02-25.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-03-59.jpg b/docs/docs/install/images/2022-05-17-00-03-59.jpg
new file mode 100644
index 00000000..152d6213
Binary files /dev/null and b/docs/docs/install/images/2022-05-17-00-03-59.jpg differ
diff --git a/docs/docs/install/images/2022-05-17-00-03-59.png b/docs/docs/install/images/2022-05-17-00-03-59.png
deleted file mode 100644
index 3b019380..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-03-59.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-12-10.png b/docs/docs/install/images/2022-05-17-00-12-10.png
deleted file mode 100644
index 793be731..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-12-10.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-16-40.png b/docs/docs/install/images/2022-05-17-00-16-40.png
deleted file mode 100644
index f0af0be1..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-16-40.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-19-19.jpg b/docs/docs/install/images/2022-05-17-00-19-19.jpg
new file mode 100644
index 00000000..809a368e
Binary files /dev/null and b/docs/docs/install/images/2022-05-17-00-19-19.jpg differ
diff --git a/docs/docs/install/images/2022-05-17-00-19-19.png b/docs/docs/install/images/2022-05-17-00-19-19.png
deleted file mode 100644
index cdd49467..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-19-19.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-29-07.jpg b/docs/docs/install/images/2022-05-17-00-29-07.jpg
new file mode 100644
index 00000000..693c95cc
Binary files /dev/null and b/docs/docs/install/images/2022-05-17-00-29-07.jpg differ
diff --git a/docs/docs/install/images/2022-05-17-00-29-07.png b/docs/docs/install/images/2022-05-17-00-29-07.png
deleted file mode 100644
index e671a01e..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-29-07.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-34-12.jpg b/docs/docs/install/images/2022-05-17-00-34-12.jpg
new file mode 100644
index 00000000..98911f89
Binary files /dev/null and b/docs/docs/install/images/2022-05-17-00-34-12.jpg differ
diff --git a/docs/docs/install/images/2022-05-17-00-34-12.png b/docs/docs/install/images/2022-05-17-00-34-12.png
deleted file mode 100644
index 6838013c..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-34-12.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-34-24.jpg b/docs/docs/install/images/2022-05-17-00-34-24.jpg
new file mode 100644
index 00000000..3452b280
Binary files /dev/null and b/docs/docs/install/images/2022-05-17-00-34-24.jpg differ
diff --git a/docs/docs/install/images/2022-05-17-00-34-24.png b/docs/docs/install/images/2022-05-17-00-34-24.png
deleted file mode 100644
index 2b20030a..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-34-24.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-34-37.jpg b/docs/docs/install/images/2022-05-17-00-34-37.jpg
new file mode 100644
index 00000000..748e327f
Binary files /dev/null and b/docs/docs/install/images/2022-05-17-00-34-37.jpg differ
diff --git a/docs/docs/install/images/2022-05-17-00-34-37.png b/docs/docs/install/images/2022-05-17-00-34-37.png
deleted file mode 100644
index 94a41940..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-34-37.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-36-30.jpg b/docs/docs/install/images/2022-05-17-00-36-30.jpg
new file mode 100644
index 00000000..6b206a0f
Binary files /dev/null and b/docs/docs/install/images/2022-05-17-00-36-30.jpg differ
diff --git a/docs/docs/install/images/2022-05-17-00-36-30.png b/docs/docs/install/images/2022-05-17-00-36-30.png
deleted file mode 100644
index 0b557167..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-36-30.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-36-52.jpg b/docs/docs/install/images/2022-05-17-00-36-52.jpg
new file mode 100644
index 00000000..ab88494b
Binary files /dev/null and b/docs/docs/install/images/2022-05-17-00-36-52.jpg differ
diff --git a/docs/docs/install/images/2022-05-17-00-36-52.png b/docs/docs/install/images/2022-05-17-00-36-52.png
deleted file mode 100644
index b0250b1e..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-36-52.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-37-05.jpg b/docs/docs/install/images/2022-05-17-00-37-05.jpg
new file mode 100644
index 00000000..66246444
Binary files /dev/null and b/docs/docs/install/images/2022-05-17-00-37-05.jpg differ
diff --git a/docs/docs/install/images/2022-05-17-00-37-05.png b/docs/docs/install/images/2022-05-17-00-37-05.png
deleted file mode 100644
index 6bded651..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-37-05.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-37-21.jpg b/docs/docs/install/images/2022-05-17-00-37-21.jpg
new file mode 100644
index 00000000..5409d097
Binary files /dev/null and b/docs/docs/install/images/2022-05-17-00-37-21.jpg differ
diff --git a/docs/docs/install/images/2022-05-17-00-37-21.png b/docs/docs/install/images/2022-05-17-00-37-21.png
deleted file mode 100644
index d0d5d404..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-37-21.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-37-35.jpg b/docs/docs/install/images/2022-05-17-00-37-35.jpg
new file mode 100644
index 00000000..bb476a6b
Binary files /dev/null and b/docs/docs/install/images/2022-05-17-00-37-35.jpg differ
diff --git a/docs/docs/install/images/2022-05-17-00-37-35.png b/docs/docs/install/images/2022-05-17-00-37-35.png
deleted file mode 100644
index c696f731..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-37-35.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17-00-37-46.jpg b/docs/docs/install/images/2022-05-17-00-37-46.jpg
new file mode 100644
index 00000000..2aac2560
Binary files /dev/null and b/docs/docs/install/images/2022-05-17-00-37-46.jpg differ
diff --git a/docs/docs/install/images/2022-05-17-00-37-46.png b/docs/docs/install/images/2022-05-17-00-37-46.png
deleted file mode 100644
index c9668227..00000000
Binary files a/docs/docs/install/images/2022-05-17-00-37-46.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17_000542.jpg b/docs/docs/install/images/2022-05-17_000542.jpg
new file mode 100644
index 00000000..2b8cfa48
Binary files /dev/null and b/docs/docs/install/images/2022-05-17_000542.jpg differ
diff --git a/docs/docs/install/images/2022-05-17_000542.png b/docs/docs/install/images/2022-05-17_000542.png
deleted file mode 100644
index 1ac00c3f..00000000
Binary files a/docs/docs/install/images/2022-05-17_000542.png and /dev/null differ
diff --git a/docs/docs/install/images/2022-05-17_003521.jpg b/docs/docs/install/images/2022-05-17_003521.jpg
new file mode 100644
index 00000000..cc903d30
Binary files /dev/null and b/docs/docs/install/images/2022-05-17_003521.jpg differ
diff --git a/docs/docs/install/images/2022-05-17_003521.png b/docs/docs/install/images/2022-05-17_003521.png
deleted file mode 100644
index 0df391e9..00000000
Binary files a/docs/docs/install/images/2022-05-17_003521.png and /dev/null differ
diff --git a/docs/docs/install/index.md b/docs/docs/install/index.md
deleted file mode 100644
index 988cf099..00000000
--- a/docs/docs/install/index.md
+++ /dev/null
@@ -1,32 +0,0 @@
-# Quick Start Guide
-
-## Installation
-
-Getting started is easy. If you don't have it already, install NodeJS. Then, create an empty folder and do this:
-
-```bash
-npm install meshcentral
-node node_modules/meshcentral
-```
-
-That's it. MeshCentral will set itself up and start managing computers on your local network. By default it will be setup in LAN mode and agents you install will multicast on the local network to find the server. To setup the server so that agents use a well known DNS name and to start customizing your server, go in the "meshcentral-data" folder and edit the config.json file. The configuration file must be valid JSON, you can use this [link](https://duckduckgo.com/?va=j&t=hc&q=json+lint&ia=answer) to validate the file format.
-
-For Windows users, you can download the MeshCentral Installer that will automate installation of NodeJS and provide basic configuration of the server. This option is not recommended for advanced users.
-
-[Win32 MeshCentral Installer](https://meshcentral.com/tools/MeshCentralInstaller.exe)
-
-By default, MeshCentral will use NeDB as this is the built-in database. For more advanced users, it's recommended to switch to using MongoDB. MeshCentral can be installed on a very small server. A [Raspberry Pi](https://www.raspberrypi.org/) or [AWS t3.nano running Amazon Linux 2 instance](https://aws.amazon.com/ec2/pricing/on-demand/) for 5$ a month will do just fine for managing up to a few hundred devices.
-
-You can run the MeshCentral Server with --help to get options for background installation.
-
-## Configuration
-
-Once you get MeshCentral installed, the first user account that is created will be the server administrator. So, don't delay and navigate to the login page and create a new account. You can then start using your server right away. A lot of the fun with MeshCentral is the 100's of configuration options that are available in the config.json file. You can put your own branding on the web pages, setup a SMTP email server, SMS services and much more.
-
-You can look [here for simple config.json](https://raw.githubusercontent.com/Ylianst/MeshCentral/master/sample-config.json), [here for a more advanced configuration](https://raw.githubusercontent.com/Ylianst/MeshCentral/master/sample-config-advanced.json) and [here for all possible configuration options](https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json). You can also take a look at the [tutorial videos](https://www.youtube.com/@MeshCentral/videos) for additional help.
-
-## Video Walkthru
-
-
-
-
diff --git a/docs/docs/install/install2.md b/docs/docs/install/install2.md
deleted file mode 100644
index 39312467..00000000
--- a/docs/docs/install/install2.md
+++ /dev/null
@@ -1,1231 +0,0 @@
-# Full Install Guide
-
-## Abstract
-
-This guide is specifically intended to help users install MeshCentral from start to finish. Once installed, you can take a look at the MeshCentral userâs guide for information on how to configure MeshCentral for your specific use. In this document, we will look at installing MeshCentral on AWS Linux, Raspberry Pi and Ubuntu.
-
-## Docker
-
-
-
-```
-docker pull ghcr.io/ylianst/meshcentral:master
-```
-
-!!!warning
- Do not use the built in mesh update function. Update docker the docker way.
-
-### Docker Compose
-
-```
-version: '3'
-services:
- meshcentral:
- restart: unless-stopped # always restart the container unless you stop it
- image: ghcr.io/ylianst/meshcentral:1.1.27 # 1.1.27 is a version number OR use master for the master branch of bug fixes
- ports:
- - 80:80 # HTTP
- - 443:443 # HTTPS
- - 4433:4433 # AMT (Optional)
- volumes:
- - data:/opt/meshcentral/meshcentral-data # config.json and other important files live here
- - user_files:/opt/meshcentral/meshcentral-files # where file uploads for users live
- - backup:/opt/meshcentral/meshcentral-backups # location for the meshcentral backups - this should be mounted to an external storage
- - web:/opt/meshcentral/meshcentral-web # location for site customization files
-volumes:
- data:
- driver: local
- user_files:
- driver: local
- backup:
- driver: local
- web:
- driver: local
-```
-
-## Quick Start
-
-For some who want to skip this document entirely, there are quick install scripts that will get a MeshCentral2 instance up and running on Linux in a few minutes. These scripts will pretty much do what this document explains very rapidly. Right now, there are two such scripts available:
-
-### Amazon Linux 2
-
-For Amazon EC2 users, that want to manage 100 devices or less. Launch a t3.nano or t3.micro EC2 instance with Amazon Linux 2 with TCP ports 22 (SSH), 80 (HTTP), 443 (HTTPS) and 4433 (CIRA) open. Then login as `ec2-user` and enter the following commands:
-
-```
-wget https://meshcentral.com/scripts/mc-aws-linux2.sh
-chmod 755 mc-aws-linux2.sh
-./mc-aws-linux2.sh
-```
-
-This will download the fast install script and once run, will install nodejs, meshcentral, setup systemd and start the server. For a larger instance like a t3.small, t3.medium or larger you can run the following that does the same but also installs MongoDB.
-
-```
-wget https://meshcentral.com/scripts/mc-aws-linux2-mongo.sh
-chmod 755 mc-aws-linux2-mongo.sh
-./mc-aws-linux2-mongo.sh
-```
-
-After these scripts are run, try accessing the server using a browser. MeshCentral will take a minute or two to create certificates after that, the server will be up. The first account to be created will be the site administrator â so donât delay and create an account right away. Once running, move on to the MeshCentralâs userâs guide to configure your new server.
-
-### Microsoft Azure
-
-For 100 devices or less, launch an instance of Ubuntu 18.04 using a small B1s instance. Set the username to `default` in all lower case and open ports 22, 80, 443 and 3389 using the basic network profile. Then start the instance and run the following lines.
-
-```
-wget https://meshcentral.com/scripts/mc-azure-ubuntu1804.sh
-chmod 755 mc-azure-ubuntu1804.sh
-./mc-azure-ubuntu1804.sh
-```
-
-In this situation, port 3389 will be used to receive Intel AMT CIRA connections instead of port 4433. After these scripts are run, try accessing the server using a browser. MeshCentral will take a minute or two to create certificates after that, the server will be up. The first account to be created will be the site administrator â so donât delay and create an account right away. Once running, move on to the MeshCentralâs userâs guide to configure your new server.
-
-### Elestio
-
-You can deploy MeshCentral on Elestio using one-click deployment. Elestio handles version updates, maintenance, securtiy, backups, etc. Additionally, Elestio supports MeshCentral by providing revenue share so go ahead and click below to deploy and start using.
-
-[](https://elest.io/open-source/meshcentral)
-
-## Server Security - Adding Crowdsec
-
-MeshCentral has built-in support for a CrowdSec bouncer. This allows MeshCentral to get threat signals from the community and block or CAPTCHA requests coming from known bad IP addresses.
-
-## Video Walkthru
-
-
-
-
-
-## Windows Installation
-MeshCentral is constructed entirely with NodeJS, an asynchronous event driven JavaScript runtime (https://nodejs.org/). A basic understanding on NodeJS may be preferable but not compulsory. MeshCentral server which heavily relies on NodeJS runtime will be able run on almost any computing platform with contemporary operating systems including Windows*, Linux* and macOS*.
-
-There are two ways to get MeshCentral setup.
-
-- For Linux*, macOS*, or advanced users can use CLI based NPM tool.
-- For Windows users, you can use the MeshCentral installation tool.
-
-### Windows Installation Tool
-
-The MeshCentral installer tool for Microsoft Windows can be downloaded at or by clicking this link. This tool will automatically detect and install NodeJS if needed. NodeJS will be downloaded from checked and installed. We recommend the installer be run on a modern version of Windows (.e.g. Win8.1, Win10, Win Server 2012* or better)
-
-
-
-During installation, the installation tool will prompt for the following settings:
-
-- Multi-user Server : By enabling this option, the server will be open to any user with a web browser app. Users will be able to create accounts and start managing computers associated in their respective accounts.
-
-!!!Note
- If this option is disabled (unchecked), the server will run as a single-user server, no login screen will be presented and MeshCentral application will be limited to the server host machine only.
-
-- Auto-update Server: By enabling this option, the server will check new version releases daily and perform automatic update.
-
-!!!Note
- Update check occurs at 0000 between 0100 hours (local time). During update, the server will not be accessible until update is completed.
-
-- Server Modes, LAN, WAN or Hybrid:
-
- `LAN mode`: Recommended for small installation within a local network. Server host does not need a fixed IP address or DNS record to operate.
-
- `WAN or Hybrid modes`: Server host will require a fixed IP address or DNS record to function correctly. If selected, user will need to enter serverâs DNS name or static IP address in the `Server Name` field. This name or IP address will be used by browsers and agents to connect back to the server, this name MUST be correct or the server will not work. If you do not have a fixed name, select LAN mode to get started.
-
-Acquiring a static IP or DNS record is beyond the scope of this document. Please seek advice or consult your network administrator if unsure. If unsure, leave the settings as default (as-is) and proceed setup in LAN mode to manage computers that reside within the same network.
-
-Once installed MeshCentral will run as a background Windows Service and can be accessed using a web browser with the link provided by the installer.
-
-The installation tool can be run again to perform server update, re-installation or un-installation. When performing an update check, the tool will look at the currently installed version and compare it to the one present on NPM.
-
-
-
-By default, MeshCentral will use TCP ports 80 (HTTP), 443 (HTTPS) and 4433 (IntelÂŽ AMT CIRA). The installer will add Windows Defender Firewall rules to allow incoming connections on these ports. In addition, if the server is in LAN or Hybrid mode, an addition rule on UDP port 16990 is added to allow for server discovery.
-
-### NPM Installation for Advanced Users
-
-For advanced users or administrators, MeshCentral can be installed with NPM, a NodeJS package manager that can be accessed via web browser (https://www.npmjs.com/) or command line tool, `npm`.
-
-
-
-!!!Note
- As a prerequisite, NodeJS and NPM must be installed on host OS and HTTP/HTTPS proxy settings maybe required if server host resides behind a HTTP proxy server.
-
-1. To begin, start a command line terminal (Windows Command Prompt or Linux Terminal) and type the following to verify if nodeJS and npm has been installed correctly as shown below
- a. To check on nodeJS installed version, type `node âv` and hit `enter` key
- b. To check on npm installed version, type `npm âv` and hit `enter` key
-
-2. If MeshCentral installation is performed on a server host that resides behind a HTTP proxy, NPMâs proxy settings must be updated with respective proxy settings associated with the network environment. Skip this step if not applicable.
- ```
- .e.g. for http proxy `npm config set proxy http://proxy.com:88`
- .e.g. for https proxy `npm config set https-proxy http://proxy.com:88`
- ```
-3. Create a new directory `MeshCentral` and run the NPM install command as shown below:
-```
-mkdir meshcentral
-cd meshcentral
-npm install meshcentral
-```
-**Warning**: Do not use `sudo` in front of `npm install meshcentral`.
-4. Upon download completion, the server can be started with the commands below:
-```
-node node_modules/meshcentral [arguments]
-```
- **Warning**: Do not run MeshCentral by going into the `node_modules/meshcentral` folder as this may cause auto-install and self-update features to fail. Instead, go into the directory above `node_modules` and run `node node_modules/meshcentral`.
-
-**Note**: If MeshCentral is started without any arguments, default settings in LAN-only mode will be in effect and user/administrator will only be able to manage computers that reside within the local network.
-5. To manage computers over the internet, the server needs to have static IP settings or a DNS record that resolves back to the right server. The mesh agents will be using the mechanism to call home to MeshCentral server. For WAN or Hybrid mode, run one of the commands below
-```
-node node_modules/meshcentral --cert servername.domain.com
-node node_modules/meshcentral --cert hostname.domain.com
-node node_modules/meshcentral --cert 1.2.3.4
-```
-**Note**: On first attempt running on WAN or Hybrid Mode:
- - Certificates will be generated for the first time and this may take a few minutes to complete.
-
-!!!Note
- At this point, no user account will be created or available for the user hence 1st user account will be the most privileged user with Administrator rights
-
-- User is advised to create an `admin` account immediately by navigating to https://127.0.0.1 with a web browser.
-
-**Note**: To run MeshCentral as a service, run it using `--install` argument. Once running, start a web browser and access MeshCentral application with respective URL.
-
-### Windows Defender Firewall Settings
-
-On Windows, the built-in firewall will need to be configured to allow TCP ports 80, 443 and 4433 and sometimes UDP port 16990. The MeshCentral Windows Installer will add incoming rules for these ports automatically. If using the advanced NPM installation or when changing the default ports, it may be needed to add or edit these firewall rules. In this section we look at how to do this.
-
-To get started, we need to go in the control panel, click `System and Security` then `Windows Defender Firewall` and `Advanced Settings` on the left side then click on `Inbound rules`. This will get us on the right place to add or edit firewall rules.
-
-
-
-If the MeshCentral Windows Installer was used, the `MeshCentral Server TCP ports` and optionally `MeshCentral Server UDP ports` rules should already be present.
-
-#### Editing the existing rules
-
-To edit an existing rule, simply double click on it. To change the allowed inbound ports, go to the `Protocols and Ports` tab and change the local ports.
-
-
-
-#### Add new firewall rules
-
-To add a new firewall rule, click on the `New RuleâŚ` then select `Port` and ok. TCP or UDP and enter the specific local ports needed and ok. Then click ok twice, enter the rule name and ok again.
-
-
-
-Typically, inbound TCP ports 80, 443 and 4433 are used, but the rule can be added with different ports as needed.
-
-## Amazon Linux 2
-
-In this section, we will look at installing MeshCentral on Amazon AWS with `Amazon Linux 2`. This is a low cost instance and a free tier is available so you can experiment or run a small instance of MeshCentral and it will work perfectly fine.
-
-### Getting the AWS instance setup
-
-On AWS EC2, you can launch an instance and select `Amazon Linux 2`. In this case, itâs the first option available.
-
-
-
-When launching a new instance, you are asked to use or create a security group with the allowed inbound TCP and UDP ports. The security group should look like this:
-
-
-
-All security group rules should have a source of `0.0.0.0/0` and `::/0`. The last rule for port 8080 is only needed if migrating from a MeshCentral1 server, most people donât need it and should not be added.
-
-If you are not going to be managing Intel AMT computers, you can remove port 4433. One can also remove port 80, however itâs needed to get a Letâs Encrypt certificate and useful to route users from the HTTP to the HTTPS web page.
-
-For all the following sections, we assume that we are in the `ec2-user` home path. You can do:
-
-```
-cd ~
-```
-
-This will change the current path to the home folder.
-
-### Installing NodeJS
-
-To get started, launch an instance and start a SSH session to it. You can use SSH on Linux or Putty on Windows to login to the AWS instance.
-
-The first thing to do is get NodeJS installed on the instance. We will be installing a long term support (LTS) version of NodeJS. Additional information on how to do this can be found here. We first install the node version manager then activate it and install the NodeJS LTS. Itâs done with 3 commands:
-
-```
-curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | bash
-. ~/.nvm/nvm.sh
-nvm install --lts
-```
-
-We can test what version of NodeJS is installed using:
-
-```
-node -v
-```
-
-### Installing MongoDB
-
-If we are going to run a large instance, itâs best to use MongoDB as the database. If you are using a small instance, you can skip installing MongoDB and MeshCentral will use NeDB instead which is a light weight database that is probably great for managing less than 100 computers.
-
-If you want to use MongoDB, we can install MongoDB Community Edition. More information on how to do this can be found here.
-
-Using `nano` create the file `/etc/yum.repos.d/mongodb-org-4.0.repo`:
-
-```
-sudo nano /etc/yum.repos.d/mongodb-org-4.0.repo
-```
-
-Then, put this in it:
-
-```
-[mongodb-org-4.0]
-name=MongoDB Repository
-baseurl=https://repo.mongodb.org/yum/amazon/2/mongodb-org/4.0/x86_64/
-gpgcheck=1
-enabled=1
-gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
-```
-
-This file will setup the repository that we will be using to bet MongoDB. Once done, you can install the package using yum and get it started like this:
-
-```
-sudo yum install -y mongodb-org
-sudo service mongod start
-```
-
-To verify that MongoDB is running, you can enter the MongoDB shell like this:
-
-```
-mongo --host 127.0.0.1:27017
-```
-
-You can leave the shell using Ctrl-C. The database and log files will be create at these locations:
-
-```
-/var/log/mongodb
-/var/lib/mongo
-```
-
-This is useful to know if you want to make a backup of the database file.
-
-### Port permissions
-
-On Linux, ports below 1024 are reserved for the `root` user. This is a security feature. In our case MeshCentral will need to listen to ports 80 and 443. To allow this, we need to allow node to listen to ports below 1024 like this:
-
-```
-whereis node
-node: /home/ec2-user/.nvm/versions/node/v8.11.3/bin/node
-
-sudo setcap cap_net_bind_service=+ep /home/ec2-user/.nvm/versions/node/v8.11.3/bin/node
-```
-
-We first locate the node binary, using `whereis node`, we then use the `setcap` command to add permissions to node. Note that we take the path given by whereis and place it in the setcap command. The `setcap` command will set permissions allowing node to use ports 1024 and below. This permission may be lost when updating the Linux kernel, so this command may need to be applied again in some case.
-
-### Installing MeshCentral
-
-Itâs almost time to install MeshCentral but first, we need to know the public name of our AWS instance, you can run the following command:
-
-```
-curl http://169.254.169.254/latest/meta-data/public-hostname
-```
-
-It will return the public name of the AWS instance, for example:
-
-```
-ec2-1-2-3-4.us-west-2.compute.amazonaws.com
-```
-
-You can use this name, or if you have another registered DNS name pointing to the server instance, you can also use that now. Note that you must setup any alternative name on your own, MeshCentral will not do this for you. This name must be correct and must resolve to this AWS instance as all mesh agents will use this name to connect back to this server.
-
-Now, we can use the node package manager (NPM) to install MeshCentral.
-
-```
-npm install meshcentral
-```
-!!!warning
- Do not use `sudo` in front of `npm install meshcentral`.
-
-After that, we can run MeshCentral for the first time. We want to run in WAN-only mode since we will not be managing any computers on the same local network at this server. We also want to create a server with a certificate name that is the same at the AWS instance name. So, we will use `--wanonly` and `--cert [name]` arguments to get the server started. For example:
-
-```
-node ./node_modules/meshcentral --wanonly --cert ec2-1-2-3-4.us-west-2.compute.amazonaws.com
-
-```
-At this point, the server will create its certificates and start running.
-```
-
-MeshCentral HTTP redirection web server running on port 80.
-Generating certificates, may take a few minutes...
-Generating root certificate...
-Generating HTTPS certificate...
-Generating MeshAgent certificate...
-Generating Intel AMT MPS certificate...
-Generating Intel AMT console certificate...
-MeshCentral Intel(R) AMT server running on ec2-54-245-141-130.us-west-2.compute.amazonaws.com:4433.
-MeshCentral HTTPS web server running on ec2-54-245-141-130.us-west-2.compute.amazonaws.com:443.
-Server has no users, next new account will be site administrator.
-```
-
-You can now open a browser to the name of the server, for example:
-
-```
-https://ec2-1-2-3-4.us-west-2.compute.amazonaws.com
-```
-
-You will see the server working as expected. You will get a certificate error since the server is used an untrusted certificate for now. Just ignore the error and see the MeshCentral Userâs Guide to fix this.
-
-
-At this point, the server is usable but, there are two things that may still need to be done. First, if we opted to use MongoDB, we have to configure MeshCentral to use a MongoDB database. By default, NeDB will be used which should only be used for small deployments managing less than 100 computers. We also need to automatically start the server when the AWS instance starts.
-
-To continue, stop the MeshCentral server with CTRL-C.
-
-### Configuring for MongoDB
-
-By default, MeshCentral uses NeDB with a database file located in ~/meshcentral-data/meshcentral.db. This is great for small servers, but if we opted to install MongoDB, letâs make use of it. We need to edit the config.json file located in the meshcentral-data folder.
-
-```
-nano ~/meshcentral-data/config.json
-```
-
-Then, make the start of the file look like this:
-
-```json
-{
- "settings": {
- "MongoDb": "mongodb://127.0.0.1:27017/meshcentral",
- "WANonly": true,
- "_Port": 443,
- "_RedirPort": 80,
- "_AllowLoginToken": true,
- "_AllowFraming": true,
- "_WebRTC": false,
- "_ClickOnce": false,
- "_UserAllowedIP" : "127.0.0.1,::1,192.168.0.100"
- },
-âŚ
-}
-```
-
-If you start with the default config.json created by MeshCentral, you will need to remove some `_` characters in front of settings, mongodb and wanonly. You can also add a `_` to other values.
-
-You can then same the same and run MeshCentral again. This time, you donât need to specify the certificate name or `--wanonly`. You just need to run it like this:
-
-```
-node ./node_modules/meshcentral
-```
-
-The server should now run correctly and use MongoDB. You can even delete the file `~/meshcentral-data/meshcentral.db` as itâs not going to be used anymore. You can check that it runs correctly by browsing to the serverâs address again and creating a new account. The first account that is created will be administrator for the server, so donât delay and create the first account right away.
-
-Once you are done, we can stop the server again using CTRL-C and in the next sections, we will look at starting the server in the background.
-
-### Manually starting the server
-
-We can manually start and stop the MeshCentral server in the background in different ways. In this section, we are going to create two commands `mcstart` and `mcstop` to take care of this. Type this to create the two commands:
-
-```
-echo "node ./node_modules/meshcentral > stdout.txt 2> stderr.txt &" > mcstart
-chmod 755 mcstart
-
-echo "pkill âf node_modules/meshcentral" > mcstop
-chmod 755 mcstop
-```
-
-You can now run the `./mcstart` command to launch the server in the background and stop it using the `./mcstop` to stop it. This should work pretty well, but if the AWS instance is ever stopped and started again, the server will not automatically launch.
-
-### Automatically starting the server
-
-Since Amazon Linux 2 supports systemd, we are going to use that to auto-start MeshCentral in the background. First, we need to know our own username and group. If we do `ls -l` in our home folder we get for example:
-
-```
-drwxr-xr-x 2 default default 4096 Jul 20 00:03 Desktop
-drwxr-xr-x 2 default default 4096 Jul 20 00:03 Documents
-drwxr-xr-x 2 default default 4096 Jul 20 00:03 Downloads
-âŚ
-```
-
-Note the username and group name, in this example itâs `default` for both. We need this information to create the system service description file. To create this file type:
-
-```
-sudo pico /etc/systemd/system/meshcentral.service
-```
-
-Then enter the following lines:
-
-```
-[Unit]
-Description=MeshCentral Server
-
-[Service]
-Type=simple
-LimitNOFILE=1000000
-ExecStart=/usr/bin/node /home/default/node_modules/meshcentral
-WorkingDirectory=/home/default
-Environment=NODE_ENV=production
-User=default
-Group=default
-Restart=always
-# Restart service after 10 seconds if node service crashes
-
-RestartSec=10
-# Set port permissions capability
-AmbientCapabilities=cap_net_bind_service
-
-[Install]
-WantedBy=multi-user.target
-```
-
-Note that the user and group values have to be set correctly for your specific situation. Also, the ExecStart and WorkingDirectory lines includes the path to the userâs home folder which includes the username in it. Make sure that is set correctly.
-
-Once this is done, you can now start, enable, stop and disable using the following commands:
-
-```
-sudo systemctl enable meshcentral.service
-sudo systemctl start meshcentral.service
-sudo systemctl stop meshcentral.service
-sudo systemctl disable meshcentral.service
-```
-
-Type in the first two commands to start and enable the service. Enabling the service will make it automatically start when the computer restarts.
-
-Once the server is launched, you can access it using a web browser as before. From this point on, refer to the MeshCentral Userâs Guide for information on how to configure and use MeshCentral.
-
-## Raspberry Pi
-
-In this section, we will look at installing MeshCentral on the famous Raspberry Pi. This computerâs low price makes it a perfect always-on system for managing computers on a home or small business network. This installation will work on any version of the Raspberry Pi, but version 3 certainly much faster.
-
-
-
-For this installation, we are going to use the Raspbian operating system. You can use the NOOBS version to install this operating system on your Raspberry Pi and install Raspbian. For best performance you can use the `Raspbian Stretch Lite` image which is much smaller and does not have the X desktop interface. To keep things even smaller, we are not going to be installing MongoDB, instead we are just going to be using NeBD as a database that comes by default with MeshCentral.
-
-### Installing NodeJS
-
-Start by opening a terminal. For all of the installation, we will assume we are the default `pi` user and we are in the home (~) folder. Letâs get started by installing NodeJS.
-
-```
-sudo apt-get update
-sudo apt-get dist-upgrade
-curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash
-sudo apt-get -y install nodejs
-```
-
-We can now check what version of Node was installed by typing:
-
-```
-node -v
-```
-
-If all goes well, we can now move on to port permissions and installing MeshCentral itself.
-
-### Port permissions
-
-On Linux, ports below 1024 are reserved for the `root` user. This is a security feature. In our case MeshCentral will need to listen to ports 80 and 443. To allow this, we need to allow node to listen to ports below 1024 like this:
-
-```
-whereis node
-node: /usr/bin/node /usr/include/node /usr/share/man/man1/node.1.gz
-
-sudo setcap cap_net_bind_service=+ep /usr/bin/node
-```
-
-We first locate the node binary, using `whereis node`, we then use the `setcap` command to add permissions to node. Note that we take the path given by whereis and place it in the setcap command. The `setcap` command will set permissions allowing node to use ports 1024 and below. This permission may be lost when updating the Linux kernel, so this command may need to be applied again in some case.
-
-
-### Installing MeshCentral
-
-Now, we can use the Node Package Manager (NPM) to install MeshCentral.
-
-```
-npm install meshcentral
-```
-
-!!!warning
- Do not use `sudo` in front of `npm install meshcentral`.
-
-After that, we can run MeshCentral for the first time. We want to run in WAN-only mode since we will not be managing any computers on the same local network at this server. We also want to create a server with a certificate name that is the same at the AWS instance name. So, we will use `--wanonly` and `--cert [name]` arguments to get the server started. For example:
-
-```
-node node_modules/meshcentral --lanonly --fastcert
-```
-
-At this point, the server will create its certificates and start running.
-
-```
-MeshCentral HTTP redirection web server running on port 80.
-Generating certificates, may take a few minutes...
-Generating root certificate...
-Generating HTTPS certificate...
-Generating MeshAgent certificate...
-Generating Intel AMT MPS certificate...
-Generating Intel AMT console certificate...
-Server name not configured, running in LAN-only mode.
-MeshCentral HTTPS web server running on port 443.
-Server has no users, next new account will be site administrator.
-```
-
-The next step is to get the IP address of the Raspberry Pi. Use `ipconfig`:
-
-```
-eth0: flags=4163 mtu 1500
- inet 192.168.2.162 netmask 255.255.255.0 broadcast 192.168.2.255
- inet6 fe80::8841:34b7:685:14a7 prefixlen 64 scopeid 0x20
- ether b8:27:eb:01:13:3f txqueuelen 1000 (Ethernet)
- RX packets 58325 bytes 72302196 (68.9 MiB)
- RX errors 0 dropped 271 overruns 0 frame 0
- TX packets 28457 bytes 3576126 (3.4 MiB)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
-```
-
-You can now open a browser to the name of the server, for example:
-
-```
-https://192.168.2.162
-```
-
-You will see the server working as expected. You will get a certificate error since the server is used an untrusted certificate for now. Just ignore the error and see the MeshCentral Userâs Guide to fix this.
-
-
-
-### Configuring for LAN-only mode
-
-By default, MeshCentral will assume that you are managing devices both on a local network and on the internet. In the case of this Raspberry Pi installation, we only want to manage device on the local network and so, we can configure MeshCentral to do this. It will adapt the server for this usages. To do this, edit the config.json file:
-
-```
-pico ~/meshcentral-data/config.json
-```
-
-Then, make the start of the file look like this:
-
-```json
-{
- "settings": {
- "LANonly": true,
- "FastCert": true,
- "_Port": 443,
- "_RedirPort": 80,
- "_AllowLoginToken": true,
- "_AllowFraming": true,
- "_WebRTC": false,
- "_ClickOnce": false,
- "_UserAllowedIP" : "127.0.0.1,::1,192.168.0.100"
- },
-âŚ
-}
-```
-
-While we are at it, we can put `FastCert` to true so that RSA2048 certificates are created instead of RSA3072. This is less secure but runs much faster on small processors like the Raspberry Pi. This is the same as specifying `--fastcert" in the prior section.
-
-### Manually starting the server
-
-We can manually start and stop the MeshCentral server in the background in different ways. In this section, we are going to create two commands `mcstart` and `mcstop` to take care of this. Type this to create the two commands:
-
-```
-echo "node ./node_modules/meshcentral > stdout.txt 2> stderr.txt &" > mcstart
-chmod 755 mcstart
-
-echo "pkill -f node_modules/meshcentral" > mcstop
-chmod 755 mcstop
-```
-
-You can now run the `./mcstart` command to launch the server in the background and stop it using the `./mcstop` to stop it. This should work pretty well, but if the AWS instance is ever stopped and started again, the server will not automatically launch.
-
-### Automatically starting the server
-
-Since Raspbian OS supports systemd, we are going to use that to auto-start MeshCentral in the background. First, we need to know our own username and group. If we do `ls -l` in our home folder we
-
-```
-drwxr-xr-x 2 pi pi 4096 Jul 19 21:23 Desktop
-drwxr-xr-x 2 pi pi 4096 Jun 26 18:23 Documents
-drwxr-xr-x 2 pi pi 4096 Jun 26 18:23 Downloads
-âŚ
-```
-
-Note the username and group name, in this example itâs `pi` for both. We need this information to create the system service description file. To create this file type:
-
-```
-sudo nano /etc/systemd/system/meshcentral.service
-
-```
-Then enter the following lines:
-
-```
-[Unit]
-Description=MeshCentral Server
-
-[Service]
-Type=simple
-LimitNOFILE=1000000
-ExecStart=/usr/bin/node /home/pi/node_modules/meshcentral
-WorkingDirectory=/home/pi
-Environment=NODE_ENV=production
-User=pi
-Group=pi
-Restart=always
-# Restart service after 10 seconds if node service crashes
-RestartSec=10
-# Set port permissions capability
-AmbientCapabilities=cap_net_bind_service
-
-[Install]
-WantedBy=multi-user.target
-```
-
-Note that the user and group values have to be set correctly for your specific situation. Also, the ExecStart and WorkingDirectory lines includes the path to the userâs home folder which includes the username in it. Make sure that is set correctly.
-
-Once this is done, you can now enable, start, stop and disable using the following commands:
-
-```
-sudo systemctl enable meshcentral.service
-sudo systemctl start meshcentral.service
-sudo systemctl stop meshcentral.service
-sudo systemctl disable meshcentral.service
-```
-
-Type in the first two commands to start and enable the service. Enabling the service will make it automatically start when the computer restarts.
-
-Once the server is launched, you can access it using a web browser as before. From this point on, refer to the MeshCentral Userâs Guide for information on how to configure and use MeshCentral.
-
-## Ubuntu 18.04
-
-In this section, we will look at installing MeshCentral on Ubuntu 18.04 LTS. This is a long term support of Ubuntu freely available for download at . Both the desktop and server versions of Ubuntu will work. If this is a remote server and the desktop will not be needed, the server version of Ubuntu can be used. This section will describe a way to install MeshCentral in a userâs home folder, however there is a more secure way to do it, see `Increased Security Installation` at the end of this section.
-
-In all cases, MeshCentral must not be installed as root user. Itâs not secure and the instructions below will not work correctly.
-
-### Installing NodeJS
-
-The first thing to do is get NodeJS installed on the computer. We first install the node version manager then activate it and install the NodeJS LTS. Itâs done with 4 commands:
-
-```
-sudo add-apt-repository universe
-sudo apt update
-sudo apt install nodejs -y
-sudo apt install npm -y
-```
-
-We can test what version of Node and NPM are installed using:
-
-```
-node âv
-npm -v
-```
-
-### Installing MongoDB
-
-If we are going to run a large instance, itâs best to use MongoDB as the database. If you are using a small instance, you can skip installing MongoDB and MeshCentral will use NeDB instead which is a light weight database that is probably great for managing less than 100 computers.
-
-If you want to use MongoDB, we can install MongoDB Community Edition. More information on how to do this for Ubuntu can be found here.
-
-You can install the package using apt and get it started like this:
-
-```
-sudo apt install mongodb -y
-```
-
-Then start the Mongodb service in the background and enable it for auto-restart.
-
-```
-sudo systemctl start mongodb
-sudo systemctl enable mongodb
-```
-
-To verify that MongoDB is running, you can enter the MongoDB shell like this:
-
-```
-mongo --host 127.0.0.1:27017
-```
-
-You can leave the shell using Ctrl-C. The database and log files will be create at these locations:
-
-```
-/var/log/mongodb
-/var/lib/mongo
-```
-
-This is useful to know if you want to make a backup of the database file.
-
-### Port permissions
-
-On Linux, ports below 1024 are reserved for the `root` user. This is a security feature. In our case MeshCentral will need to listen to ports 80 and 443. To allow this, we need to allow node to listen to ports below 1024 like this:
-
-```
-whereis node
-node: /usr/bin/node /usr/include/node /usr/share/man/man1/node.1.gz
-
-sudo setcap cap_net_bind_service=+ep /usr/bin/node
-```
-
-We first locate the node binary, using `whereis node`, we then use the `setcap` command to add permissions to node. Note that we take the path given by whereis and place it in the setcap command. The `setcap` command will set permissions allowing node to use ports 1024 and below. This permission may be lost when updating the Linux kernel, so this command may need to be applied again in some case.
-
-### Installing MeshCentral
-
-Now, we can use the node package manager (NPM) to install MeshCentral.
-
-```
-npm install meshcentral
-```
-
-!!!warning
- Do not use `sudo` in front of `npm install meshcentral`.
-
-After that, we can run MeshCentral for the first time. For example:
-
-```
-node ./node_modules/meshcentral
-```
-
-If the computer has a well-known DNS name that users and agents will use to connect to this server, run MeshCentral like this:
-
-```
-node ./node_modules/meshcentral --cert example.servername.com
-```
-
-At this point, the server will create its certificates and start running.
-
-```
-MeshCentral HTTP redirection web server running on port 80.
-Generating certificates, may take a few minutes...
-Generating root certificate...
-Generating HTTPS certificate...
-Generating MeshAgent certificate...
-Generating Intel AMT MPS certificate...
-Generating Intel AMT console certificate...
-MeshCentral Intel(R) AMT server running on ec2-54-245-141-130.us-west-2.compute.amazonaws.com:4433.
-MeshCentral HTTPS web server running on ec2-54-245-141-130.us-west-2.compute.amazonaws.com:443.
-Server has no users, next new account will be site administrator.
-```
-
-You can now open a browser and try the server. If you can on the same computer, you navigate to this URL:
-
-```
-http://localhost
-```
-
-If installing on a server that does not have a desktop GUI, use a different computer and enter http:// followed by the IP address or name of the server you installed.
-
-You should see the server working as expected. You will get a certificate error since the server is used an untrusted certificate for now. Just ignore the error and see the MeshCentral Userâs Guide to fix this.
-
-
-
-At this point, the server is usable but, there are two things that may still need to be done. First, if we opted to use MongoDB, we have to configure MeshCentral to use a MongoDB database. By default, NeDB will be used which should only be used for small deployments managing less than 100 computers. We also need to automatically start the server when the computer starts.
-
-To continue, stop the MeshCentral server with CTRL-C.
-
-### Configuring for MongoDB
-
-By default, MeshCentral uses NeDB with a database file located in ~/meshcentral-data/meshcentral.db. This is great for small servers, but if we opted to install MongoDB, letâs make use of it. We need to edit the config.json file located in the meshcentral-data folder.
-
-```
-pico ~/meshcentral-data/config.json
-```
-
-Then, make the start of the file look like this:
-
-```json
-{
- "settings": {
- "MongoDb": "mongodb://127.0.0.1:27017/meshcentral",
- "WANonly": true,
- "_Port": 443,
- "_RedirPort": 80,
- "_AllowLoginToken": true,
- "_AllowFraming": true,
- "_WebRTC": false,
- "_ClickOnce": false,
- "_UserAllowedIP" : "127.0.0.1,::1,192.168.0.100"
- },
-âŚ
-}
-```
-
-If you start with the default config.json created by MeshCentral, you will need to remove some `_` characters in front of settings, mongodb and wanonly. You can also add a `_` to other values. For details on all of the config.json options, including the `WANonly` option, refer to the MeshCentral Userâs Guide.
-
-You can then save the config.json file and run MeshCentral again. This time, you donât need to specify the certificate name. You just need to run it like this:
-
-```
-node ./node_modules/meshcentral
-```
-
-The server should now run correctly and use MongoDB. You can even delete the file ~/meshcentral-data/meshcentral.db as itâs not going to be used anymore. You can check that it runs correctly by browsing to the serverâs address again and creating a new account. The first account that is created will be administrator for the server, so donât delay and create the first account right away.
-
-Once you are done, we can stop the server again using CTRL-C and in the next sections, we will look at starting the server in the background.
-
-### Manually starting the server
-
-We can manually start and stop the MeshCentral server in the background in different ways. In this section, we are going to create two commands `mcstart` and `mcstop` to take care of this. Type this to create the two commands:
-
-```
-echo "node ./node_modules/meshcentral > stdout.txt 2> stderr.txt &" > mcstart
-chmod 755 mcstart
-
-echo "pkill âf node_modules/meshcentral" > mcstop
-chmod 755 mcstop
-```
-
-You can now run the `./mcstart` command to launch the server in the background and stop it using the `./mcstop` to stop it. This should work pretty well, but if the AWS instance is ever stopped and started again, the server will not automatically launch.
-
-### Automatically starting the server
-
-Since Ubuntu 18.04 supports systemd, we are going to use that to auto-start MeshCentral in the background. First, we need to know our own username and group. If we do `ls -l` in our home folder we get for example:
-
-```
-drwxr-xr-x 2 default default 4096 Jul 20 00:03 Desktop
-drwxr-xr-x 2 default default 4096 Jul 20 00:03 Documents
-drwxr-xr-x 2 default default 4096 Jul 20 00:03 Downloads
-âŚ
-```
-
-Note the username and group name, in this example itâs `default` for both. We need this information to create the system service description file. To create this file type:
-
-```
-sudo pico /etc/systemd/system/meshcentral.service
-```
-
-Then enter the following lines:
-
-```
-[Unit]
-Description=MeshCentral Server
-
-[Service]
-Type=simple
-LimitNOFILE=1000000
-ExecStart=/usr/bin/node /home/default/node_modules/meshcentral
-WorkingDirectory=/home/default
-Environment=NODE_ENV=production
-User=default
-Group=default
-Restart=always
-# Restart service after 10 seconds if node service crashes
-RestartSec=10
-# Set port permissions capability
-AmbientCapabilities=cap_net_bind_service
-
-[Install]
-WantedBy=multi-user.target
-```
-
-Note that the user and group values have to be set correctly for your specific situation. Also, the ExecStart and WorkingDirectory lines includes the path to the userâs home folder which includes the username in it. Make sure that is set correctly. Lastly the path to node may need to be changed. Type `whereis node` to find the correct path.
-
-Once this is done, you can now start, enable, stop and disable using the following commands:
-
-```
-sudo systemctl enable meshcentral.service
-sudo systemctl start meshcentral.service
-sudo systemctl stop meshcentral.service
-sudo systemctl disable meshcentral.service
-```
-
-Type in the first two commands to start and enable the service. Enabling the service will make it automatically start when the computer restarts.
-
-Once the server is launched, you can access it using a web browser as before. From this point on, refer to the MeshCentral Userâs Guide for information on how to configure and use MeshCentral.
-
-### Increased Security Installation
-
-On Debian based Linux distributions like Ubuntu, a better and more secure way to install MeshCentral is to have it run within a user account this restricted privileges. When installed like this, the self-update capability of MeshCentral will not work. Instead of installing MeshCentral in the userâs home folder, we install it in /opt/meshcentral and we create a meshcentral user that does not have rights to login or change any of the MeshCentral files. To do this, start by creating a new user called `meshcentral`
-
-```
-sudo useradd -r -d /opt/meshcentral -s /sbin/nologin meshcentral
-```
-
-We can then create the installation folder, install and change permissions of the files so that the `meshcentral` account gets read-only access to the files.
-
-```
-sudo mkdir /opt/meshcentral
-cd /opt/meshcentral
-sudo npm install meshcentral
-sudo -u meshcentral node ./node_modules/meshcentral
-```
-
-The last line will run MeshCentral manually and allow it to install any missing modules and create the MeshCentral data folders. Once itâs running, press CTRL-C and continue. The following two lines will change the ownership of files to the meshcentral user and restrict access to the files.
-
-```
-sudo chown -R meshcentral:meshcentral /opt/meshcentral
-sudo chmod -R 755 /opt/meshcentral/meshcentral-*
-```
-
-To make this work, you will need to make MeshCentral work with MongoDB because the /meshcentral-data folder will be read-only. In addition, MeshCentral will not be able to update itself since the account does not have write access to the /node_modules files, so the update will have to be manual. First used systemctl to stop the MeshCentral server process, than use this:
-
-```
-cd /opt/meshcentral
-sudo npm install meshcentral
-sudo -u meshcentral node ./node_modules/meshcentral
-sudo chown -R meshcentral:meshcentral /opt/meshcentral
-```
-
-This will perform the update to the latest server on NPM and re-set the permissions so that the meshcentral user account has read-only access again. You can then use systemctl to make the server run again.
-
-MeshCentral allows users to upload and download files stores in the serverâs `meshcentral-files` folder. In an increased security setup, we still want the server to be able to read and write files to this folder and we can allow this with:
-
-```
-sudo chmod -R 755 /opt/meshcentral/meshcentral-files
-```
-
-If you plan on using the increased security installation along with MeshCentral built-in Letâs Encrypt support you will need to type the following commands to make the `letsencrypt` folder in `meshcentral-data` writable.
-
-```
-sudo mkdir /opt/meshcentral/meshcentral-data
-sudo mkdir /opt/meshcentral/meshcentral-data/letsencrypt
-sudo chmod -R 755 /opt/meshcentral/meshcentral-data/letsencrypt
-```
-
-This will allow the server to get and periodically update its Letâs Encrypt certificate. If this is not done, the server will generate an `ACCES: permission denied` exception.
-
-### Restore backup in Ubuntu
-
-- Stop Meshcentral service `sudo systemctl stop meshcentral.service`
-- In your old server, get your backup : meshcentral-data folder, and mongodump-xxxx.archive
-- In the new server, replace the actual meshcentral-data with your backup (it will handle your LestEncrypt cert also)
-- Restore mongodb : mongorestore --archive=mongodump-xxxx.archive
-- Restart meshcentral.service `sudo systemctl start meshcentral.service`
-
-## Microsoft Azure
-
-In this section, we will look installing MeshCentral on Microsoft Azure. Microsoft Azure offers many operating system options and we will be selecting `Ubuntu Server` as our choice. From the Azure portal, we select `Virtual machines` on the left and `Add`.
-
-
-
-Once you click on Ubuntu Server, you will see a list of available versions. In this example, we selected Ubuntu 18.04 LTS (Long Term Support). We then have to create an instance name and a way to authenticate to the instance.
-
-
-
-Next is the type of instance to launch. Any instance will do including the `B1s` which is the smallest possible instance. Of course, as you manage more computers, using an instance that is a bit more powerful is a good idea.
-
-
-
-After selecting the instance type, you can configure storage. 30 gigabytes is plenty. Then the Network Security Group. This is where itâs important to open at least TCP ports 22, 80 and 443.
-
-
-
-Optionally if you wish to use the instance with Intel AMT, open port 4433. In addition port 8080 must be open if you are migrating from MeshCentral1 (not typical).
-
-Lastly we launch the instance, it will take a few minutes to setup.
-
-
-
-You can then find the public IP address and use a SSH client like PUTTY on Windows to connect to the instance and start getting MeshCentral setup. From this point on, just use the Ubuntu section above to complete the installation.
-
-## Google Cloud
-
-In this section, we will look installing MeshCentral on Google Cloud. You can sign up easily at https://cloud.google.com/ and you can run a small instance for less than 5$ a month.
-
-
-
-Once you have create an account, you can go to the main console and on the left side, go to `Compute Engine` and create a new VM instance. For our demonstration, we are going to create the smallest instance possible which is a single shared CPU and only 0.6 gigs of RAM.
-
-
-
-We select the proper settings and select `Ubuntu 18.04 LTS Minimal` as the boot operating system. This is convenient as we already covered how to install MeshCentral on this operating system.
-
-
-
-Make sure to allow HTTP and HTTPS traffic. Setup like this, we will not be able to manage Intel AMT unless we also open TCP port 4433. Once done with all these options, we can launch the VM instance.
-
-
-
-The new instance will take a few minutes to start up. An interesting feature of Google Cloud is that you can access the VM instance shell directly from the web browser. No need for a separate SSH client. This is exactly what we need and we opt to go ahead and option the web console.
-
-
-
-If will log you in automatically, no additional credentials needed. We can then follow the `Ubuntu 18.04 LTS` section above to complete the installation. If you opt for a very small instance, itâs probably a good idea to skip installing MongoDB. Just to get started quickly, we can use the following commands:
-
-```
-sudo apt update
-sudo apt install nodejs -y
-sudo apt install npm -y
-sudo setcap cap_net_bind_service=+ep /usr/bin/node
-npm install meshcentral
-node ./node_modules/meshcentral --fastcert âwanonly --cert 35.227.45.84
-```
-
-!!!warning
- Do not use `sudo` in front of `npm install meshcentral`.
-
-This will install node and npm. Will allow non-root access to ports 80 and 443 and install and start MeshCentral. Because this example uses a very small server instance, we opted to use the `fastcert` option to create RSA 2048 certificates (the default is RSA 3072 which is more secure).
-
-We use the `wantonly` option because MeshCentral will not be managing computers on a local network, and for this demonstration just used the external IP address of the instance as the server name.
-
-If you plan on using an instance without the Intel AMT CIRA port being open (TCP 4433), itâs recommended to add `--mpsport 0` so to inform MeshCentral that this port is not open and to not offer Intel AMT CIRA features.
-
-Of course, this set of commands is just to get the server started quickly. Follow the Ubuntu 18.04 instructions to setup the server to automatically start using system.
-
-## Ubuntu 16.04
-
-In this section, we will look at installing MeshCentral on Ubuntu 16.04 LTS. This is the same installation at Ubuntu 18.04 LTS, however you need to install NodeJS in a special way. If you use `apt install node`, you will get an older version 4.x of NodeJS that will not work with MeshCentral.
-
-### Installing NodeJS
-
-The first thing to do is get NodeJS installed on the computer. We first install the node version manager then activate it and install the NodeJS LTS. Itâs done with 3 commands:
-
-```
-cd ~
-wget https://deb.nodesource.com/setup_8.x
-sudo bash setup_8.x
-sudo apt-get ây install nodejs
-```
-
-We can test what version of Node and NPM are installed using:
-
-```
-node âv
-npm -v
-```
-
-You should see Node version 8 and NPM version 5. At this point, you can continue installing MeshCentral using the Ubuntu 18.04 installation instructions.
-
-## OpenBSD 6.4
-
-In this section, we will look at installing MeshCentral on OpenBSD 6.4. This section was originally written by Daulton and placed here with this permission. The original instructions are located at: https://daulton.ca/meshcentral-server-on-openbsd/. The section will setup MeshCentral on non-standard ports HTTPS/3000 and HTTP/3001. Thank you to Daulton for his contribution.
-
-### Installing MongoDB
-
-Install the Mongodb package.
-
-```
-pkg_add mongodb
-```
-
-Start and enable Mongodb at boot.
-
-```
-rcctl start mongod
-rcctl enable mongod
-```
-
-Temporary remount /usr with wxallowed while we compile the port. For Cloud VPS they usually only have a root partition instead of how OpenBSD splits it up by default, you will need to edit /etc/fstab and add wxallowed to the options for the root partition and then reboot. Assure to remove this from the fstab options after you are done.
-
-```
-mount -r -o wxallowed /usr/
-```
-
-### Installing NodeJS
-
-Install NodeJS from ports as it is not available by a package.
-
-```
-$ cd /tmp
-$ ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/{ports.tar.gz,SHA256.sig}
-# cd /usr
-# tar xzf /tmp/ports.tar.gz
-# cd /usr/ports/lang/node
-# make install
-# make clean
-```
-
-### Installing MeshCentral
-
-Create the MeshCentral user. The parameters used here are important as we will not let this user login, it has no home directory, and its class is set to daemon. In line with the OpenBSD daemon user naming scheme, we preface the username with an underscore `_` to make it easily identifiable as a daemon user.
-
-```
-useradd -s /sbin/nologin -d /nonexistent -L daemon -u 446 _meshcentral
-```
-
-Letâs install MeshCentral and adjust the permissions.
-
-```
-mkdir -p /usr/local/meshcentral
-cd /usr/local/meshcentral
-npm install meshcentral
-chown -R _meshcentral:_meshcentral /usr/local/meshcentral
-```
-
-Configuring for MongoDB and adjusting some other settings such as the network port. Open up the following config in an editor then, make the start of the file look like below. If the setting does not exist yet, just add it below one of the ones we are adjusting in the main settings block.
-
-If you start with the default config.json created by MeshCentral, you will need to remove some underscore character in front of settings to enable the setting, such as mongodb and wanonly. You can also add an underscore to other values. For details on all of the config.json options, including the `WANonly` option, refer to the MeshCentral Userâs Guide.
-
-Before you can edit the configuration, start the Meshcentral briefly so it generates the default configurations and certificates. Once you see that it says "MeshCentral HTTPS server running...", Ctrl-C to exit then edit the configuration file next.
-
-```
-cd /usr/local/meshcentral/node_modules/meshcentral/ && doas -u _meshcentral /usr/local/bin/node /usr/local/meshcentral/node_modules/meshcentral/meshcentral.js --launch
-```
-
-Edit the MeshCentral config.json. For example using vi:
-
-```
-vi /usr/local/meshcentral/meshcentral-data/config.json
-```
-
-In the settings section, set the following key value pairs:
-
-```json
-{
-"settings": {
-"Cert": "meshcentral.example.com",
-"MongoDb": "mongodb://127.0.0.1:27017/meshcentral",
-"WANonly": true,
-"Port": 3000,
-"ExactPorts": true,
-"RedirPort": 3001,
-"allowLoginToken": true,
-"allowFraming": true,
-"NewAccounts": 0,
-},
-âŚ
-}
-```
-
-Add the following to the root crontab to start MeshCentral at boot. Edit the root crontab by doing the following command as root: crontab -e
-
-```
-@reboot cd /usr/local/meshcentral/node_modules/meshcentral/ && doas -u _meshcentral /usr/local/bin/node /usr/local/meshcentral/node_modules/meshcentral/meshcentral.js --launch
-```
-
-As root launch Meshcentral while it installs mongojs, once that finishes and Meshcentral launches close it by doing Ctrl-C. Adjust the permissions again as we ran Meshcentral and it generated new files we need to change the ownership of.
-
-/usr/local/bin/node /usr/local/meshcentral/node_modules/meshcentral
-```
-chown -R _meshcentral:_meshcentral /usr/local/meshcentral
-```
-
-!!!Warning
- Do not keep this running or use this command in the future to start the Meshcentral server as it starts the server as root!
-
-This is a reference /etc/pf.conf for you to keep your server secure. Add any locally connected networks which should have access and any public IP address of a network which will have client PCs connect from to target_whitelist table. Add your own home and/or business IP to my_own_IPs table.
-
-```
-ext_if = vio0
-set reassemble yes
-set block-policy return
-set loginterface egress
-set ruleset-optimization basic
-set skip on lo
-
-icmp_types = "{ 0, 8, 3, 4, 11, 30 }"
-
-table const { 45.63.15.84, 10.18.5.0/24 }
-table const { 45.63.15.84 }
-table
-
-match in all scrub (no-df max-mss 1440)
-match out all scrub (no-df max-mss 1440)
-
-block in quick log from urpf-failed label uRPF
-block quick log from
-
-block in from no-route to any
-block in from urpf-failed to any
-block in quick on $ext_if from any to 255.255.255.255
-block in log quick on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32 } to any antispoof for $ext_if
-block log all
-
-pass in quick inet proto icmp icmp-type $icmp_types
-pass in quick inet6 proto icmp6
-
-pass in quick proto tcp from \
-to (egress) port { 22 } \
-flags S/SA modulate state \
-(max-src-conn 5, max-src-conn-rate 5/5, overload flush global)
-
-pass in quick inet proto tcp from to port 3000
-pass in quick inet6 proto tcp from to port 3000
-
-block in quick log on egress all
-
-pass out quick on egress proto tcp from any to any modulate state
-pass out quick on egress proto udp from any to any keep state
-pass out quick on egress proto icmp from any to any keep state
-pass out quick on egress proto icmp6 from any to any keep state
-```
-
-After saving the configuration in /etc/pf.conf, reload the pf rules with:
-
-```
-pfctl -f /etc/pf.conf
-
-```
-
-To save rebooting and have MeshCentral launch then, launch it so you can begin using it. This time it is running as _meshcentral, now it is safe to keep running and you can use this command in the future.
-
-```
-cd /usr/local/meshcentral/node_modules/meshcentral/ && doas -u _meshcentral /usr/local/bin/node /usr/local/meshcentral/node_modules/meshcentral/meshcentral.js --launch
-```
-
-You can now access MeshCentral at https://youraddress:3000 or https://meshcentral.example.com:3000 if you named the machine meshcentral or create an A record named meshcentral. The first user you create will be the Administrator, there is no default user.
diff --git a/docs/docs/install/quickstart.md b/docs/docs/install/quickstart.md
new file mode 100644
index 00000000..0f9429ce
--- /dev/null
+++ b/docs/docs/install/quickstart.md
@@ -0,0 +1,88 @@
+## đ Quick Start Guide: Basic NPM Installation
+
+MeshCentral is platform-agnostic, running almost anywhere thanks to being primarily written in JavaScript. This guide covers the simplest way to get started using **NPM**.
+
+### đ ď¸ Basic Setup
+
+The only prerequisites are **Node.js** and **npm**.
+
+-----
+
+#### 1\. Install Node.js
+
+ * **Linux:** Find installation instructions for your distribution [here](https://nodejs.org/en/download/package-manager/all).
+ * **Windows:** Download the installer from the official site [here](https://nodejs.org/en).
+
+> đŞ **Windows Users:** If you prefer an automated setup, you can skip the manual installation and download the **Windows MeshCentral Installer**. However, this is **not recommended for advanced users**.
+> [Download Windows MeshCentral Installer](https://meshcentral.com/tools/MeshCentralInstaller.exe)
+
+-----
+
+#### 2\. Install and Start MeshCentral
+
+Create a dedicated directory (e.g., `/opt/meshcentral`) and run the following commands in your terminal.
+
+> â ď¸ **Do not** use `sudo` with the `npm install meshcentral` command.
+
+```shell
+# Example: Create and move into the directory
+mkdir -p /opt/meshcentral
+cd /opt/meshcentral
+
+# Install the MeshCentral package
+npm install meshcentral
+
+# Start the server
+node node_modules/meshcentral
+```
+
+That's it\! MeshCentral will now set itself up and begin managing computers on your **local network** that have the MeshAgent installed.
+
+#### Running as a Service
+
+To run MeshCentral as a persistent background service (recommended for production environments), use the --install argument when starting the server. Consult the MeshCentral documentation for OS-specific service setup details.
+
+-----
+
+### âď¸ Configuration and Customization
+
+#### Default Mode and Initial Access
+
+By default, MeshCentral starts in **LAN-only mode**. Agents use local network multicasting to find the server.
+
+ * The first user account you create upon accessing the server will automatically become the **server administrator**. Access the login page in your web browser and create your account right away.
+ * Once installed, server settings are stored in the **`config.json`** file, which is located inside the **`meshcentral-data`** folder.
+
+#### Advanced Configuration
+
+The **`config.json`** file holds hundreds of options for deep customization, including:
+
+ * Switching the server from LAN-only to **WAN/Hybrid mode** by setting a known DNS name.
+ * Customizing the server with your own **branding**.
+ * Setting up an **SMTP email server** or **SMS services**.
+
+The configuration file must be valid **JSON**. You can use an online tool or utilities like `jq` to validate its format.
+
+You can find sample configuration files on the GitHub repository for reference:
+
+ * [Simple sample config](https://github.com/Ylianst/MeshCentral/blob/master/sample-config.json)
+ * [Advanced sample config](https://github.com/Ylianst/MeshCentral/blob/master/sample-config-advanced.json)
+ * [Full config schema](https://github.com/Ylianst/MeshCentral/blob/master/meshcentral-config-schema.json)
+
+-----
+
+### Database and Scaling Notes
+
+ * **Database:** By default, MeshCentral uses **NeDB**, its built-in database. For advanced use cases and better performance, it's recommended to switch to **MongoDB** or an SQL-based solution like **Postgresql**.
+ * **Hardware:** MeshCentral is very lightweight. You can run a server capable of managing a few hundred devices on a small platform like a **Raspberry Pi** or an **AWS t3.nano** instance running Linux.
+ * **Service Mode:** To run the server as a background service, start it with the `--help` argument to view options for background installation.
+
+For a visual guide, check out the official [YouTube Tutorial Videos](https://www.youtube.com/@MeshCentral/videos).
+
+\
+Â \
+
\ No newline at end of file
diff --git a/docs/docs/install/security/secure.md b/docs/docs/install/security/secure.md
new file mode 100644
index 00000000..a2c17ea3
--- /dev/null
+++ b/docs/docs/install/security/secure.md
@@ -0,0 +1,101 @@
+## đ Increased Security Installation on Debian/Ubuntu
+
+For enhanced security on Debian-based Linux distributions (like Ubuntu), it's best practice to run **MeshCentral** under a dedicated, low-privilege user account. This prevents the server from making unauthorized changes to the system.
+
+> â ď¸ **Important:** Running with restricted privileges disables MeshCentral's **self-update capability**. Updates must be performed manually. Additionally, this setup **requires using an external database (like MongoDB)** because the primary data folder will be read-only.
+
+-----
+
+### 1\. Create a Low-Privilege User
+
+Start by creating a system user named `meshcentral`. This user will be restricted from logging in and changing files outside its designated directory.
+
+```shell
+sudo useradd -r -d /opt/meshcentral -s /sbin/nologin meshcentral
+```
+
+### 2\. Install MeshCentral
+
+Next, create the installation directory and install the package using NPM.
+
+```shell
+# Create the installation folder
+sudo mkdir /opt/meshcentral
+
+# Change to the installation directory
+cd /opt/meshcentral
+
+# Install MeshCentral (as the created user)
+sudo -u meshcentral npm install meshcentral
+```
+
+### 3\. Initialize Data Folders
+
+Run the server once under the new low-privilege user to generate the necessary data folders and install any initial dependencies.
+
+```shell
+# Run once as the meshcentral user
+sudo -u meshcentral node ./node_modules/meshcentral
+```
+
+Once the server is running and the folders have been created, press **CTRL-C** to stop the process.
+
+### 4\. Restrict Permissions
+
+Now, set the ownership and permissions to ensure the `meshcentral` user has **read-only access** to the application code, enhancing security.
+
+```shell
+# Change ownership of all files to the meshcentral user and group
+sudo chown -R meshcentral:meshcentral /opt/meshcentral
+
+# Set read/execute permissions for the meshcentral user on data folders
+# Note: meshcentral-* refers to meshcentral-data, meshcentral-files, etc.
+sudo chmod -R 755 /opt/meshcentral/
+```
+
+### 5\. Adjust Write Permissions for Functionality (Optional)
+
+In a restricted environment, you need to explicitly grant write access to specific subfolders the server needs to modify during operation.
+
+#### A. File Upload/Download
+
+If you plan to use MeshCentral's file transfer features, the server needs to read and write to the `meshcentral-files` folder:
+
+```shell
+sudo chmod -R 755 /opt/meshcentral/meshcentral-files
+```
+
+#### B. Let's Encrypt Support
+
+If you plan to use MeshCentral's built-in **Let's Encrypt** support, you must make its certificate folder writable to avoid `ACCES: permission denied` exceptions:
+
+```shell
+# Create the necessary sub-folders if they don't exist
+sudo mkdir -p /opt/meshcentral/meshcentral-data/letsencrypt
+
+# Grant write access to the letsencrypt folder
+sudo chmod -R 775 /opt/meshcentral/meshcentral-data/letsencrypt
+```
+
+### 6\. Manual Server Update
+
+Because the `meshcentral` user lacks write access to the `/node_modules` directory, the server cannot update itself. To perform a manual update:
+
+1. Use `systemctl` (or your service manager) to **stop** the MeshCentral server process.
+2. Run the following commands:
+
+
+
+```shell
+cd /opt/meshcentral
+
+# Update the MeshCentral package via NPM (requires sudo/root privileges)
+sudo npm install meshcentral
+
+# Re-set ownership to the meshcentral user
+sudo chown -R meshcentral:meshcentral /opt/meshcentral
+```
+
+3. Use `systemctl` to **restart** the MeshCentral server.
+
+This process updates the server to the latest version on NPM and reapplies the strict permissions.
\ No newline at end of file
diff --git a/docs/docs/install/windows.md b/docs/docs/install/windows.md
new file mode 100644
index 00000000..da1a12a1
--- /dev/null
+++ b/docs/docs/install/windows.md
@@ -0,0 +1,69 @@
+## đŞ Quick Start on Windows with the Installer
+
+For Microsoft Windows users, the easiest way to install MeshCentral is by using the dedicated installer tool. This tool automates the setup, including checking for and installing **Node.js** if necessary.
+
+You can download the MeshCentral installer from the official website or by clicking [this link](https://www.meshcommander.com/meshcentral2).
+
+> **Recommendation:** We advise running the installer on a modern version of Windows (e.g., Windows 8.1, Windows 10, or Windows Server 2012 or newer).
+
+### Installation Prompts Explained
+
+The installer will guide you through a few key settings:
+
+| Setting | Description |
+| :--- | :--- |
+| **Multi-user Server** | **Enabled (Checked):** The server is open to the public. Users can create accounts and manage their own devices. **Disabled (Unchecked):** The server is limited to a single-user mode, with no login screen, accessible only from the server host machine. |
+| **Auto-update Server** | **Enabled:** The server automatically checks for new releases daily (typically between 00:00 and 01:00 local time) and performs an update. The server will be inaccessible during the update process. |
+| **Server Mode** | Choose how agents find the server: |
+| *LAN Mode* | Recommended for small, local networks. The server does not need a fixed IP or DNS name. |
+| *WAN/Hybrid Mode* | Required for managing devices over the internet. You **must** enter the server's public **DNS name** or **static IP address** into the **Server Name** field. This name must be correct or agents will fail to connect. If unsure, start with **LAN Mode**. |
+
+Once installed, MeshCentral runs as a **background Windows Service** and can be accessed via the web browser link provided by the installer.
+
+### Updating and Maintenance
+
+The installation tool can be run again at any time to:
+
+* **Perform a Server Update:** The tool compares your installed version to the latest one on NPM.
+* **Re-install** the server.
+* **Un-install** the server.
+
+---
+
+## đ Windows Defender Firewall Settings
+
+The installer automatically configures the **Windows Defender Firewall** to allow MeshCentral to accept incoming connections.
+
+By default, MeshCentral uses the following ports:
+* **TCP Ports:** **80** (HTTP), **443** (HTTPS), and **4433** (IntelÂŽ AMT CIRA).
+* **UDP Port:** **16990** (Added for server discovery in LAN or Hybrid mode).
+
+If you performed an advanced NPM installation or need to change the default ports, you may need to manually modify these firewall rules.
+
+### Accessing Firewall Settings
+
+1. Open **Control Panel**.
+2. Go to **System and Security**.
+3. Click **Windows Defender Firewall**.
+4. Click **Advanced Settings** on the left side.
+5. Select **Inbound Rules**.
+
+If you used the installer, you should see rules named **`MeshCentral Server TCP ports`** and optionally **`MeshCentral Server UDP ports`**.
+
+### 1. Editing Existing Rules
+
+To change the allowed ports (e.g., if you changed the MeshCentral configuration):
+1. **Double-click** the existing rule (e.g., `MeshCentral Server TCP ports`).
+2. Go to the **Protocols and Ports** tab.
+3. Modify the **Local ports** field.
+
+### 2. Adding New Rules
+
+To create a new inbound firewall rule:
+1. Click **New Rule...** on the right side.
+2. Select **Port** and click **Next**.
+3. Choose either **TCP** or **UDP**.
+4. Select **Specific local ports** and enter the port numbers (e.g., `80, 443, 4433`). Click **Next**.
+5. Ensure **Allow the connection** is selected and click **Next**.
+6. Select the profiles (Domain, Private, Public) where the rule should apply and click **Next**.
+7. Enter a descriptive **Name** for the rule and click **Finish**.
\ No newline at end of file
diff --git a/docs/docs/meshcentral/codesigning.md b/docs/docs/meshcentral/codesigning.md
index 5cb30d00..a14528e2 100644
--- a/docs/docs/meshcentral/codesigning.md
+++ b/docs/docs/meshcentral/codesigning.md
@@ -1,3 +1,5 @@
+# Code Signing
+
## Authenticode-JS Video
Nodejs Code Signing module
diff --git a/docs/docs/meshcentral/debugging.md b/docs/docs/meshcentral/debugging.md
index 68a3725e..f661c3fe 100644
--- a/docs/docs/meshcentral/debugging.md
+++ b/docs/docs/meshcentral/debugging.md
@@ -1,3 +1,5 @@
+# Debugging
+
## Websockets Video
Make sure you understand how MeshCentral works with your browser using chrome developer tools.
diff --git a/docs/docs/meshcentral/faq.md b/docs/docs/meshcentral/faq.md
index 1c5b2404..3b56fa7e 100644
--- a/docs/docs/meshcentral/faq.md
+++ b/docs/docs/meshcentral/faq.md
@@ -42,7 +42,7 @@ You're sure you're typing in everything right, giving it 2FA code and can't logi
[TOTP](https://en.wikipedia.org/wiki/Time-based_one-time_password) is time sensitive, check your time/NTP and make sure it's right (on server and TOTP app device)! :)
-
+
## Branding and Customization
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-11-41.jpg b/docs/docs/meshcentral/images/2022-05-18-22-11-41.jpg
new file mode 100644
index 00000000..1e4c33c4
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-22-11-41.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-11-41.png b/docs/docs/meshcentral/images/2022-05-18-22-11-41.png
deleted file mode 100644
index 374b56b1..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-22-11-41.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-16-11.jpg b/docs/docs/meshcentral/images/2022-05-18-22-16-11.jpg
new file mode 100644
index 00000000..2aa65dd2
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-22-16-11.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-16-11.png b/docs/docs/meshcentral/images/2022-05-18-22-16-11.png
deleted file mode 100644
index bc896d38..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-22-16-11.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-20-08.jpg b/docs/docs/meshcentral/images/2022-05-18-22-20-08.jpg
new file mode 100644
index 00000000..b339eace
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-22-20-08.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-20-08.png b/docs/docs/meshcentral/images/2022-05-18-22-20-08.png
deleted file mode 100644
index 2c62b23a..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-22-20-08.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-23-59.jpg b/docs/docs/meshcentral/images/2022-05-18-22-23-59.jpg
new file mode 100644
index 00000000..dc64e3b2
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-22-23-59.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-23-59.png b/docs/docs/meshcentral/images/2022-05-18-22-23-59.png
deleted file mode 100644
index 4e8b54e6..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-22-23-59.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-25-39.jpg b/docs/docs/meshcentral/images/2022-05-18-22-25-39.jpg
new file mode 100644
index 00000000..469e6820
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-22-25-39.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-25-39.png b/docs/docs/meshcentral/images/2022-05-18-22-25-39.png
deleted file mode 100644
index 288eb904..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-22-25-39.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-26-14.jpg b/docs/docs/meshcentral/images/2022-05-18-22-26-14.jpg
new file mode 100644
index 00000000..5c0a64b6
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-22-26-14.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-26-14.png b/docs/docs/meshcentral/images/2022-05-18-22-26-14.png
deleted file mode 100644
index 360665b5..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-22-26-14.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-27-25.jpg b/docs/docs/meshcentral/images/2022-05-18-22-27-25.jpg
new file mode 100644
index 00000000..a84eba3c
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-22-27-25.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-27-25.png b/docs/docs/meshcentral/images/2022-05-18-22-27-25.png
deleted file mode 100644
index 5cb6b725..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-22-27-25.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-29-12.jpg b/docs/docs/meshcentral/images/2022-05-18-22-29-12.jpg
new file mode 100644
index 00000000..94892e22
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-22-29-12.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-29-12.png b/docs/docs/meshcentral/images/2022-05-18-22-29-12.png
deleted file mode 100644
index 2db41657..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-22-29-12.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-29-40.jpg b/docs/docs/meshcentral/images/2022-05-18-22-29-40.jpg
new file mode 100644
index 00000000..c6eb435f
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-22-29-40.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-29-40.png b/docs/docs/meshcentral/images/2022-05-18-22-29-40.png
deleted file mode 100644
index 3a815fe8..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-22-29-40.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-29-47.jpg b/docs/docs/meshcentral/images/2022-05-18-22-29-47.jpg
new file mode 100644
index 00000000..67b442e4
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-22-29-47.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-29-47.png b/docs/docs/meshcentral/images/2022-05-18-22-29-47.png
deleted file mode 100644
index f8569fb7..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-22-29-47.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-32-35.jpg b/docs/docs/meshcentral/images/2022-05-18-22-32-35.jpg
new file mode 100644
index 00000000..0c9022c0
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-22-32-35.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-22-32-35.png b/docs/docs/meshcentral/images/2022-05-18-22-32-35.png
deleted file mode 100644
index 8253fbc2..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-22-32-35.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-33-08.jpg b/docs/docs/meshcentral/images/2022-05-18-23-33-08.jpg
new file mode 100644
index 00000000..7a0009d8
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-33-08.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-33-08.png b/docs/docs/meshcentral/images/2022-05-18-23-33-08.png
deleted file mode 100644
index bdfba9ab..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-33-08.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-34-22.jpg b/docs/docs/meshcentral/images/2022-05-18-23-34-22.jpg
new file mode 100644
index 00000000..d68ddb1f
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-34-22.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-34-22.png b/docs/docs/meshcentral/images/2022-05-18-23-34-22.png
deleted file mode 100644
index 6bc35790..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-34-22.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-35-19.jpg b/docs/docs/meshcentral/images/2022-05-18-23-35-19.jpg
new file mode 100644
index 00000000..69665e61
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-35-19.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-35-19.png b/docs/docs/meshcentral/images/2022-05-18-23-35-19.png
deleted file mode 100644
index c80d4a40..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-35-19.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-37-31.jpg b/docs/docs/meshcentral/images/2022-05-18-23-37-31.jpg
new file mode 100644
index 00000000..00543bc7
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-37-31.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-37-31.png b/docs/docs/meshcentral/images/2022-05-18-23-37-31.png
deleted file mode 100644
index 0c4056a3..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-37-31.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-37-40.jpg b/docs/docs/meshcentral/images/2022-05-18-23-37-40.jpg
new file mode 100644
index 00000000..cbb4791b
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-37-40.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-37-40.png b/docs/docs/meshcentral/images/2022-05-18-23-37-40.png
deleted file mode 100644
index ce071077..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-37-40.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-38-45.jpg b/docs/docs/meshcentral/images/2022-05-18-23-38-45.jpg
new file mode 100644
index 00000000..3d9b5ea6
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-38-45.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-38-45.png b/docs/docs/meshcentral/images/2022-05-18-23-38-45.png
deleted file mode 100644
index d5797cb8..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-38-45.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-39-03.jpg b/docs/docs/meshcentral/images/2022-05-18-23-39-03.jpg
new file mode 100644
index 00000000..7d3cfc13
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-39-03.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-39-03.png b/docs/docs/meshcentral/images/2022-05-18-23-39-03.png
deleted file mode 100644
index dda6f11e..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-39-03.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-41-23.jpg b/docs/docs/meshcentral/images/2022-05-18-23-41-23.jpg
new file mode 100644
index 00000000..983d1797
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-41-23.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-41-23.png b/docs/docs/meshcentral/images/2022-05-18-23-41-23.png
deleted file mode 100644
index 368305cd..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-41-23.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-41-58.jpg b/docs/docs/meshcentral/images/2022-05-18-23-41-58.jpg
new file mode 100644
index 00000000..08ba782c
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-41-58.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-41-58.png b/docs/docs/meshcentral/images/2022-05-18-23-41-58.png
deleted file mode 100644
index 94d6425b..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-41-58.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-42-51.jpg b/docs/docs/meshcentral/images/2022-05-18-23-42-51.jpg
new file mode 100644
index 00000000..f96c53e6
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-42-51.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-42-51.png b/docs/docs/meshcentral/images/2022-05-18-23-42-51.png
deleted file mode 100644
index 10ca5abe..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-42-51.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-46-26.jpg b/docs/docs/meshcentral/images/2022-05-18-23-46-26.jpg
new file mode 100644
index 00000000..43175ff6
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-46-26.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-46-26.png b/docs/docs/meshcentral/images/2022-05-18-23-46-26.png
deleted file mode 100644
index 71646f29..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-46-26.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-49-37.jpg b/docs/docs/meshcentral/images/2022-05-18-23-49-37.jpg
new file mode 100644
index 00000000..1364be65
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-49-37.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-49-37.png b/docs/docs/meshcentral/images/2022-05-18-23-49-37.png
deleted file mode 100644
index 9d532149..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-49-37.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-49-53.jpg b/docs/docs/meshcentral/images/2022-05-18-23-49-53.jpg
new file mode 100644
index 00000000..815e5dc3
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-49-53.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-49-53.png b/docs/docs/meshcentral/images/2022-05-18-23-49-53.png
deleted file mode 100644
index 95e32c5f..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-49-53.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-53-04.jpg b/docs/docs/meshcentral/images/2022-05-18-23-53-04.jpg
new file mode 100644
index 00000000..3cd15dcb
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-53-04.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-53-04.png b/docs/docs/meshcentral/images/2022-05-18-23-53-04.png
deleted file mode 100644
index b45f268c..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-53-04.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-55-26.jpg b/docs/docs/meshcentral/images/2022-05-18-23-55-26.jpg
new file mode 100644
index 00000000..6e11ea2e
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-55-26.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-55-26.png b/docs/docs/meshcentral/images/2022-05-18-23-55-26.png
deleted file mode 100644
index d74b4837..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-55-26.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-56-29.jpg b/docs/docs/meshcentral/images/2022-05-18-23-56-29.jpg
new file mode 100644
index 00000000..89912597
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-56-29.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-56-29.png b/docs/docs/meshcentral/images/2022-05-18-23-56-29.png
deleted file mode 100644
index ea14f134..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-56-29.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-56-59.jpg b/docs/docs/meshcentral/images/2022-05-18-23-56-59.jpg
new file mode 100644
index 00000000..d99c0a93
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-56-59.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-56-59.png b/docs/docs/meshcentral/images/2022-05-18-23-56-59.png
deleted file mode 100644
index 07f126e2..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-56-59.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-59-28.jpg b/docs/docs/meshcentral/images/2022-05-18-23-59-28.jpg
new file mode 100644
index 00000000..28530c24
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18-23-59-28.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18-23-59-28.png b/docs/docs/meshcentral/images/2022-05-18-23-59-28.png
deleted file mode 100644
index f7d9529e..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18-23-59-28.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-18_223720.jpg b/docs/docs/meshcentral/images/2022-05-18_223720.jpg
new file mode 100644
index 00000000..9472000a
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-18_223720.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-18_223720.png b/docs/docs/meshcentral/images/2022-05-18_223720.png
deleted file mode 100644
index b82aa68f..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-18_223720.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-00-05.jpg b/docs/docs/meshcentral/images/2022-05-19-00-00-05.jpg
new file mode 100644
index 00000000..fb965cba
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-00-05.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-00-05.png b/docs/docs/meshcentral/images/2022-05-19-00-00-05.png
deleted file mode 100644
index 711ca1af..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-00-05.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-00-18.jpg b/docs/docs/meshcentral/images/2022-05-19-00-00-18.jpg
new file mode 100644
index 00000000..6f143ec7
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-00-18.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-00-18.png b/docs/docs/meshcentral/images/2022-05-19-00-00-18.png
deleted file mode 100644
index acf07b1c..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-00-18.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-01-19.jpg b/docs/docs/meshcentral/images/2022-05-19-00-01-19.jpg
new file mode 100644
index 00000000..323d5867
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-01-19.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-01-19.png b/docs/docs/meshcentral/images/2022-05-19-00-01-19.png
deleted file mode 100644
index 7edd38c6..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-01-19.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-01-43.jpg b/docs/docs/meshcentral/images/2022-05-19-00-01-43.jpg
new file mode 100644
index 00000000..087544c7
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-01-43.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-01-43.png b/docs/docs/meshcentral/images/2022-05-19-00-01-43.png
deleted file mode 100644
index 3e7333d9..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-01-43.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-02-03.jpg b/docs/docs/meshcentral/images/2022-05-19-00-02-03.jpg
new file mode 100644
index 00000000..fa097dba
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-02-03.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-02-03.png b/docs/docs/meshcentral/images/2022-05-19-00-02-03.png
deleted file mode 100644
index 2e60b3c2..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-02-03.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-03-32.jpg b/docs/docs/meshcentral/images/2022-05-19-00-03-32.jpg
new file mode 100644
index 00000000..9c92cb57
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-03-32.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-03-32.png b/docs/docs/meshcentral/images/2022-05-19-00-03-32.png
deleted file mode 100644
index ac12616b..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-03-32.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-03-46.jpg b/docs/docs/meshcentral/images/2022-05-19-00-03-46.jpg
new file mode 100644
index 00000000..f33eadea
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-03-46.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-03-46.png b/docs/docs/meshcentral/images/2022-05-19-00-03-46.png
deleted file mode 100644
index e552b1fd..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-03-46.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-03-58.jpg b/docs/docs/meshcentral/images/2022-05-19-00-03-58.jpg
new file mode 100644
index 00000000..3bc47e6a
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-03-58.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-03-58.png b/docs/docs/meshcentral/images/2022-05-19-00-03-58.png
deleted file mode 100644
index eb6aaa09..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-03-58.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-19-29.jpg b/docs/docs/meshcentral/images/2022-05-19-00-19-29.jpg
new file mode 100644
index 00000000..e4adb6d3
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-19-29.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-19-29.png b/docs/docs/meshcentral/images/2022-05-19-00-19-29.png
deleted file mode 100644
index c33a8a5b..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-19-29.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-19-46.jpg b/docs/docs/meshcentral/images/2022-05-19-00-19-46.jpg
new file mode 100644
index 00000000..9c964290
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-19-46.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-19-46.png b/docs/docs/meshcentral/images/2022-05-19-00-19-46.png
deleted file mode 100644
index 8935509a..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-19-46.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-21-19.jpg b/docs/docs/meshcentral/images/2022-05-19-00-21-19.jpg
new file mode 100644
index 00000000..53d345a6
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-21-19.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-21-19.png b/docs/docs/meshcentral/images/2022-05-19-00-21-19.png
deleted file mode 100644
index 50099f92..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-21-19.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-21-54.jpg b/docs/docs/meshcentral/images/2022-05-19-00-21-54.jpg
new file mode 100644
index 00000000..227ee007
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-21-54.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-21-54.png b/docs/docs/meshcentral/images/2022-05-19-00-21-54.png
deleted file mode 100644
index 8d1c6e1a..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-21-54.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-23-11.jpg b/docs/docs/meshcentral/images/2022-05-19-00-23-11.jpg
new file mode 100644
index 00000000..e36e7e13
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-23-11.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-23-11.png b/docs/docs/meshcentral/images/2022-05-19-00-23-11.png
deleted file mode 100644
index 9c30eb2b..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-23-11.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-25-11.jpg b/docs/docs/meshcentral/images/2022-05-19-00-25-11.jpg
new file mode 100644
index 00000000..bb089ce5
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-25-11.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-25-11.png b/docs/docs/meshcentral/images/2022-05-19-00-25-11.png
deleted file mode 100644
index d691f7ee..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-25-11.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-32-32.jpg b/docs/docs/meshcentral/images/2022-05-19-00-32-32.jpg
new file mode 100644
index 00000000..71ed7229
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-32-32.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-32-32.png b/docs/docs/meshcentral/images/2022-05-19-00-32-32.png
deleted file mode 100644
index 5553eb24..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-32-32.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-34-54.jpg b/docs/docs/meshcentral/images/2022-05-19-00-34-54.jpg
new file mode 100644
index 00000000..ceafa8f1
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-34-54.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-34-54.png b/docs/docs/meshcentral/images/2022-05-19-00-34-54.png
deleted file mode 100644
index 94310f74..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-34-54.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-35-32.jpg b/docs/docs/meshcentral/images/2022-05-19-00-35-32.jpg
new file mode 100644
index 00000000..f006dff8
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-35-32.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-35-32.png b/docs/docs/meshcentral/images/2022-05-19-00-35-32.png
deleted file mode 100644
index 4c0401b8..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-35-32.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-38-11.jpg b/docs/docs/meshcentral/images/2022-05-19-00-38-11.jpg
new file mode 100644
index 00000000..58a773c2
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-38-11.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-38-11.png b/docs/docs/meshcentral/images/2022-05-19-00-38-11.png
deleted file mode 100644
index 7349b296..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-38-11.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-38-51.jpg b/docs/docs/meshcentral/images/2022-05-19-00-38-51.jpg
new file mode 100644
index 00000000..2ee81d37
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-38-51.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-38-51.png b/docs/docs/meshcentral/images/2022-05-19-00-38-51.png
deleted file mode 100644
index 8dfe3abf..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-38-51.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-39-35.jpg b/docs/docs/meshcentral/images/2022-05-19-00-39-35.jpg
new file mode 100644
index 00000000..43f46fad
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-39-35.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-39-35.png b/docs/docs/meshcentral/images/2022-05-19-00-39-35.png
deleted file mode 100644
index c6d5c047..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-39-35.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-39-42.jpg b/docs/docs/meshcentral/images/2022-05-19-00-39-42.jpg
new file mode 100644
index 00000000..6eb74af4
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-39-42.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-39-42.png b/docs/docs/meshcentral/images/2022-05-19-00-39-42.png
deleted file mode 100644
index c865c0bd..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-39-42.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-40-00.jpg b/docs/docs/meshcentral/images/2022-05-19-00-40-00.jpg
new file mode 100644
index 00000000..a867baee
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-40-00.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-40-00.png b/docs/docs/meshcentral/images/2022-05-19-00-40-00.png
deleted file mode 100644
index 2fee5d8b..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-40-00.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-40-13.jpg b/docs/docs/meshcentral/images/2022-05-19-00-40-13.jpg
new file mode 100644
index 00000000..2b979b88
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-40-13.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-40-13.png b/docs/docs/meshcentral/images/2022-05-19-00-40-13.png
deleted file mode 100644
index 1ba9fe5f..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-40-13.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-42-49.jpg b/docs/docs/meshcentral/images/2022-05-19-00-42-49.jpg
new file mode 100644
index 00000000..c7cdb433
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-42-49.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-42-49.png b/docs/docs/meshcentral/images/2022-05-19-00-42-49.png
deleted file mode 100644
index 94dc5878..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-42-49.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-44-03.jpg b/docs/docs/meshcentral/images/2022-05-19-00-44-03.jpg
new file mode 100644
index 00000000..cf35b111
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-44-03.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-44-03.png b/docs/docs/meshcentral/images/2022-05-19-00-44-03.png
deleted file mode 100644
index ddc3d4ba..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-44-03.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-44-25.jpg b/docs/docs/meshcentral/images/2022-05-19-00-44-25.jpg
new file mode 100644
index 00000000..fe544cb3
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-44-25.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-44-25.png b/docs/docs/meshcentral/images/2022-05-19-00-44-25.png
deleted file mode 100644
index f92c1b06..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-44-25.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-45-31.jpg b/docs/docs/meshcentral/images/2022-05-19-00-45-31.jpg
new file mode 100644
index 00000000..9e3fea8b
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-45-31.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-45-31.png b/docs/docs/meshcentral/images/2022-05-19-00-45-31.png
deleted file mode 100644
index d86ad966..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-45-31.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-45-45.jpg b/docs/docs/meshcentral/images/2022-05-19-00-45-45.jpg
new file mode 100644
index 00000000..ffd48bc1
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-45-45.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-45-45.png b/docs/docs/meshcentral/images/2022-05-19-00-45-45.png
deleted file mode 100644
index 46fb16bf..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-45-45.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-48-17.jpg b/docs/docs/meshcentral/images/2022-05-19-00-48-17.jpg
new file mode 100644
index 00000000..1b4791ea
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-48-17.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-48-17.png b/docs/docs/meshcentral/images/2022-05-19-00-48-17.png
deleted file mode 100644
index ede1b9be..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-48-17.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-48-41.jpg b/docs/docs/meshcentral/images/2022-05-19-00-48-41.jpg
new file mode 100644
index 00000000..b94bb9ba
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-48-41.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-48-41.png b/docs/docs/meshcentral/images/2022-05-19-00-48-41.png
deleted file mode 100644
index d271a9c6..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-48-41.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-48-54.jpg b/docs/docs/meshcentral/images/2022-05-19-00-48-54.jpg
new file mode 100644
index 00000000..e104c87e
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-48-54.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-48-54.png b/docs/docs/meshcentral/images/2022-05-19-00-48-54.png
deleted file mode 100644
index 3f091cc8..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-48-54.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-49-25.jpg b/docs/docs/meshcentral/images/2022-05-19-00-49-25.jpg
new file mode 100644
index 00000000..88c79437
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-49-25.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-49-25.png b/docs/docs/meshcentral/images/2022-05-19-00-49-25.png
deleted file mode 100644
index f613b6b7..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-49-25.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-50-18.jpg b/docs/docs/meshcentral/images/2022-05-19-00-50-18.jpg
new file mode 100644
index 00000000..1d0833f1
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-50-18.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-50-18.png b/docs/docs/meshcentral/images/2022-05-19-00-50-18.png
deleted file mode 100644
index edaabac1..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-50-18.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-50-30.jpg b/docs/docs/meshcentral/images/2022-05-19-00-50-30.jpg
new file mode 100644
index 00000000..5c114ee8
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-50-30.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-50-30.png b/docs/docs/meshcentral/images/2022-05-19-00-50-30.png
deleted file mode 100644
index 15bb58c5..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-50-30.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-50-52.jpg b/docs/docs/meshcentral/images/2022-05-19-00-50-52.jpg
new file mode 100644
index 00000000..e9f89f20
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-50-52.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-50-52.png b/docs/docs/meshcentral/images/2022-05-19-00-50-52.png
deleted file mode 100644
index 0d8620c6..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-50-52.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-51-14.jpg b/docs/docs/meshcentral/images/2022-05-19-00-51-14.jpg
new file mode 100644
index 00000000..ec674362
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-51-14.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-51-14.png b/docs/docs/meshcentral/images/2022-05-19-00-51-14.png
deleted file mode 100644
index ce547fbd..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-51-14.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-51-29.jpg b/docs/docs/meshcentral/images/2022-05-19-00-51-29.jpg
new file mode 100644
index 00000000..e6e1af27
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-51-29.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-51-29.png b/docs/docs/meshcentral/images/2022-05-19-00-51-29.png
deleted file mode 100644
index 03f73e67..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-51-29.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-52-05.jpg b/docs/docs/meshcentral/images/2022-05-19-00-52-05.jpg
new file mode 100644
index 00000000..cc987461
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-52-05.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-52-05.png b/docs/docs/meshcentral/images/2022-05-19-00-52-05.png
deleted file mode 100644
index 59821a7f..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-52-05.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-52-36.jpg b/docs/docs/meshcentral/images/2022-05-19-00-52-36.jpg
new file mode 100644
index 00000000..d0dd01ea
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-52-36.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-52-36.png b/docs/docs/meshcentral/images/2022-05-19-00-52-36.png
deleted file mode 100644
index 24e50520..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-52-36.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-52-53.jpg b/docs/docs/meshcentral/images/2022-05-19-00-52-53.jpg
new file mode 100644
index 00000000..0fb1dae5
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-52-53.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-52-53.png b/docs/docs/meshcentral/images/2022-05-19-00-52-53.png
deleted file mode 100644
index 816f5c86..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-52-53.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-53-38.jpg b/docs/docs/meshcentral/images/2022-05-19-00-53-38.jpg
new file mode 100644
index 00000000..84ee1ddf
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-53-38.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-53-38.png b/docs/docs/meshcentral/images/2022-05-19-00-53-38.png
deleted file mode 100644
index 3e70e88e..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-53-38.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-54-31.jpg b/docs/docs/meshcentral/images/2022-05-19-00-54-31.jpg
new file mode 100644
index 00000000..e666f4a1
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-54-31.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-54-31.png b/docs/docs/meshcentral/images/2022-05-19-00-54-31.png
deleted file mode 100644
index 62bfd8a9..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-54-31.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-54-50.jpg b/docs/docs/meshcentral/images/2022-05-19-00-54-50.jpg
new file mode 100644
index 00000000..85885f94
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-54-50.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-54-50.png b/docs/docs/meshcentral/images/2022-05-19-00-54-50.png
deleted file mode 100644
index e3af2b78..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-54-50.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-55-29.jpg b/docs/docs/meshcentral/images/2022-05-19-00-55-29.jpg
new file mode 100644
index 00000000..5fb84088
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-55-29.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-55-29.png b/docs/docs/meshcentral/images/2022-05-19-00-55-29.png
deleted file mode 100644
index 2668740c..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-55-29.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-56-05.jpg b/docs/docs/meshcentral/images/2022-05-19-00-56-05.jpg
new file mode 100644
index 00000000..d59dabcc
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-56-05.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-56-05.png b/docs/docs/meshcentral/images/2022-05-19-00-56-05.png
deleted file mode 100644
index 3a9255c4..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-56-05.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-57-06.jpg b/docs/docs/meshcentral/images/2022-05-19-00-57-06.jpg
new file mode 100644
index 00000000..7ee81939
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-57-06.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-57-06.png b/docs/docs/meshcentral/images/2022-05-19-00-57-06.png
deleted file mode 100644
index 908ed342..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-57-06.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-57-28.jpg b/docs/docs/meshcentral/images/2022-05-19-00-57-28.jpg
new file mode 100644
index 00000000..a882e7df
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-19-00-57-28.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-19-00-57-28.png b/docs/docs/meshcentral/images/2022-05-19-00-57-28.png
deleted file mode 100644
index b73b0bdc..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-19-00-57-28.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-31-10-30-07.jpg b/docs/docs/meshcentral/images/2022-05-31-10-30-07.jpg
new file mode 100644
index 00000000..d5fd6b12
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-31-10-30-07.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-31-10-30-07.png b/docs/docs/meshcentral/images/2022-05-31-10-30-07.png
deleted file mode 100644
index 611c69c2..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-31-10-30-07.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-31-10-30-42.jpg b/docs/docs/meshcentral/images/2022-05-31-10-30-42.jpg
new file mode 100644
index 00000000..dbb6bad4
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-31-10-30-42.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-31-10-30-42.png b/docs/docs/meshcentral/images/2022-05-31-10-30-42.png
deleted file mode 100644
index 35772acd..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-31-10-30-42.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-31-10-30-50.jpg b/docs/docs/meshcentral/images/2022-05-31-10-30-50.jpg
new file mode 100644
index 00000000..ee57ee4e
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-31-10-30-50.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-31-10-30-50.png b/docs/docs/meshcentral/images/2022-05-31-10-30-50.png
deleted file mode 100644
index f3356cd0..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-31-10-30-50.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-31-10-31-00.jpg b/docs/docs/meshcentral/images/2022-05-31-10-31-00.jpg
new file mode 100644
index 00000000..b36d7e1d
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-31-10-31-00.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-31-10-31-00.png b/docs/docs/meshcentral/images/2022-05-31-10-31-00.png
deleted file mode 100644
index 6c779eab..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-31-10-31-00.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-05-31-10-32-46.jpg b/docs/docs/meshcentral/images/2022-05-31-10-32-46.jpg
new file mode 100644
index 00000000..e8a85cad
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-05-31-10-32-46.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-05-31-10-32-46.png b/docs/docs/meshcentral/images/2022-05-31-10-32-46.png
deleted file mode 100644
index fef70118..00000000
Binary files a/docs/docs/meshcentral/images/2022-05-31-10-32-46.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-06-17-15-56-14.jpg b/docs/docs/meshcentral/images/2022-06-17-15-56-14.jpg
new file mode 100644
index 00000000..6baf3c9e
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-06-17-15-56-14.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-06-17-15-56-14.png b/docs/docs/meshcentral/images/2022-06-17-15-56-14.png
deleted file mode 100644
index 3ad780dc..00000000
Binary files a/docs/docs/meshcentral/images/2022-06-17-15-56-14.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-06-17-15-56-55.jpg b/docs/docs/meshcentral/images/2022-06-17-15-56-55.jpg
new file mode 100644
index 00000000..e1d417ba
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-06-17-15-56-55.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-06-17-15-56-55.png b/docs/docs/meshcentral/images/2022-06-17-15-56-55.png
deleted file mode 100644
index dd50e316..00000000
Binary files a/docs/docs/meshcentral/images/2022-06-17-15-56-55.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-06-17-15-57-03.jpg b/docs/docs/meshcentral/images/2022-06-17-15-57-03.jpg
new file mode 100644
index 00000000..2409d8be
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-06-17-15-57-03.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-06-17-15-57-03.png b/docs/docs/meshcentral/images/2022-06-17-15-57-03.png
deleted file mode 100644
index 65111b19..00000000
Binary files a/docs/docs/meshcentral/images/2022-06-17-15-57-03.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-06-17-15-57-15.jpg b/docs/docs/meshcentral/images/2022-06-17-15-57-15.jpg
new file mode 100644
index 00000000..c2d77f05
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-06-17-15-57-15.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-06-17-15-57-15.png b/docs/docs/meshcentral/images/2022-06-17-15-57-15.png
deleted file mode 100644
index 60810b55..00000000
Binary files a/docs/docs/meshcentral/images/2022-06-17-15-57-15.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-06-17-15-57-30.jpg b/docs/docs/meshcentral/images/2022-06-17-15-57-30.jpg
new file mode 100644
index 00000000..400f3466
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-06-17-15-57-30.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-06-17-15-57-30.png b/docs/docs/meshcentral/images/2022-06-17-15-57-30.png
deleted file mode 100644
index 2a8337c8..00000000
Binary files a/docs/docs/meshcentral/images/2022-06-17-15-57-30.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-06-17-15-57-52.jpg b/docs/docs/meshcentral/images/2022-06-17-15-57-52.jpg
new file mode 100644
index 00000000..e17dcffe
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-06-17-15-57-52.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-06-17-15-57-52.png b/docs/docs/meshcentral/images/2022-06-17-15-57-52.png
deleted file mode 100644
index 11f97e89..00000000
Binary files a/docs/docs/meshcentral/images/2022-06-17-15-57-52.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-07-02-06-27-36.jpg b/docs/docs/meshcentral/images/2022-07-02-06-27-36.jpg
new file mode 100644
index 00000000..2daf8e4a
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-07-02-06-27-36.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-07-02-06-27-36.png b/docs/docs/meshcentral/images/2022-07-02-06-27-36.png
deleted file mode 100644
index de0ba8fc..00000000
Binary files a/docs/docs/meshcentral/images/2022-07-02-06-27-36.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-08-24-06-42-40.jpg b/docs/docs/meshcentral/images/2022-08-24-06-42-40.jpg
new file mode 100644
index 00000000..eb8d114b
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-08-24-06-42-40.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-08-24-06-42-40.png b/docs/docs/meshcentral/images/2022-08-24-06-42-40.png
deleted file mode 100644
index 7edcf6a2..00000000
Binary files a/docs/docs/meshcentral/images/2022-08-24-06-42-40.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2022-09-06-16-38-57.jpg b/docs/docs/meshcentral/images/2022-09-06-16-38-57.jpg
new file mode 100644
index 00000000..af207970
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-09-06-16-38-57.jpg differ
diff --git a/docs/docs/meshcentral/images/2022-09-06-16-38-57.png b/docs/docs/meshcentral/images/2022-09-06-16-38-57.png
deleted file mode 100644
index 4befd73b..00000000
Binary files a/docs/docs/meshcentral/images/2022-09-06-16-38-57.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2023-02-24vscodejsonediting.jpg b/docs/docs/meshcentral/images/2023-02-24vscodejsonediting.jpg
new file mode 100644
index 00000000..0778bf57
Binary files /dev/null and b/docs/docs/meshcentral/images/2023-02-24vscodejsonediting.jpg differ
diff --git a/docs/docs/meshcentral/images/2023-02-24vscodejsonediting.png b/docs/docs/meshcentral/images/2023-02-24vscodejsonediting.png
deleted file mode 100644
index 114e575b..00000000
Binary files a/docs/docs/meshcentral/images/2023-02-24vscodejsonediting.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2023-11-29-12-57-15.jpg b/docs/docs/meshcentral/images/2023-11-29-12-57-15.jpg
new file mode 100644
index 00000000..0a622884
Binary files /dev/null and b/docs/docs/meshcentral/images/2023-11-29-12-57-15.jpg differ
diff --git a/docs/docs/meshcentral/images/2023-11-29-12-57-15.png b/docs/docs/meshcentral/images/2023-11-29-12-57-15.png
deleted file mode 100644
index 67718be7..00000000
Binary files a/docs/docs/meshcentral/images/2023-11-29-12-57-15.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2023-11-29-12-58-05.jpg b/docs/docs/meshcentral/images/2023-11-29-12-58-05.jpg
new file mode 100644
index 00000000..69f1be69
Binary files /dev/null and b/docs/docs/meshcentral/images/2023-11-29-12-58-05.jpg differ
diff --git a/docs/docs/meshcentral/images/2023-11-29-12-58-05.png b/docs/docs/meshcentral/images/2023-11-29-12-58-05.png
deleted file mode 100644
index f86536c8..00000000
Binary files a/docs/docs/meshcentral/images/2023-11-29-12-58-05.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2023-11-29-12-58-36.jpg b/docs/docs/meshcentral/images/2023-11-29-12-58-36.jpg
new file mode 100644
index 00000000..afb962e0
Binary files /dev/null and b/docs/docs/meshcentral/images/2023-11-29-12-58-36.jpg differ
diff --git a/docs/docs/meshcentral/images/2023-11-29-12-58-36.png b/docs/docs/meshcentral/images/2023-11-29-12-58-36.png
deleted file mode 100644
index deb41c14..00000000
Binary files a/docs/docs/meshcentral/images/2023-11-29-12-58-36.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2023-11-29_140845 - mesh json1.jpg b/docs/docs/meshcentral/images/2023-11-29_140845 - mesh json1.jpg
new file mode 100644
index 00000000..50a265df
Binary files /dev/null and b/docs/docs/meshcentral/images/2023-11-29_140845 - mesh json1.jpg differ
diff --git a/docs/docs/meshcentral/images/2023-11-29_140845 - mesh json1.png b/docs/docs/meshcentral/images/2023-11-29_140845 - mesh json1.png
deleted file mode 100644
index b000fe1b..00000000
Binary files a/docs/docs/meshcentral/images/2023-11-29_140845 - mesh json1.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/2023-11-29_140845 - mesh json2.jpg b/docs/docs/meshcentral/images/2023-11-29_140845 - mesh json2.jpg
new file mode 100644
index 00000000..6e2dc6b6
Binary files /dev/null and b/docs/docs/meshcentral/images/2023-11-29_140845 - mesh json2.jpg differ
diff --git a/docs/docs/meshcentral/images/2023-11-29_140845 - mesh json2.png b/docs/docs/meshcentral/images/2023-11-29_140845 - mesh json2.png
deleted file mode 100644
index d530454b..00000000
Binary files a/docs/docs/meshcentral/images/2023-11-29_140845 - mesh json2.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/7daypowerstate.jpg b/docs/docs/meshcentral/images/7daypowerstate.jpg
new file mode 100644
index 00000000..7fc8c47c
Binary files /dev/null and b/docs/docs/meshcentral/images/7daypowerstate.jpg differ
diff --git a/docs/docs/meshcentral/images/7daypowerstate.png b/docs/docs/meshcentral/images/7daypowerstate.png
deleted file mode 100644
index c732043e..00000000
Binary files a/docs/docs/meshcentral/images/7daypowerstate.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/In-production.png b/docs/docs/meshcentral/images/In-production.png
deleted file mode 100644
index c1fc2e64..00000000
Binary files a/docs/docs/meshcentral/images/In-production.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/OAuth-Internal-External.png b/docs/docs/meshcentral/images/OAuth-Internal-External.png
deleted file mode 100644
index 13b14c8a..00000000
Binary files a/docs/docs/meshcentral/images/OAuth-Internal-External.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/agentico.jpg b/docs/docs/meshcentral/images/agentico.jpg
new file mode 100644
index 00000000..4065e30e
Binary files /dev/null and b/docs/docs/meshcentral/images/agentico.jpg differ
diff --git a/docs/docs/meshcentral/images/agentico.png b/docs/docs/meshcentral/images/agentico.png
deleted file mode 100644
index dccb2ab1..00000000
Binary files a/docs/docs/meshcentral/images/agentico.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/amt_troubleshoot1.jpg b/docs/docs/meshcentral/images/amt_troubleshoot1.jpg
new file mode 100644
index 00000000..bbffca11
Binary files /dev/null and b/docs/docs/meshcentral/images/amt_troubleshoot1.jpg differ
diff --git a/docs/docs/meshcentral/images/amt_troubleshoot1.png b/docs/docs/meshcentral/images/amt_troubleshoot1.png
deleted file mode 100644
index 6fb86d83..00000000
Binary files a/docs/docs/meshcentral/images/amt_troubleshoot1.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/amt_troubleshoot2.jpg b/docs/docs/meshcentral/images/amt_troubleshoot2.jpg
new file mode 100644
index 00000000..2fb3161c
Binary files /dev/null and b/docs/docs/meshcentral/images/amt_troubleshoot2.jpg differ
diff --git a/docs/docs/meshcentral/images/amt_troubleshoot2.png b/docs/docs/meshcentral/images/amt_troubleshoot2.png
deleted file mode 100644
index 69f145fb..00000000
Binary files a/docs/docs/meshcentral/images/amt_troubleshoot2.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/amt_troubleshoot3.jpg b/docs/docs/meshcentral/images/amt_troubleshoot3.jpg
new file mode 100644
index 00000000..d1b90594
Binary files /dev/null and b/docs/docs/meshcentral/images/amt_troubleshoot3.jpg differ
diff --git a/docs/docs/meshcentral/images/amt_troubleshoot3.png b/docs/docs/meshcentral/images/amt_troubleshoot3.png
deleted file mode 100644
index ce2df23e..00000000
Binary files a/docs/docs/meshcentral/images/amt_troubleshoot3.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/assistant_agent_code.jpg b/docs/docs/meshcentral/images/assistant_agent_code.jpg
new file mode 100644
index 00000000..16520a63
Binary files /dev/null and b/docs/docs/meshcentral/images/assistant_agent_code.jpg differ
diff --git a/docs/docs/meshcentral/images/assistant_agent_code.png b/docs/docs/meshcentral/images/assistant_agent_code.png
deleted file mode 100644
index 7ea019cd..00000000
Binary files a/docs/docs/meshcentral/images/assistant_agent_code.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/assistant_invitation_link.jpg b/docs/docs/meshcentral/images/assistant_invitation_link.jpg
new file mode 100644
index 00000000..1d762293
Binary files /dev/null and b/docs/docs/meshcentral/images/assistant_invitation_link.jpg differ
diff --git a/docs/docs/meshcentral/images/assistant_invitation_link.png b/docs/docs/meshcentral/images/assistant_invitation_link.png
deleted file mode 100644
index 0b42376d..00000000
Binary files a/docs/docs/meshcentral/images/assistant_invitation_link.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/custom-web-icons.jpg b/docs/docs/meshcentral/images/custom-web-icons.jpg
new file mode 100644
index 00000000..af7ad646
Binary files /dev/null and b/docs/docs/meshcentral/images/custom-web-icons.jpg differ
diff --git a/docs/docs/meshcentral/images/custom-web-icons.png b/docs/docs/meshcentral/images/custom-web-icons.png
deleted file mode 100644
index 9edb5569..00000000
Binary files a/docs/docs/meshcentral/images/custom-web-icons.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/desktop_buttonsbottomleft.jpg b/docs/docs/meshcentral/images/desktop_buttonsbottomleft.jpg
new file mode 100644
index 00000000..2ddfbd58
Binary files /dev/null and b/docs/docs/meshcentral/images/desktop_buttonsbottomleft.jpg differ
diff --git a/docs/docs/meshcentral/images/desktop_buttonsbottomleft.png b/docs/docs/meshcentral/images/desktop_buttonsbottomleft.png
deleted file mode 100644
index e9367ae2..00000000
Binary files a/docs/docs/meshcentral/images/desktop_buttonsbottomleft.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/desktop_buttonsbottomright.jpg b/docs/docs/meshcentral/images/desktop_buttonsbottomright.jpg
new file mode 100644
index 00000000..f861ca6f
Binary files /dev/null and b/docs/docs/meshcentral/images/desktop_buttonsbottomright.jpg differ
diff --git a/docs/docs/meshcentral/images/desktop_buttonsbottomright.png b/docs/docs/meshcentral/images/desktop_buttonsbottomright.png
deleted file mode 100644
index e2d1b99d..00000000
Binary files a/docs/docs/meshcentral/images/desktop_buttonsbottomright.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/desktop_buttonstopright_actions.jpg b/docs/docs/meshcentral/images/desktop_buttonstopright_actions.jpg
new file mode 100644
index 00000000..bb3d91d8
Binary files /dev/null and b/docs/docs/meshcentral/images/desktop_buttonstopright_actions.jpg differ
diff --git a/docs/docs/meshcentral/images/desktop_buttonstopright_actions.png b/docs/docs/meshcentral/images/desktop_buttonstopright_actions.png
deleted file mode 100644
index 08c7a58a..00000000
Binary files a/docs/docs/meshcentral/images/desktop_buttonstopright_actions.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/desktop_buttonstopright_other.jpg b/docs/docs/meshcentral/images/desktop_buttonstopright_other.jpg
new file mode 100644
index 00000000..a9e91e90
Binary files /dev/null and b/docs/docs/meshcentral/images/desktop_buttonstopright_other.jpg differ
diff --git a/docs/docs/meshcentral/images/desktop_buttonstopright_other.png b/docs/docs/meshcentral/images/desktop_buttonstopright_other.png
deleted file mode 100644
index b734aa76..00000000
Binary files a/docs/docs/meshcentral/images/desktop_buttonstopright_other.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/desktop_connectbutton.jpg b/docs/docs/meshcentral/images/desktop_connectbutton.jpg
new file mode 100644
index 00000000..4016c84c
Binary files /dev/null and b/docs/docs/meshcentral/images/desktop_connectbutton.jpg differ
diff --git a/docs/docs/meshcentral/images/desktop_connectbutton.png b/docs/docs/meshcentral/images/desktop_connectbutton.png
deleted file mode 100644
index 4f97e8f0..00000000
Binary files a/docs/docs/meshcentral/images/desktop_connectbutton.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/desktop_rdpconnectbutton.jpg b/docs/docs/meshcentral/images/desktop_rdpconnectbutton.jpg
new file mode 100644
index 00000000..4a060e78
Binary files /dev/null and b/docs/docs/meshcentral/images/desktop_rdpconnectbutton.jpg differ
diff --git a/docs/docs/meshcentral/images/desktop_rdpconnectbutton.png b/docs/docs/meshcentral/images/desktop_rdpconnectbutton.png
deleted file mode 100644
index 4c338622..00000000
Binary files a/docs/docs/meshcentral/images/desktop_rdpconnectbutton.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/desktop_settings.jpg b/docs/docs/meshcentral/images/desktop_settings.jpg
new file mode 100644
index 00000000..953b0413
Binary files /dev/null and b/docs/docs/meshcentral/images/desktop_settings.jpg differ
diff --git a/docs/docs/meshcentral/images/desktop_settings.png b/docs/docs/meshcentral/images/desktop_settings.png
deleted file mode 100644
index e03c6080..00000000
Binary files a/docs/docs/meshcentral/images/desktop_settings.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/details_cpuram.jpg b/docs/docs/meshcentral/images/details_cpuram.jpg
new file mode 100644
index 00000000..15ac514f
Binary files /dev/null and b/docs/docs/meshcentral/images/details_cpuram.jpg differ
diff --git a/docs/docs/meshcentral/images/details_cpuram.png b/docs/docs/meshcentral/images/details_cpuram.png
deleted file mode 100644
index 8898f52f..00000000
Binary files a/docs/docs/meshcentral/images/details_cpuram.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/determine-id.jpg b/docs/docs/meshcentral/images/determine-id.jpg
new file mode 100644
index 00000000..ad8bf48e
Binary files /dev/null and b/docs/docs/meshcentral/images/determine-id.jpg differ
diff --git a/docs/docs/meshcentral/images/determine-id.png b/docs/docs/meshcentral/images/determine-id.png
deleted file mode 100644
index 4e1bf8b7..00000000
Binary files a/docs/docs/meshcentral/images/determine-id.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/email-invitation.jpg b/docs/docs/meshcentral/images/email-invitation.jpg
new file mode 100644
index 00000000..a2d9864d
Binary files /dev/null and b/docs/docs/meshcentral/images/email-invitation.jpg differ
diff --git a/docs/docs/meshcentral/images/email-invitation.png b/docs/docs/meshcentral/images/email-invitation.png
deleted file mode 100644
index db9d2196..00000000
Binary files a/docs/docs/meshcentral/images/email-invitation.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/faq_av_option1.jpg b/docs/docs/meshcentral/images/faq_av_option1.jpg
new file mode 100644
index 00000000..03473dfd
Binary files /dev/null and b/docs/docs/meshcentral/images/faq_av_option1.jpg differ
diff --git a/docs/docs/meshcentral/images/faq_av_option1.png b/docs/docs/meshcentral/images/faq_av_option1.png
deleted file mode 100644
index 718bae37..00000000
Binary files a/docs/docs/meshcentral/images/faq_av_option1.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/gc-newproject.jpg b/docs/docs/meshcentral/images/gc-newproject.jpg
new file mode 100644
index 00000000..968d66c0
Binary files /dev/null and b/docs/docs/meshcentral/images/gc-newproject.jpg differ
diff --git a/docs/docs/meshcentral/images/gc-newproject.png b/docs/docs/meshcentral/images/gc-newproject.png
deleted file mode 100644
index 715b68f9..00000000
Binary files a/docs/docs/meshcentral/images/gc-newproject.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/gc-oauthconsent.jpg b/docs/docs/meshcentral/images/gc-oauthconsent.jpg
new file mode 100644
index 00000000..91304ef6
Binary files /dev/null and b/docs/docs/meshcentral/images/gc-oauthconsent.jpg differ
diff --git a/docs/docs/meshcentral/images/gc-oauthconsent.png b/docs/docs/meshcentral/images/gc-oauthconsent.png
deleted file mode 100644
index a493c589..00000000
Binary files a/docs/docs/meshcentral/images/gc-oauthconsent.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/gc-oauthconsent2.jpg b/docs/docs/meshcentral/images/gc-oauthconsent2.jpg
new file mode 100644
index 00000000..f73b2a5d
Binary files /dev/null and b/docs/docs/meshcentral/images/gc-oauthconsent2.jpg differ
diff --git a/docs/docs/meshcentral/images/gc-oauthconsent2.png b/docs/docs/meshcentral/images/gc-oauthconsent2.png
deleted file mode 100644
index 10697dd1..00000000
Binary files a/docs/docs/meshcentral/images/gc-oauthconsent2.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/gc-oauthcredentials.jpg b/docs/docs/meshcentral/images/gc-oauthcredentials.jpg
new file mode 100644
index 00000000..d7e56245
Binary files /dev/null and b/docs/docs/meshcentral/images/gc-oauthcredentials.jpg differ
diff --git a/docs/docs/meshcentral/images/gc-oauthcredentials.png b/docs/docs/meshcentral/images/gc-oauthcredentials.png
deleted file mode 100644
index 243928b0..00000000
Binary files a/docs/docs/meshcentral/images/gc-oauthcredentials.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/gc-oauthscopes.jpg b/docs/docs/meshcentral/images/gc-oauthscopes.jpg
new file mode 100644
index 00000000..f73b2a5d
Binary files /dev/null and b/docs/docs/meshcentral/images/gc-oauthscopes.jpg differ
diff --git a/docs/docs/meshcentral/images/gc-oauthscopes.png b/docs/docs/meshcentral/images/gc-oauthscopes.png
deleted file mode 100644
index 10697dd1..00000000
Binary files a/docs/docs/meshcentral/images/gc-oauthscopes.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/general_alternateports.jpg b/docs/docs/meshcentral/images/general_alternateports.jpg
new file mode 100644
index 00000000..f0349f24
Binary files /dev/null and b/docs/docs/meshcentral/images/general_alternateports.jpg differ
diff --git a/docs/docs/meshcentral/images/general_alternateports.png b/docs/docs/meshcentral/images/general_alternateports.png
deleted file mode 100644
index ab3d0451..00000000
Binary files a/docs/docs/meshcentral/images/general_alternateports.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/in-production.jpg b/docs/docs/meshcentral/images/in-production.jpg
new file mode 100644
index 00000000..08715044
Binary files /dev/null and b/docs/docs/meshcentral/images/in-production.jpg differ
diff --git a/docs/docs/meshcentral/images/ldap_integration.jpg b/docs/docs/meshcentral/images/ldap_integration.jpg
new file mode 100644
index 00000000..c0e22732
Binary files /dev/null and b/docs/docs/meshcentral/images/ldap_integration.jpg differ
diff --git a/docs/docs/meshcentral/images/ldap_integration.png b/docs/docs/meshcentral/images/ldap_integration.png
deleted file mode 100644
index 11f3994f..00000000
Binary files a/docs/docs/meshcentral/images/ldap_integration.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/oauth-internal-external.jpg b/docs/docs/meshcentral/images/oauth-internal-external.jpg
new file mode 100644
index 00000000..116c3f43
Binary files /dev/null and b/docs/docs/meshcentral/images/oauth-internal-external.jpg differ
diff --git a/docs/docs/meshcentral/images/rate_limiting_logins.jpg b/docs/docs/meshcentral/images/rate_limiting_logins.jpg
new file mode 100644
index 00000000..b2d5aba2
Binary files /dev/null and b/docs/docs/meshcentral/images/rate_limiting_logins.jpg differ
diff --git a/docs/docs/meshcentral/images/rate_limiting_logins.png b/docs/docs/meshcentral/images/rate_limiting_logins.png
deleted file mode 100644
index 26fe109d..00000000
Binary files a/docs/docs/meshcentral/images/rate_limiting_logins.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/terminal_connectbutton.jpg b/docs/docs/meshcentral/images/terminal_connectbutton.jpg
new file mode 100644
index 00000000..5ad9524c
Binary files /dev/null and b/docs/docs/meshcentral/images/terminal_connectbutton.jpg differ
diff --git a/docs/docs/meshcentral/images/terminal_connectbutton.png b/docs/docs/meshcentral/images/terminal_connectbutton.png
deleted file mode 100644
index 52bbb888..00000000
Binary files a/docs/docs/meshcentral/images/terminal_connectbutton.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/user_tokens1.jpg b/docs/docs/meshcentral/images/user_tokens1.jpg
new file mode 100644
index 00000000..78bea483
Binary files /dev/null and b/docs/docs/meshcentral/images/user_tokens1.jpg differ
diff --git a/docs/docs/meshcentral/images/user_tokens1.png b/docs/docs/meshcentral/images/user_tokens1.png
deleted file mode 100644
index a81985f4..00000000
Binary files a/docs/docs/meshcentral/images/user_tokens1.png and /dev/null differ
diff --git a/docs/docs/meshcentral/images/user_tokens2.jpg b/docs/docs/meshcentral/images/user_tokens2.jpg
new file mode 100644
index 00000000..a097d547
Binary files /dev/null and b/docs/docs/meshcentral/images/user_tokens2.jpg differ
diff --git a/docs/docs/meshcentral/images/user_tokens2.png b/docs/docs/meshcentral/images/user_tokens2.png
deleted file mode 100644
index bcafaa1c..00000000
Binary files a/docs/docs/meshcentral/images/user_tokens2.png and /dev/null differ
diff --git a/docs/docs/meshcentral/index.md b/docs/docs/meshcentral/index.md
index 1010a4b6..1cb6c031 100644
--- a/docs/docs/meshcentral/index.md
+++ b/docs/docs/meshcentral/index.md
@@ -1,64 +1,85 @@
# MeshCentral Guide
-[MeshCentral Guide](https://meshcentral.com/docs/MeshCentral2UserGuide.pdf)
+## 𧞠Abstract
-MeshCmd Guide [as .pdf](https://meshcentral.com/docs/MeshCmdUserGuide.pdf) [as .odt](https://github.com/Ylianst/MeshCentral/blob/master/docs/MeshCentral User's Guide v0.2.9.odt?raw=true)
-
-## Video Walkthru
-
-
-
-
-
-## Abstract
This user guide contains all essential information for the user to make full use of MeshCentral, a free open source web-based remote computer management software. The guide provides quick steps to setup administrative groups to remote control and manage computers in local network environments or via the Internet. Latter parts of the document will cover some advanced topics. The reader is expected to already have some of the basic understanding on computer networking, operating system and network security.
-## Introduction
-MeshCentral is a free open source web-based remote computer management software. You could setup your own management server on a local network or on the internet and remote control and manage computers that runs either Windows* or Linux* OS.
+## đ Introduction
+MeshCentral is a free open source web-based remote computer management software. You could setup your own management server on a local network or on the internet and remote control and manage computers that runs either Windows* or Linux\* OS.
-
+
To begin, a base or management server will be required. A management server could be any computing device (PC or VM) that has sufficient compute, storage and reliable network components to host an environment for MeshCentral and deliver good performance during remote management exercise. Whilst there are many configurations available for advanced users, typical server setup would only take just a few minutes to complete.
-At a high level, there are only four (4) main steps: Setup, Install, Connect and Control.
+At a high level, there are only four (4) main steps : **_Setup_**, **_Install_**, **_Connect_**, and **_Control_**.
-1. Setup the MeshCentral server on VM or PC
-2. Log on to MeshCentral portal with a valid account, creates an administrative mesh to collect all end-points (systems to be managed)
-3. Generates an agent and installs it on a target or each end-point that immediately attempts a connection back to MeshCentral server.
-4. Controls/manages assets or end-points that are available in respective administrative mesh
+ 1. Setup the MeshCentral server on VM or PC
+ 2. Log on to MeshCentral portal with a valid account, creates an administrative mesh to collect all end-points (systems to be managed)
+ 3. Generates an agent and installs it on a target or each end-point that immediately attempts a connection back to MeshCentral server.
+ 4. Controls/manages assets or end-points that are available in respective administrative mesh
-## Server Installation
+## đŹ Video Walkthru
+
+
+
+
+
+## đĽď¸ Server Installation
Because the MeshCentral server is written in NodeJS it can be installed on many operating systems including Windows, Linux. Please refer to the MeshCentral Installerâs Guide available at for information on how to install the server.
+---
+> **đ Note:**
+
+> For information on how to install the server, please refer to the **MeshCentral Installerâs Guide** available at:
+> [https://www.meshcommander.com/meshcentral2](https://www.meshcommander.com/meshcentral2)
+---
+
The server can be installed both on a local area network for local computer management and in the cloud for management of computers over the Internet. You can also install it on small IoT devices like a Raspberry Pi all the way to big servers. Itâs recommended to get started with a test setup to get a feel for this server. Once installed, come back to this document for configuring and using your new server.
-## Basic Usage
+## đ Basic Usage
In this section we will cover the basics of MeshCentral in your newly setup server.
### Launch
-Start your web browser and access MeshCentral via IP address/URL, http://serverFQDN/. If MeshCentral is running locally, enter http://127.0.0.1/. MeshCentral will redirect the browser to HTTPS if the server was accessed with HTTP. Once on HTTPS you will likely see this message:
+Start your web browser and access MeshCentral via IP address/URL, `http://serverFQDN/`. If MeshCentral is running locally, enter `http://127.0.0.1/`. MeshCentral will redirect the browser to HTTPS if the server was accessed with HTTP. Once on HTTPS you will likely see this message:
This is because by default MeshCentral is using a self-signed certificate that is not known to the browser as a âtrustedâ or âtrustworthyâ certificate. To prevent this warning from recurring, the following chapter will provide useful steps that can be considered.
- To proceed on Firefox browser,
+---
+#### Proceeding with Browser Security Warnings
- - Click on âAdvancedâ, âAdd Exceptionâ and âConfirm Security Exceptionâ
-
- To proceed on Chrome Browser,
-
-- Click on âAdvancedâ, âProceed to (unsafe)â
-
-Note: You can also get to a device by specifying the device name in the URL by adding `?viewmode=10&gotodevicename=MyComputer` to the URL of the MeshCentral web page. The new `gotodevicename` will find a device with the specified name and navigate to that deviceâs page. This is perfect for integrating MeshCentral with other solutions but be aware that a computer name is not a unique identifier and so, `&gotonode=` is always the preferred way to access a device. This feature also works on the mobile web site.
+##### Firefox
+
+To continue on **Firefox**:
+
+1. Click on *Advanced*
+2. Select *Add Exception*
+3. Click *Confirm Security Exception*
+
+##### Chrome
+
+To continue on **Chrome**:
+
+1. Click on *Advanced*
+2. Click *Proceed to `http://serverIP` (unsafe)*
+---
+
+---
+> **đ Note:**
+
+> You can also get to a device by specifying the device name in the URL by adding *`?viewmode=10&gotodevicename=MyComputer`* to the URL of the MeshCentral web page.
+> The new *`gotodevicename`* will find a device with the specified name and navigate to that deviceâs page.
+> This is perfect for integrating MeshCentral with other solutions but be aware that a computer name is not a unique identifier and so, *`&gotonode=`* is always the preferred way to access a device. This feature also works on the mobile web site.
+---
### Create Account
-Create an account by clicking âCreate Oneâ and click âCreate Accountâ once the text fields had been populated correctly.
+Create an account by clicking âCreate Oneâ and click âCreate Accountâ once the text fields had been populated correctly. As shown in the following image :
-
+
### New device group
@@ -70,10 +91,10 @@ Once logged in, create a new device group. This is a group of computers that we
-!!!note
+!!! note
There are two types of groups:
- Software Agent Group: Commonly used to manage computers. Administrator must install a âremote management agentâ on the remote computers.
- IntelÂŽ AMT Agent-less Group: Exclusive for remote computers that has IntelÂŽ AMT activated and needs to be managed independent of a âremote management agentâ.
+ - **Software Agent Group**: Commonly used to manage computers. Administrator must install a âremote management agentâ on the remote computers.
+ - **IntelÂŽ AMT Agent-less Group**: Exclusive for remote computers that has IntelÂŽ AMT activated and needs to be managed independent of a âremote management agentâ.
### Add device
@@ -82,28 +103,36 @@ To add devices into new mesh
1. Click âAdd Agentâ,
2. Select the right Operating Systems (Windows* OS) and download the Mesh Agent executable.
3. Copy the Mesh Agent file into remote computers with Windows* OS
- 
-4. Run Mesh Agent and Click âinstallâ
- 
-!!!note
- Mesh Agent is available for Windows* and Linux*. For Windows*, the mesh agent doesnât contain any sensitive data and can copied and reused on many Windows* computers. For Linux*, instead of an executable, an installation script is provided to add remote computers. The script checks the type of computer and installs the proper agent automatically.
+ 
+4. Run Mesh Agent and Click âinstallâ
+
+ 
+
+!!! note
+ Mesh Agent is available for Windows*\* and Linux*\*.
+
+ - *For Windows*\*, the mesh agent doesnât contain any sensitive data and can copied and reused on many Windows* computers.
+
+ - *For Linux*\*, instead of an executable, an installation script is provided to add remote computers.
+
+ The script checks the type of computer and installs the proper agent automatically.
### After agent install
Once the agents are installed, it will take up to a minute before the computer shows up on the userâs account automatically. Click on each computer to access it and user can rename the each computer with a unique name and icons.
-
+
-
+
### Manage Computer
Click on any computer and go into the âDesktopâ and âFilesâ tabs to remotely manage the computer or perform file transfer.
-
+
-
+
For advance users with console/command line interface experience, go into âTerminalâ to perform scripting or quick tasks with CLI tools.
@@ -113,60 +142,76 @@ For advance users with console/command line interface experience, go into âTer
-Depending on how the agent is connected to the server, there are multiple methods to remote control. Mesh Agent, RDP, and AMT
+Depending on how the agent is connected to the server, there are multiple methods to remote control :
+
+- *Mesh Agent*,
+- *RDP*,
+- *and AMT*
For RDP connections, if you have previously saved the credentials that is usable by all users on the system. If you want to remove those saved credentials that's under the `General Tab` > `Credentials`. Click pen to clear them.
-## Server Certificate
+## đ Server Certificate
As seen in the previous chapter, MeshCentral is setup with a self-signed certificate by default and the web browser will issue a warning concerning the validity of the certificate.
Users have few ways to handle this certificate warning:
-- Ignore the warning and proceed with an exception in a recurring fashion. However, traffic from the server to the web browser remains encrypted. User must check the validity of the certificate presented by the website and compare with âwebserver-cert-public.crtâ file in the âmeshcentral-dataâ folder of the server.
+- Ignore the warning and proceed with an exception in a recurring fashion. However, traffic from the server to the web browser remains encrypted. User must check the validity of the certificate presented by the website and compare with `âwebserver-cert-public.crtâ` file in the `âmeshcentral-dataâ` folder of the server.
- Add webserverâs root certificate into web browserâs trust list. Click on âRoot Certificateâ link at the bottom right of login page to download the root certificate of the web server and then add/import this as a trusted certificate into web browser. Some web browser may require a restart before the certificate installation takes effect.
- If you own a domain name that points to your MeshCentral server, you can get a free trusted certificate using Letâs Encrypt (https://letsencrypt.org/). See the section on Letâs Encrypt in this document for more information on this option. MeshCentral has built-in support for Letâ Encrypt.
-!!!important
- Before adding/importing the certificate, user must check the validity of the certificate presented by the website and compare with âroot-cert-public.crtâ file in the âmeshcentral-dataâ folder of the server.
+!!! important
+ Before adding/importing the certificate, user must check the validity of the certificate presented by the website and compare with `âroot-cert-public.crtâ` file in the `âmeshcentral-dataâ` folder of the server.
For large scale deployments or setup, a legitimate trusted certificate is highly recommended for your web server. This way, any web browser that navigates to this web server will be able to readily verify its authenticity.
-- If a legitimate trusted certificate is available, replace âwebserver-cert-public.crtâ and âwebserver-cert-private.keyâ with your certificate. These files are located in âmeshcentral-dataâ folder of the server.
-- If intermediate certificates are needed, add the files âwebserver-cert-chain1.crtâ, âwebserver-cert-chain2.crtâ, âwebserver-cert-chain3.crtâ respectively with the intermediate certificates.
+- If a legitimate trusted certificate is available, replace `âwebserver-cert-public.crtâ` and `âwebserver-cert-private.keyâ with your certificate. These files are located in âmeshcentral-dataâ folder of the server.
+- If intermediate certificates are needed, add the files `âwebserver-cert-chain1.crtâ`, `âwebserver-cert-chain2.crtâ`, `âwebserver-cert-chain3.crtâ` respectively with the intermediate certificates.
-**Note**: If you are using TLS offloading, see the section on âTLS Offloadingâ cover in the latter parts of this document.
+---
-## Files and Folder Structure
+> **đ Note :**
+
+> If you are using TLS offloading, see the section on âTLS Offloadingâ cover in the latter parts of this document.
+
+---
+
+## đ Files and Folder Structure
Itâs important to know the basic file and folder structure from which MeshCentral was installed as shown below
-
+
-Right after running the ânpm install meshcentralâ command, the node_module folder will be created which contains meshcentral and all of its dependent modules. When the server executes for the first time, both meshcentral-data and meshcentral-files folders will be created.
+Right after running the `npm install meshcentral` command, the node_module folder will be created which contains meshcentral and all of its dependent modules. When the server executes for the first time, both meshcentral-data and meshcentral-files folders will be created.
-!!!important
+!!! important
User must periodically backup both meshcentral-data and meshcentral-files which contains all of serverâs data.
-The âmeshcentral-dataâ folder will contain:
+The `âmeshcentral-dataâ` folder will contain:
-**meshcentral.db file**: The serverâs database file which contains all of the user and computer information. This includes account information and other sensitive information.
+- **`meshcentral.db`** :
-**Five .key and .crt files**: These are the serverâs certificates and private keys. They are used to securely identify the server. The .key files must not be obtained by anyone else since they could be used to impersonate the server.
+ The serverâs database file which contains all of the user and computer information. This includes account information and other sensitive information.
-**config.json file**: This is the serverâs configuration file. It first starts with a sample configuration that you can change. In a following section, we will discuss how to edit this file to customize the server.
+- **`Five .key and .crt files`**:
-The âmeshcentral-filesâ folder contains user files that have been uploaded to the server. This folder can be quite large, especially if no user space quota is set in the config.json file. Users can upload a significant amount of files on the server.
+ These are the serverâs certificates and private keys. They are used to securely identify the server. The .key files must not be obtained by anyone else since they could be used to impersonate the server.
-!!!important
+- **`config.json file`**:
+
+ This is the serverâs configuration file. It first starts with a sample configuration that you can change. In a following section, we will discuss how to edit this file to customize the server.
+
+The `âmeshcentral-filesâ` folder contains user files that have been uploaded to the server. This folder can be quite large, especially if no user space quota is set in the config.json file. Users can upload a significant amount of files on the server.
+
+!!! important
Back-up the âmeshcentral-dataâ folder since this is the folder needed to reconstruct the server if something goes wrong. Without it, user will to start over. Recommended to apply suitable encryption on both folders given that they contain sensitive data.
-## Server Configuration File
+## âď¸ Server Configuration File
In the âmeshcentral-dataâ folder, there is a file called config.json that contains the main configuration of the server. A sample configuration file could look like this:
-```
+```json
{
"settings": {
"cert": "mesh.myserver.com",
@@ -197,95 +242,111 @@ In the âmeshcentral-dataâ folder, there is a file called config.json that co
}
```
-First, we will look at each of the top levels of the configuration file. The tops levels are âsettingsâ, âdomainsâ, âpeersâ, and âsmtpâ as shown in the table below.
+First, we will look at each of the top levels of the configuration file. The tops levels are `âsettingsâ`, `âdomainsâ`, `âpeersâ`, and `âsmtpâ` as shown in the table below.
-
+
### Settings
-As indicated before, the settings section of the config.json is equivalent to passing arguments to the server at runtime. Below is a list of settings that are available for the user.
+As indicated before, the settings section of the config.json is equivalent to passing arguments to the server at runtime. In tha folowing table is a list of settings that are available for the user :
-| Settings Option | Description |
-| --------------- | --- |
-| Cert | Sets the DNS name of the server. If this name is not set, the server will run in "LAN mode". When set, the server"s web certificate will use this name and the server will instruct agents and browsers to connect to that DNS name. You must set a server DNS name to run in "WAN mode". MeshCentral will not configure your DNS server. The DNS name must be configured separately. |
-| Port | This sets the main web port used by the MeshCentral server and it"s the same port that users and mesh agents will connect to. The default port is 443, but if the port is busy, the next available higher port is used (.e.g. 444) |
-| AliasPort | Sets the main port that will be used by the server externally. By default is the same as "Port" above, but can be set to be different when next. See "Server port aliasing" section for more details. |
-| RedirPort | This is the port for redirecting traffic in the web server. When the server is configured with HTTPS, users that uses HTTP will be redirected to HTTPS. Port 80 is the default port. So, redirection will happen from port 80 to port 443. |
-| MpsPort | Port for Intel" AMT Management Presence Server to receive Intel" AMT CIRA (Client Initiated Remote Access) connections. The default is port 4433. This port is disabled in LAN mode. If user don"t plan on using Intel" AMT for management, this port can be left as-is. |
-| TLSOffload | By default this option is set to "false". If set to "true", server will run both web port and the Intel AMT MPS port without TLS with the assumption that a TLS offloading is taking care of this task. For further details, see the "TLS Offloading" section. This option can also be set to the IP address of the reverse-proxy in order to indicate to MeshCental to only trust HTTP X-Forwarded headers coming from this IP address. See the "Reverse-Proxy Setup" section for an example. |
-| SelfUpdate | When set to "true" the server will check for a new version and attempt to self-update automatically a bit after midnight local time every day. If set to a specific version such as "1.1.21" the server will immediately update to the specified version on startup if it's not already at this version. |
-| SessionKey | This is the encryption key used to secure the user"s login session. It will encrypt the browser cookie. By default, this value is randomly generated each time the server starts. If many servers are used with a load balancer, all servers should use the same session key. In addition, one can set this key so that when the server restarts, users do not need to re-login to the server. |
-| Minify | Default value is 0, when set to 1 the server will serve "minified" web pages, that is, web pages that have all comments, white spaces and other unused characters removed. This reduces the data size of the web pages by about half and reduced the number requests made by the browser. The source code of the web page will not be easily readable, adding "&nominify=1" at the end of the URL will override this option. |
-| User | Specify a username that browsers will be automatically logged in as. Useful to skip the login page and password prompts. Used heavily during development of MeshCentral. |
-| NoUsers | By default this option is "false" and if set to "true", server will only accept users from localhost (127.0.0.1) and will not have a login page. Instead, a single user is always logged in. This mode is useful if user opts to setup MeshCentral as a local tool instead of as a multi-user server |
-| MpsCert | Specifies the official name of the Intel AMT MPS server. If not specified, this is the same as the official server name specified by "cert". This option is generally used with MPS aliasing, see the "Server port aliasing" section for more information. |
-| MpsAliasPort | Specify an alias port for the MPS server. See the section on "Server port aliasing" for use of this option.
-| ExactPorts | If this option is set to "true", only the exact port will be used. By default, if a port is in use, the server will try to bind the next available higher port. This is true for the "port", "redirport" and "mpsport" settings. |
-| Lanonly | Server"s default mode if not set with "--cert" option. If this option is set to "true", Intel" AMT MPS will be disabled, server name and fixed IP option will be hidden. Mesh agents will search for the server using multicast on the network. |
-| Wanonly | A recommended option when running MeshCentral in the cloud. If set to "true", server will run as a cloud service and assumes LAN features are disabled. For this option to work, the server must have a fixed IP or DNS record using the "--cert"" option. In this mode, LAN discovery features are disabled. |
-| AllowFraming | By default is set to "false". If set to "true", web pages will be served in a way that allows them to be placed within an iframe of another web page. This is useful when you wish to add MeshCentral features into another website. |
-| AllowLoginToken | By default is set to "false". If set to "true", the server allows login tokens to be used in the URL as a replacement for user login. This is useful along with "allowFraming" option to embed MeshCentral features into another website. |
-| MongoDB | Used to specify the MongoDB connection string. If not specified, MeshCentral will use the NeDB database with the file meshcentral.db in the meshcentral-data folder. To setup MongoDB, please refer to the Database section of this document. |
-| MongoDBCol | Used to specify the MongoDB collection name in the database. By default this value is "meshcentral". See Database section for more details on MongoDB setup.
-| DbEncryptKey | Specifies a password used to encrypt the database when NeDB is in use. If wanting to encrypt an existing database, use the "dbexport" and "dbimport" to save and reload the database with the encryption password set. |
-| WebRTC | Set to "true" or "false" depending if you want to allow the server to setup WebRTC communication. If WebRTC is setup, management traffic will flow directly between the browser and mesh agent, bypassing the server completely. The default is false now, but will be switched to true when WebRTC is ready for production. |
-| ClickOnce | Set to "true" or "false" to allow or disallow browser ClickOnce features. When enabled, browsers running on Windows will be shown extra options to allow RDP and other sessions thru the MeshCentral server. This requires ClickOnce browser support that is built-in to IE and available as add-in to Chrome and Firefox. Default is true. |
+| **Setting** | **Description** |
+|------------------|-----------------|
+| **Cert** | Sets the DNS name of the server. If this name is not set, the server will run in "LAN mode". When set, the server"s web certificate will use this name and the server will instruct agents and browsers to connect to that DNS name. You must set a server DNS name to run in "WAN mode". MeshCentral will not configure your DNS server. The DNS name must be configured separately. |
+| **Port** | This sets the main web port used by the MeshCentral server and it"s the same port that users and mesh agents will connect to. The default port is 443, but if the port is busy, the next available higher port is used (.e.g. 444) |
+| **AliasPort** | Sets the main port that will be used by the server externally. By default is the same as "Port" above, but can be set to be different when next. See "Server port aliasing" section for more details. |
+| **RedirPort** | This is the port for redirecting traffic in the web server. When the server is configured with HTTPS, users that uses HTTP will be redirected to HTTPS. Port 80 is the default port. So, redirection will happen from port 80 to port 443. |
+| **MpsPort** | Port for Intel" AMT Management Presence Server to receive Intel" AMT CIRA (Client Initiated Remote Access) connections. The default is port 4433. This port is disabled in LAN mode. If user don"t plan on using Intel" AMT for management, this port can be left as-is. |
+| **TLSOffload** | By default this option is set to "false". If set to "true", server will run both web port and the Intel AMT MPS port without TLS with the assumption that a TLS offloading is taking care of this task. For further details, see the "TLS Offloading" section. This option can also be set to the IP address of the reverse-proxy in order to indicate to MeshCental to only trust HTTP X-Forwarded headers coming from this IP address. See the "Reverse-Proxy Setup" section for an example.|
+| **SelfUpdate** | When set to "true" the server will check for a new version and attempt to self-update automatically a bit after midnight local time every day. If set to a specific version such as "1.1.21" the server will immediately update to the specified version on startup if it's not already at this version. |
+| **SessionKey** | This is the encryption key used to secure the user"s login session. It will encrypt the browser cookie. By default, this value is randomly generated each time the server starts. If many servers are used with a load balancer, all servers should use the same session key. In addition, one can set this key so that when the server restarts, users do not need to re-login to the server. |
+| **Minify** | Default value is 0, when set to 1 the server will serve "minified" web pages, that is, web pages that have all comments, white spaces and other unused characters removed. This reduces the data size of the web pages by about half and reduced the number requests made by the browser. The source code of the web page will not be easily readable, adding "&nominify=1" at the end of the URL will override this option. |
+| **User** | Specify a username that browsers will be automatically logged in as. Useful to skip the login page and password prompts. Used heavily during development of MeshCentral. |
+| **NoUsers** | By default this option is "false" and if set to "true", server will only accept users from localhost (127.0.0.1) and will not have a login page. Instead, a single user is always logged in. This mode is useful if user opts to setup MeshCentral as a local tool instead of as a multi-user server |
+| **MpsCert** | Specifies the official name of the Intel AMT MPS server. If not specified, this is the same as the official server name specified by "cert". This option is generally used with MPS aliasing, see the "Server port aliasing" section for more information. |
+| **MpsAliasPort** | Specify an alias port for the MPS server. See the section on "Server port aliasing" for use of this option. |
+| **ExactPorts** | If this option is set to "true", only the exact port will be used. By default, if a port is in use, the server will try to bind the next available higher port. This is true for the "port", "redirport" and "mpsport" settings. |
+| **Lanonly** | Server"s default mode if not set with "--cert" option. If this option is set to "true", Intel" AMT MPS will be disabled, server name and fixed IP option will be hidden. Mesh agents will search for the server using multicast on the network. |
+| **Wanonly** | A recommended option when running MeshCentral in the cloud. If set to "true", server will run as a cloud service and assumes LAN features are disabled. For this option to work, the server must have a fixed IP or DNS record using the "--cert"" option. In this mode, LAN discovery features are disabled. |
+| **AllowFraming** | By default is set to "false". If set to "true", web pages will be served in a way that allows them to be placed within an iframe of another web page. This is useful when you wish to add MeshCentral features into another website. |
+| **AllowLoginToken** | By default is set to "false". If set to "true", the server allows login tokens to be used in the URL as a replacement for user login. This is useful along with "allowFraming" option to embed MeshCentral features into another website. |
+| **MongoDB** | Used to specify the MongoDB connection string. If not specified, MeshCentral will use the NeDB database with the file meshcentral.db in the meshcentral-data folder. To setup MongoDB, please refer to the Database section of this document. |
+| **MongoDBCol** | Used to specify the MongoDB collection name in the database. By default this value is "meshcentral". See Database section for more details on MongoDB setup. |
+| **DbEncryptKey** | Specifies a password used to encrypt the database when NeDB is in use. If wanting to encrypt an existing database, use the "dbexport" and "dbimport" to save and reload the database with the encryption password set. |
+| **WebRTC** | Set to "true" or "false" depending if you want to allow the server to setup WebRTC communication. If WebRTC is setup, management traffic will flow directly between the browser and mesh agent, bypassing the server completely. The default is false now, but will be switched to true when WebRTC is ready for production. |
+| **ClickOnce** | Set to "true" or "false" to allow or disallow browser ClickOnce features. When enabled, browsers running on Windows will be shown extra options to allow RDP and other sessions thru the MeshCentral server. This requires ClickOnce browser support that is built-in to IE and available as add-in to Chrome and Firefox. Default is true. |
-!!!important
- Changes in config.json will NOT take effect until server is restarted.
+!!! important
+ Changes in config.json will NOT take effect until server is restarted.
-**Note**: We recommend the user to use a non-production server to experiment the setting options above.
+---
+
+> **đ Note :**
+
+> We recommend the user to use a non-production server to experiment the setting options above.
+
+---
### Domains
-In the domains section, you can set options for the default domain ("") in addition to creating new domains to establish a multi-tenancy server. For standard configuration, the root domain and other domains will be accessible like this:
+In the domains section, you can set options for the default domain ("") in addition to creating new domains to establish a multi-tenancy server. For standard configuration, the root domain and other domains will be accessible like this :
-https://servername:8080/ <- default domain
-https://servername:8080/customer1 <- customer1 domain
+ - đ [https://servername:8080/](https://servername:8080/) â *Default domain*
-https://servername:8080/customer2 <- customer2 domain
+ - đ [https://servername:8080/customer1](https://servername:8080/customer1) â *Customer1 domain*
-When a user setup many domains, the server considers each domain separately and each domain has separate user accounts, administrators, etc. If a domain has no users, the first created account will be administrator for that domain. Each domain has sub-settings as follows:
+ - đ [https://servername:8080/customer2](https://servername:8080/customer2) â *Customer2 domain*
-| Sub Settings | Description |
+
+When a user setup many domains, the server considers each domain separately and each domain has separate user accounts, administrators, etc. If a domain has no users, the first created account will be administrator for that domain.
+
+Each domain has sub-settings as follows:
+
+| ***Sub Settings*** | ***Description*** |
| -------------- | -------- |
-| Title & Title2 | This are the strings that will be displayed at the banner of the website. By default title is set to âMeshCentralâ and title2 is set to a version number |
-| UserQuota | This is the maximum amount of data in kilobytes that can be placed in the âMy Filesâ tab for a user account. |
-| MeshQuota | This is the maximum amount of data in kilobytes that can be placed in the âMy Filesâ tab for a given mesh |
-| NewAccounts | If set to zero (0) | only the administrator of this domain can create new user accounts. If set to one (1), anyone that can access the login page can create new user account |
-| UserAllowedIP | Allows user to set a list of allowed IP addresses. See section on server IP filtering. |
-| Auth | This mode is often used in corporate environments. When server is running on Windows and this value is set to âsspiâ, domain control authentication to the website is performed. In this mode, no login screen is displayed and browser will authenticate using the userâs domain credentials. |
-| Dns | The DNS record for this domain. If specified, the domain is accessed using a DNS record like âcustomer1.servername.comâ instead of âservername/customer1â. This feature requires the DNS server to be configured to point this server with a valid DNS record. |
-| CertUrl | Load the TLS certificate for this domain from this https url. For example âhttps://127.0.0.1:123â. This option is useful when used along with the âTlsOffloadâ option. When MeshCentral is not doing any TLS but has a reverse-proxy or TLS offload device doing this work in front of the server, you can use this to have MeshCentral load the certificate from the server in front of MeshCentral.
This is needed because when agents connect, they need to be told that the certificate they saw upon connecting is the correct one. Using this, MeshCentral will know what certificate the agents are expected to see. |
-| PasswordRequirements | Used to specify the minimum password requirements for user authentication to this domain. By default, no password requirements are enforced but the user will see a password strength indicator that is not backed by any verifiable data.
This indicated that passwords must be at least 8 characters long and have at least one upper case, one lower case, one numeric and one non-alphanumeric character. You can also set the maximum length of the password, however MeshCentral has already a limit of 256 characters. Specifying anything above this will have no effect.
Note that password requirements for IntelÂŽ AMT are defined by Intel and so, IntelÂŽ AMT passwords will always be verified using a separate set of requirements. |
+| **Title & Title2** | This are the strings that will be displayed at the banner of the website. By default title is set to âMeshCentralâ and title2 is set to a version number |
+| **UserQuota** | This is the maximum amount of data in kilobytes that can be placed in the âMy Filesâ tab for a user account. |
+| **MeshQuota** | This is the maximum amount of data in kilobytes that can be placed in the âMy Filesâ tab for a given mesh |
+| **NewAccounts** | If set to zero (0) | only the administrator of this domain can create new user accounts. If set to one (1), anyone that can access the login page can create new user account |
+| **UserAllowedIP** | Allows user to set a list of allowed IP addresses. See section on server IP filtering. |
+| **Auth** | This mode is often used in corporate environments. When server is running on Windows and this value is set to âsspiâ, domain control authentication to the website is performed. In this mode, no login screen is displayed and browser will authenticate using the userâs domain credentials. |
+| **Dns** | The DNS record for this domain. If specified, the domain is accessed using a DNS record like âcustomer1.servername.comâ instead of âservername/customer1â. This feature requires the DNS server to be configured to point this server with a valid DNS record. |
+| **CertUrl** | Load the TLS certificate for this domain from this https url. For example âhttps://127.0.0.1:123â. This option is useful when used along with the âTlsOffloadâ option. When MeshCentral is not doing any TLS but has a reverse-proxy or TLS offload device doing this work in front of the server, you can use this to have MeshCentral load the certificate from the server in front of MeshCentral.
This is needed because when agents connect, they need to be told that the certificate they saw upon connecting is the correct one. Using this, MeshCentral will know what certificate the agents are expected to see. |
+| **PasswordRequirements** | Used to specify the minimum password requirements for user authentication to this domain. By default, no password requirements are enforced but the user will see a password strength indicator that is not backed by any verifiable data.
This indicated that passwords must be at least 8 characters long and have at least one upper case, one lower case, one numeric and one non-alphanumeric character. You can also set the maximum length of the password, however MeshCentral has already a limit of 256 characters. Specifying anything above this will have no effect.
Note that password requirements for IntelÂŽ AMT are defined by Intel and so, IntelÂŽ AMT passwords will always be verified using a separate set of requirements. |
-**Note**: When the DNS value is set for a domain, user canât access the domain using âservername/customer1â instead it must be accessed with the valid DNS record and the DNS server should be setup to have two or more DNS records pointing to the same IP address.
+---
+
+> **đ Note :**
+
+> When the DNS value is set for a domain, user canât access the domain using âservername/customer1â instead it must be accessed with the valid DNS record and the DNS server should be setup to have two or more DNS records pointing to the same IP address.
+
+---
In this mode, the server will serve a different TLS certificate depending on what DNS record is used to access the server.
-
+
As shown in the example above, we have two names that point to the same IP address. Since the configuration specifies the âdnsâ value, the second domain is only shown when the right name is used. We use âmeshcentralâ and âdevboxâ for DNS names, but in practice the user will use fully qualified domain names (FQDN) like âmeshcentral.comâ or âdevbox.meshcentral.comâ.
-## Server Peering
+## đ¤ Server Peering
MeshCentral supports server peering. User could setup up many servers to share the task of handling incoming connections from managed clients and consoles. For server peering to function, all servers must have access to the same database, use the same certificates, the same configuration (with the exception of the server name) and servers must be able to communicate with each other behind a load balancer.
-
+
Hence, the user is expected to have good understanding on networking, server administration and applications to accomplish this setup. This document will not get into the details of setting up a load-balancer.
-!!!recommended
+!!! Recommended
Before setting up MeshCentral peering, database migration from NeDB database to MongoDB with replication/sharding option enabled is highly recommend. See: Setting up MeshCentral with MongoDB (section 8.4)
-
+
The setup flow above guides the user to pull together server peering setup with Meshcentral. (2) Shared storage is compulsory to host user files and it must be accessible from all of the servers. If the server is expected for critical work, replicated shared storage should be considered.
When Meshcentral is ready for peering setup (5), replicate the âmeshcentral-dataâ directory on each server and configure the âpeersâ section of the config.json file as shown below.
-```
+```json
{
"peers": {
"serverId" : "Server1",
@@ -297,25 +358,25 @@ When Meshcentral is ready for peering setup (5), replicate the âmeshcentral-da
}
```
-The configuration above assumes that server1 has an IP address of â192.168.1.100â and server2 has â192.168.1.101â respectively. The "serverId" value is a short and unique identifier for each server and it is optional. If it's not specified, the computer hostname is used instead.
+The configuration above assumes that server1 has an IP address of `192.168.1.100` and server2 has `192.168.1.101` respectively. The "serverId" value is a short and unique identifier for each server and it is optional. If it's not specified, the computer hostname is used instead.
-The âserversâ section of the configuration file should have the identifier of the server followed by each websocket URL and port (generally 443) of the peer servers. If the servers are running with â--tlsoffloadâ, then use âws://â for the URL instead of âwss://â.
+The âserversâ section of the configuration file should have the identifier of the server followed by each websocket URL and port (generally 443) of the peer servers. If the servers are running with `--tlsoffload`, then use âws://â for the URL instead of `wss://`.
When the MongoDB is setup for the first time, a unique identifier is generated and written into the DB. To prevent situations where two servers with different database from peering together, during peering process, each server will validate among each other if they have the same unique DB identifier. Peering connection will only succeed if this condition is met.
Once peered, all of the servers should act like one single host, no matter which server the user(s) are connected to.
-## Email Setup
+## đ§ Email Setup
We highly recommend the use of an email server (SMTP) because we could allow MeshCentral to verify user accountâs email address by sending a confirmation request to the user to complete the account registration and for password recovery, should a user forget account password as illustrated below
A verification email is sent when a new account is created or if the user requests it in the âMy Accountâ tab.
-
+
The password recovery flow when âReset Accountâ is triggered at the login page.
-
+
Both account verification and password recovery are triggered automatically once SMTP mail server configuration is included into the config.json file.
@@ -343,9 +404,9 @@ Some SMTP servers will require a valid username and password to login to the mai
##### Gmail
-One option is to configure MeshCentral work with Google Gmail by setting âhostâ with smtp.gmail.com, and âportâ with 587. In the config.json file, use userâs Gmail address for both âfromâ and âuserâ and Gmail password in the âpassâ value. You will also need to enable âLess secure app accessâ in for this Google account. Itâs in the account settings, security section:
+One option is to configure MeshCentral work with Google Gmail by setting `host` with smtp.gmail.com, and `port` with 587. In the config.json file, use userâs Gmail address for both `from` and âuserâ and Gmail password in the âpassâ value. You will also need to enable âLess secure app accessâ in for this Google account. Itâs in the account settings, security section:
-
+
If a Google account is setup with 2-factor authentication, the option to allow less secure applications not be available. Because the Google account password is in the MeshCentral config.json file and that strong authentication canât be used, itâs preferable to use a dedicated Google account for MeshCentral email.
@@ -356,27 +417,27 @@ Google has announced that less secure app access will be phased out. For Google
Start by visiting the Google API console:
-https://console.developers.google.com/
+> đ [Google Developers Console](https://console.developers.google.com/)
First, you will create a new project. Name it something unique in case you need to create more in the future. In this example, I've named the project "MeshCentral"
-
+
Click on the "OAuth Consent Screen" link, Under "APIs and Services" from the left hand menu:
-
+
If you have a Google Workspace account, you will have the option to choose "Internal" application and skip the next steps. If not, you will be required to provide Google with information about why you want access, as well as verifying domain ownership.
-
+
Add the Gmail address under which you have created this project to the fields labelled âUser support emailâ and âDeveloper contact informationâ so that you will be allowed for authentication. After that, you will want to add a scope for your app, so that your token is valid for gmail:
-
+
Once this is complete, the next step will be to add credentials.
-
+
Choose OAuth Client
@@ -388,11 +449,11 @@ https://developers.google.com/oauthplayground
-Enter your Client ID and secret from the last step. On the left side of the page, you should now see a text box that allows you to add your own scopes. Enter https://mail.google.com and click Authorize API.
+Enter your Client ID and secret from the last step. On the left side of the page, you should now see a text box that allows you to add your own scopes. Enter `https://mail.google.com` and click Authorize API.
You will need to follow the instructions provided to finish the authorization process. Once that is complete, you should receive a refresh token. The refresh token, Client ID and Client Secret are the final items we need to complete the SMTP section of our config.json. It should now look something like this:
-```
+```json
"smtp": {
"host": "smtp.gmail.com",
"port": 587,
@@ -412,16 +473,16 @@ You will need to follow the instructions provided to finish the authorization pr
Regardless of what SMTP account is used, MeshCentral will perform a test connection to make sure the server if working as expected when starting. Hence, the user will be notified if Meshcentral and SMTP server has been configured correctly as shown below.
-
+
After successfully configuring the Gmail SMTP server, switch the OAuth 'Publishing Status' from `Testing` to `In Production`. This step prevents the need for frequent refresh token generation. Verification of your project isn't required to make this change.
-
+
-## Database
+## đ˘ď¸ Database
-A critical component of MeshCentral is the database. The database stores all of the user account information, groups and node data, historical power and event, etc. By default MeshCentral uses NeDB (https://github.com/louischatriot/nedb) that is written entirely in NodeJS and is setup automatically when MeshCentral is installed with the npm tool. The file âmeshcentral.dbâ will be created in the âmeshcentral-dataâ folder when MeshCentral is first launched. This database works well for small deployments scenarios.
+A critical component of MeshCentral is the database. The database stores all of the user account information, groups and node data, historical power and event, etc. By default MeshCentral uses [NeDB](https://github.com/louischatriot/nedb) that is written entirely in NodeJS and is setup automatically when MeshCentral is installed with the npm tool. The file `meshcentral.db` will be created in the âmeshcentral-dataâ folder when MeshCentral is first launched. This database works well for small deployments scenarios.
Besides NeDB, MeshCentral fully supports MongoDB for larger deployments or deployments that require robust reliability or load-balancing. In this section we will see look at how to export and import the database file with a JSON file and how to configure MongoDB.
@@ -429,87 +490,103 @@ Besides NeDB, MeshCentral fully supports MongoDB for larger deployments or deplo
User could use a practical approach to migrate from NeDB to MongoDB, by exporting the entire content of the existing NeDB into JSON file, setup the new MongoDB and import that JSON file to create the schemas in MongoDB.
-To export the database, stop the MeshCentral server and run the server again with â--dbexportâ and a JSON file called âmeshcentral.db.jsonâ will be created in the âmeshcentral-dataâ folder as shown below.
+To export the database, stop the MeshCentral server and run the server again with `--dbexport` and a JSON file called `meshcentral.db.json` will be created in the `meshcentral-data` folder as shown below.
-
+
Alternatively, user can also specify the full export path for the JSON file as shown below.
-
+
### Database Import
Importing the MeshCentral database is useful when transitioning between database softwares (NeDB to/from MongoDB) or when importing the database from MeshCentral1 via migration tool.
-!!!important
+!!! important
Importing a JSON file will overwrite the entire content of the database. A starting empty database is recommended.
-When you are ready to import a JSON file into the database, run meshcentral with â--dbimport" as shown below. If path is not specified, the application will default to use âmeshcentral.db.jsonâ that is in âmeshcentral-dataâ folder.
+When you are ready to import a JSON file into the database, run meshcentral with `--dbimport` as shown below. If path is not specified, the application will default to use `meshcentral.db.json` that is in `meshcentral-data` folder.
-
+
Alternatively, user can specify the full path of the import JSON as shown below.
-
+
### Viewing the Database
For debugging purposes, Meshcentral allow users to have quick preview of certain frequently accessed data in the database with the following options:
-| Option | Description |
+| ***Option*** | ***Description*** |
| ------------ | -------------------------------------- |
-| --showusers | List of all users in the database. |
-| --showmeshes | List of all meshes in the database. |
-| --shownodes | List of all nodes in the database |
-| --showevents | List all events in the database |
-| --showpower | List all power events in the database. |
-| --showall | List all records in the database. |
+| **`--showusers`** | List of all users in the database. |
+| **`--showmeshes`** | List of all meshes in the database. |
+| **`--shownodes`** | List of all nodes in the database |
+| **`--showevents`** | List all events in the database |
+| **`--showpower`** | List all power events in the database. |
+| **`--showall`** | List all records in the database. |
-For example, you can show the list of users with the â--showusers"
+For example, you can show the list of users with the `--showusers`
-
+
### MongoDB Setup
MongoDB is useful when setting up MeshCentral for two or more peer servers given that all peer servers much have access to the same database. NeDB and MongoDB have similar access interfaces hence the DB migration from one to the other is straight forward. Installing MongoDB depends on its host OS so do check for available download options at mongodb.com.
In this guide, we will focus on the 64-bit windows with SSL support installer.
-
+
After completing the installation step,
1. Stop any instance of Meshcentral that is running locally or in any machine
2. Start a terminal or Windows Command prompt (CMD),
3. Create a folder âc:\data\dbâ
-4. Go to the MongoDB bin folder and run âmongod --bind 127.0.0.1â.
+4. Go to the MongoDB bin folder and run `mongod --bind 127.0.0.1`.
- This execute the database engine and store the database data in the default location â/data/dbâ path and bind a loopback on the local port â127.0.0.1â.
+ This execute the database engine and store the database data in the default location â/data/dbâ path and bind a loopback on the local port â127.0.0.1â.
+ ---
- **Note**: Refer to MongoDB documentation to allow database to run in the background or experiment with alternate configurations.
+ > **đ Note :**
- 
+ > We recommend the user to use a non-production server to experiment the setting options above.
+ ---
- **Note**: Upon successful execution, MongoDB will wait for connections on its default port 27017.
+ 
+
+ ---
+
+ > **đ Note :**
+
+ > Upon successful execution, MongoDB will wait for connections on its default port 27017.
+
+ ---
5. Now run MeshCentral with the command below, it will tell Meshcentral to connect to MongoDB and use âmeshcentralâ DB. MongoDB will create this DB if it does not exist.
- ```
+ ```bash
node meshcentral --mongodb mongodb://127.0.0.1:27017/meshcentral
```
- 
+ 
-6. Alternatively, to transition an existing meshcentral DB from NeDB and to MongoDB, just run the command below:
+6. Alternatively, to transition an existing meshcentral DB from NeDB and to MongoDB, just run commands below:
+ ```bash
+ node meshcentral --dbexport
```
- node meshcentral --dbexport
+
+ ```bash
node meshcentral --mongodb mongodb://127.0.0.1:27017/meshcentral --dbimport
+ ```
+
+ ```bash
node meshcentral --mongodb mongodb://127.0.0.1:27017/meshcentral
```
7. We recommend the user to include MongoDB configuration into the serverâs configuration âconfig.jsonâ to avoid specifying the â--mongodb" each time MeshCentral is executed as shown below
- ```
+ ```json
{
"settings": {
"mongodb": "mongodb://127.0.0.1:27017/meshcentral",
@@ -518,7 +595,13 @@ After completing the installation step,
}
```
-**Note**: By default, MeshCentral will create a single collections called âmeshcentralâ in the specified database. If user want to specify a different collection name, use â--mongodbcol" or âmongodbcolâ for settings like shown above.
+---
+
+> **đ Note :**
+
+> By default, MeshCentral will create a single collections called âmeshcentralâ in the specified database. If user want to specify a different collection name, use â--mongodbcol" or âmongodbcolâ for settings like shown above.
+
+---
If you are using MongoDB with authentication, you can change the URL a little to add the username and password, for example:
@@ -532,49 +615,51 @@ You can also provide extra connection parameters like this:
mongodb://username:password@127.0.0.1:27017/meshcentral?authMechanism=MONGODB-CR&authSource=db
```
-## Running State-less
+## đ Running State-less
-By default, MeshCentral will read its configuration information from the âmeshcentral-dataâ folder. The most important file in that folder being the âconfig.jsonâ file, but the folder also contains certificates, branding images, terms of service and more.
+By default, MeshCentral will read its configuration information from the `meshcentral-data` folder. The most important file in that folder being the `config.json` file, but the folder also contains certificates, branding images, terms of service and more.
-
+
After the configuration is read, MeshCentral will connect to its database and continue to start the server. For most userâs this is a perfectly acceptable way to setup the server. However, in some cases, itâs advantageous to setup the server âstate-lessâ. That is, there is no local configuration files at all and everything is in the database. Two examples of this would be when running MeshCentral is a Docker container where we donât want the container to have any state or for compliance with security specifications where the database is âencrypted at restâ. In this cases, we will load the configuration files into the database and MeshCentral will only be told how to connect to the database.
-
+
When loading configuration information into the database, MeshCentral requires that a configuration file password be used to encrypt the configuration files in the database. This provides an additional layer of security on top of any authentication and security already provided by the database, if such security has been setup.
To make this happen, we will be using the following command line options from MeshCentral:
-| Command | Description |
+| ***Command*** | ***Description*** |
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| --configkey (key) | Specifies the encryption password that will be used to read or write the configuration files to the database. |
-| --dblistconfigfiles | List the names and size of all configuration files in the database. |
-| --dbshowconfigfile (filename) | Show the content of a specified filename from the database. --configkey is required. |
-| --dbdeleteconfigfiles | Delete all configuration files from the database. |
-| --dbpushconfigfiles '*' or (folder path) | Push a set of configuration files into the database, removing any existing files in the process. When * is specified, the âmeshcentral-dataâ folder up pushed into the database. --configkey is required. |
-| --dbpullconfigfiles (folder path) | Get all of the configuration files from the database and place them in the specified folder. Files in the target folder may be overwritten. --configkey is required. |
-| --loadconfigfromdb (key) | Runs MeshCentral server using the configuration files found in the database. The configkey may be specified with this command or --configkey can be used. |
+| **`--configkey (key)`** | Specifies the encryption password that will be used to read or write the configuration files to the database. |
+| **`--dblistconfigfiles`** | List the names and size of all configuration files in the database. |
+| **`--dbshowconfigfile (filename)`** | Show the content of a specified filename from the database. --configkey is required. |
+| **`--dbdeleteconfigfiles`** | Delete all configuration files from the database. |
+| **`--dbpushconfigfiles '*' or (folder path)`** | Push a set of configuration files into the database, removing any existing files in the process. When * is specified, the âmeshcentral-dataâ folder up pushed into the database. --configkey is required. |
+| **`--dbpullconfigfiles (folder path)`** | Get all of the configuration files from the database and place them in the specified folder. Files in the target folder may be overwritten. --configkey is required. |
+| **`--loadconfigfromdb (key)`** | Runs MeshCentral server using the configuration files found in the database. The configkey may be specified with this command or --configkey can be used. |
-Once we have MeshCentral running as expected using the âmeshcentral-dataâ folder, we can simply push that configuration into the database and run using the database alone like this:
+Once we have MeshCentral running as expected using the `meshcentral-data` folder, we can simply push that configuration into the database and run using the database alone like this:
-```
+```bash
node ./node_modules/meshcentral --dbpushconfigfiles '*' --configkey mypassword
+```
+```bash
node ./node_modules/meshcentral --loadconfigfromdb mypassword --mongodb "mongodb://127.0.0.1:27017/meshcentral"
```
-This first line will load many of the âmeshcentral-dataâ files into the database. At this point, we can back up the âmeshcentral-dataâ folder and remove it. Then run the second line to start the server. Here we use MongoDB, but if one uses NeDB, the âmeshcentral.dbâ file in the âmeshcentral-dataâ folder will still be needed.
+This first line will load many of the âmeshcentral-dataâ files into the database. At this point, we can back up the `meshcentral-data` folder and remove it. Then run the second line to start the server. Here we use MongoDB, but if one uses NeDB, the `meshcentral.db` file in the âmeshcentral-dataâ folder will still be needed.
Note that MeshCentral does not currently support placing a Letâs Encrypt certificate in the database. Generally, one would use a reverse proxy with Letâs Encrypt support and TLS offload in the reverse proxy and then run MeshCentral in state-less mode in a Docket container.
-## Commandline Options
+## â¨ď¸ Commandline Options
In general, doing `--option value` is the same as adding `"option": value` in the settings section of the config.json.
Here are the most common options found by running `meshcentral --help`
-```
+```text
Run as a background service
--install/uninstall Install MeshCentral as a background service.
--start/stop/restart Control MeshCentral background service.
@@ -596,37 +681,43 @@ Server recovery commands, use only when MeshCentral is offline.
--adminaccount [userid] Promote account to site administrator.
```
-## TLS Offloading
+## đ TLS Offloading
A good way for MeshCentral to handle a high traffic is to setup a TLS offload device at front of the server that takes care of doing all the TLS negotiation and encryption so that the server could offload this. There are many vendors who offer TLS or SSL offload as a software module (Nginx* or Apache*) so please contact your network administrator for the best solution that suits your setup.
As shown in the picture below, TLS traffic will come from the Internet and security will be handled by a device ahead of the server and MeshCentral only has to deal with TCP connections.
-
+
-To make this work, it is important the server is setup with â--tlsoffloadâ. This indicates the server that TLS is already being taken care of and MeshCentral does not have to deal with it. MeshCentral will continue to listen to port 80, 443 and 4433.
+To make this work, it is important the server is setup with `--tlsoffload`. This indicates the server that TLS is already being taken care of and MeshCentral does not have to deal with it. MeshCentral will continue to listen to port 80, 443 and 4433.
However, incoming port 443 (main web port) and 4433 (IntelÂŽ AMT MPS port) will not have TLS but MeshCentral will still put many HTTPS flags in its responses on port 443. By default, if a user accesses http://127.0.0.1:443 without TLS offloader setting, the browser is expected to display warnings. To make this work, TLS offloader deviceâs ports and functions should be configured correctly like below
-| Port | Function Description |
+| ***Port*** | ***Function Description*** |
| ---- | ---------------------------------------------------------------------- |
-| 80 | Directly forwards port 80 to MeshCentral port 80 |
-| 443 | Handle TLS using a web certificate and forward to MeshCentral port 443 |
-| 4433 | Handle TLS using MPS certificate and forward to MeshCentral port 4433 |
+| **80** | Directly forwards port 80 to MeshCentral port 80 |
+| **443** | Handle TLS using a web certificate and forward to MeshCentral port 443 |
+| **4433** | Handle TLS using MPS certificate and forward to MeshCentral port 4433 |
-If possible, port 443 should be configured with a legitimate trusted certificate and the public part of the certificate named as âwebserver-cert-public.crtâ must be placed inside of âmeshcentral-dataâ folder of the server. When the server is executed in tlsoffload mode, only the public part of the web certificate is used by the server.
+If possible, port 443 should be configured with a legitimate trusted certificate and the public part of the certificate named as `webserver-cert-public.crt` must be placed inside of `meshcentral-data` folder of the server. When the server is executed in tlsoffload mode, only the public part of the web certificate is used by the server.
-For IntelÂŽ AMT MPS port 4433, the certificate files âmpsserver-cert-public.crtâ and âmpsserver-cert-public.keyâ must be copied from the âmeshcentral-dataâ folder and loaded into the TLS offload module.
+For IntelÂŽ AMT MPS port 4433, the certificate files âmpsserver-cert-public.crtâ and âmpsserver-cert-public.keyâ must be copied from the âmeshcentral-dataâ folder and loaded into the TLS offload module.
-Note: Please consult the TLS offloader user manual from the respective vendor to configure TLS offloading feature correctly.
+ ---
-## Letâs Encrypt support
+ > **đ Note :**
-MeshCentral makes use of HTTPS to authenticate and encrypt management traffic over the network. By default, a self-signed certificate is used for the MeshCentral HTTPS server. That certificate is not trusted by browsers and so, you get a warning message when visiting the web site. You can solve this but obtaining a free trusted certificate from Letâs Encrypt (https://letsencrypt.org/). There are some limitations and so, itâs best to get familiar with this service before starting. You will also need a valid domain name that you own and that points to your MeshCentral server.
+ > Please consult the TLS offloader user manual from the respective vendor to configure TLS offloading feature correctly.
-
+ ---
-Before moving forward with this section, make sure your MeshCentral server is working correctly, has a domain name pointing to it and that the HTTP redirection server on port 80 is enabled and working. MeshCentralâs HTTP port 80 server will be used in the process to prove to Letâs Encrypt that we have control over the domain. At any point, you may try to use https://letsdebug.net/ to see if your domain is setup correctly and/or debug any issues. When ready, add the âletsencryptâ section to the config.json file like this:
+## đ Letâs Encrypt support
+
+MeshCentral makes use of HTTPS to authenticate and encrypt management traffic over the network. By default, a self-signed certificate is used for the MeshCentral HTTPS server. That certificate is not trusted by browsers and so, you get a warning message when visiting the web site. You can solve this but obtaining a free trusted certificate from [Let's Encrypt](https://letsencrypt.org/). There are some limitations and so, itâs best to get familiar with this service before starting. You will also need a valid domain name that you own and that points to your MeshCentral server.
+
+
+
+Before moving forward with this section, make sure your MeshCentral server is working correctly, has a domain name pointing to it and that the HTTP redirection server on port 80 is enabled and working. MeshCentralâs HTTP port 80 server will be used in the process to prove to Letâs Encrypt that we have control over the domain. At any point, you may try to use [letsdebug.net](https://letsdebug.net/) to see if your domain is setup correctly and/or debug any issues. When ready, add the âletsencryptâ section to the config.json file like this:
```json
{
@@ -644,7 +735,7 @@ Before moving forward with this section, make sure your MeshCentral server is wo
The only mandatory field is the email address, please enter a valid one.
-The names section is a list of domain names the requested certificate will be valid for. This must be a list of DNS names that are already pointing to your server. Itâs important to understand you are not requesting these DNS names, rather, Letâs Encrypt will makes requests to prove control over all of these domain name before issuing the certificate. All the domain names you enter must point to the server and HTTP port 80 must be reachable over the internet. If you donât specify names, the default MeshCentral certificate name is used, that is the configured â--cert [name]â.
+The names section is a list of domain names the requested certificate will be valid for. This must be a list of DNS names that are already pointing to your server. Itâs important to understand you are not requesting these DNS names, rather, Letâs Encrypt will makes requests to prove control over all of these domain name before issuing the certificate. All the domain names you enter must point to the server and HTTP port 80 must be reachable over the internet. If you donât specify names, the default MeshCentral certificate name is used, that is the configured `--cert [name]`.
The RSA key size can only be 2048 or 3072, with the default being 3072. This is the number of bit used for the RSA key in the certificate. Bigger is more secure, but takes more time to compute.
@@ -652,26 +743,26 @@ Lastly the production key, by default this is false. When set to false, MeshCent
The Letâs Encrypt certificates and files will be created in the âmeshcentral-dataâ folder. Make sure to keep regular backups of the âmeshcentral-dataâ folder and all sub-folders.
-
+
Once you placed the âletsencryptâ section in config.json, restart the server. The request to the Letâs Encrypt server may take a few minutes to a few hours. Itâs best to have your DNS server name pointing to your server for over a day before doing this. Once the new certificate is received, the server will automatically restart and browsing to HTTPS on your server will show the new certificate. Here is what it looks like on FireFox:
-
+
If you successfully setup a Letâs Encrypt certificate using the Letâs Encrypt staging server (âproductionâ: false) and everything looks good, stop the server, remove the âletsencryptâ folder in âmeshcentral-dataâ, change production to âtrueâ and start the server again. You should get a real certificate in a few minutes to a few hours. MeshCentral will automatically renew the certificate a few days before it expires. The MeshCentral self-signed certificate will still be present in the âmeshcentral-dataâ folder, this is normal and there is no need to manually copy the Letâs Encrypt certificate to the âmeshcentral-dataâ folder. If something goes wrong with the Letâs Encrypt certificate, the server will fall back to using the self-signed one.
-!!!note
+!!! note
Please be patient with Letâs Encrypt certificate requests and make sure you correctly get a staging certificate before setting production to true.
If Letâs Encrypt works for you, please consider donating to them as they provide a critical service to the Internet community.
-## Server IP filtering
+## đĄď¸ Server IP filtering
For improved security, itâs good to limit access to MeshCentral with IP address. For example, we want to allow mesh agents and Intel AMT computers to connect from anywhere, but whitelist IP address for users that we allow to access MeshCentral.
-MeshCentral provides IP filtering option in the config.json file for each domain. For an example, we can set IP address whitelist for the default domain like as shown below.
+MeshCentral provides IP filtering option in the `config.json` file for each domain. For an example, we can set IP address whitelist for the default domain like as shown below.
-```
+```json
{
"domains": {
"": {
@@ -683,9 +774,15 @@ MeshCentral provides IP filtering option in the config.json file for each domain
IP addresses are separated by a comma. As a result, only users coming these IP addresses will be able to see the serverâs login page as illustrated below. Other IP addresses will be blocked effectively.
-
+
-**Note**: When IP address whitelist is effective, Mesh Agent connection from any IP address will be not affected.
+ ---
+
+ > **đ Note :**
+
+ > When IP address whitelist is effective, Mesh Agent connection from any IP address will be not affected.
+
+ ---
You can also use files for IP lists
@@ -724,28 +821,31 @@ All the lines that start with a number or `:` will be used, everything else is i
```
-## Embedding MeshCentral
+## 𧊠Embedding MeshCentral
One interesting way to use MeshCentral is to embed its features into another web site. In other words, certain feature of MeshCentral can be selectively embedded into another website such as Remote Desktop or File Transfer.
This allows another site to take care of the user accounts and business processes while MeshCentral takes care of remote management. In the example below, a user logs into an existing web site and received a page with MeshCentral remote desktop embedded into it.
-
+
+
+To make this work, a following key alignment is required :
+
+1. When a user requests the business website, the business web server must return the user a web page containing an iframe with a URL that points to the MeshCentral server.
+
+2. The URL must contain both a login token and embedding options. The login token tells MeshCentral under what MeshCentral account this request should be made.
-To make this work, a following key alignment is required:
-1. When a user requests the business website, the business web server must return the user a web page containing an iframe with a URL that points to the MeshCentral server.
-2. The URL must contain both a login token and embedding options. The login token tells MeshCentral under what MeshCentral account this request should be made.
3. The login token replaces the login screen of MeshCentral. Then, the embedding options can be used to specify no page title, header and footer to be displayed. This way, the page given by MeshCentral will fit nicely into the iframe.
In this section we will review both the login token and embedding options mentioned above.
### Login Token
-With MeshCentral, itâs possible to login to the main web page without even seeing the login screen. Of course, you can do this by specifying â--nousers" or â--user adminâ when you run the server, but these approach are not secure as it removes user authentication for those accessing the server.
+With MeshCentral, itâs possible to login to the main web page without even seeing the login screen. Of course, you can do this by specifying `--nousers` or `--user admin` when you run the server, but these approach are not secure as it removes user authentication for those accessing the server.
With login tokens feature, a token can be generated to be used for a short time to login and skip the login page. This is perfect for embedding MeshCentral usages into other web site and probably for other applications.
-To enable this feature, configure config.json file to allow login tokens.
+To enable this feature, configure `config.json` file to allow login tokens.
```json
{
@@ -756,23 +856,23 @@ To enable this feature, configure config.json file to allow login tokens.
}
```
-Set both allowLoginToken and allowFraming to âtrueâ to use login tokens along with framing MeshCentral within another web page.
+Set both allowLoginToken and allowFraming to `true` to use login tokens along with framing MeshCentral within another web page.
-Next, create a token. Execute MeshCentral with the â--logintoken [userid]â switch and userid value with the example below:
+Next, create a token. Execute MeshCentral with the `--logintoken [userid]` switch and userid value with the example below:
-
+
-The âuseridâ is actually a combination of three values - user, domain, and username in a single string âuser/domain/usernameâ. The example above is using a default domain which is empty hence, the userid will be just âuser//adminâ to request for login token. Domains are only used if the server in multi-tenancy mode as discussed in previous chapters.
+The `userid` is actually a combination of three values - user, domain, and username in a single string `user/domain/username`. The example above is using a default domain which is empty hence, the userid will be just `user//adminâ to request for login token. Domains are only used if the server in multi-tenancy mode as discussed in previous chapters.
The resulting hashed base64 encoded blob can be used as a login token for 1 hour. Simply add the â?login=â followed by the token value generated to the URL of the webserver. For an e.g. https://localhost/?login=23tY7@wNbPoPLDeXVMRmTKKrqVEJ3OkJ. The login page is expected to be skipped and automatically login the user admin. This is just a manual attempt to token based login.
-Now, to have this work seamlessly with a different website, we should generate a login token key. A token key can be used to generate login tokens whenever needed for MeshCentral. Generate this key with â--loginTokenKey" switch as shown below
+Now, to have this work seamlessly with a different website, we should generate a login token key. A token key can be used to generate login tokens whenever needed for MeshCentral. Generate this key with `--loginTokenKey` switch as shown below
-
+
The generated masker key must be placed in a secure location within the business website.
-
+
As illustrated above, we see the business site using the token key to generate a login token and embed it into the response web page. The userâs browser then loads the iframe that includes both the URL with the login token for MeshCentral. MeshCentral can then verify the token and allow the web page to load as expected.
@@ -786,85 +886,101 @@ There are multiple options available for user to explicitly choose the features
| **hide** | "Indicates which portion of the web page to hide. This is a bitmask integer hence it will need the sum of values. For .e.g.: To hide all of the values, add 1+2+4+8 and use 15 as the value. | 1 = Hide the page header
2 = Hide the page tab
4 = Hide the page footer
8 = Hide the page title
16 = Hide the left tool bar
32 = Hide back buttons |
| **node** | Optional unless Viewmode is set to value of 10 or greater. Indicates which node to show on the screen,
For example, if we want to embed the remote desktop page for a given node and hide the header, tabs, footer and page title, we could have this URL: https://localhost/?node=UkSNlz7t...2Sve6Srl6FltDd&viewmode=11&hide=15" | Node or NodeID is a long base64 encoded SHA384 value |
-**Note**: Typically, the URL for the website is followed by â?â then a set of name=value pairs separated by â&â.
+ ---
+
+ > **đ Note :**
+
+ > Typically, the URL for the website is followed by â?â then a set of name=value pairs separated by `&`.
+
+ ---
Based on the URL https://localhost/?node=UkSNlz7t...2Sve6Srl6FltDd&viewmode=11&hide=15 , the nodeID starts with âUkSNlz7tâ. We shortened the value in this example, but itâs normally a long base64 encoded SHA384 value. The Viewmode set to 11 which is the remote desktop page and Hide set to 15 to hide everything. Hence the user may see as illustrated below.
-
+
-Only the remote desktop viewer will be displayed embedded within an iframe.
+Only the remote desktop viewer will be displayed embedded within an iframe.
-**Note**: User must set âallowFramingâ to true in the config.json of the server. This is in addition to the Node, Viewmode and Hide arguments, the login token must be specified to add complex features into another website.
+ ---
-## Server port aliasing
+ > **đ Note :**
+
+ > User must set âallowFramingâ to true in the config.json of the server. This is in addition to the Node, Viewmode and Hide arguments, the login token must be specified to add complex features into another website.
+
+ ---
+
+## đ Server port aliasing
In some cases, you may be setting up a server on a private network that uses non-standard ports, but use a router or firewall in front to perform port mapping. So, even if the server privately uses non-standard ports, the public ports are the standard ports 80 and 443. You have to tell MeshCentral to bind to private ports but pretend itâs using the other standard ports when communicating publicly. To make this work, MeshCentral supports port aliasing.
-For example you can run:
+For example you can run :
-```
+```bash
node meshcentral --redirport 2001 --port 2002 --aliasport 443
```
-
+
Here, the server binds the HTTP and HTTPS ports to 2001 and 2002, but the server will externally indicate to MeshAgents and browsers that they must connect to port 443.
In a different situation, you may want to setup a server so that both Mesh Agents and Intel AMT connect back to the server on port 443. This is useful because some corporation have firewalls that restrict outgoing connections to only port 80 and 443. By default, MeshCentral will be setup to have MeshAgents connection on port 443 and Intel AMT on port 4433.
-In the following picture we have a usual server running with:
+In the following picture we have a usual server running with :
-```
+```bash
node meshcentral --cert Server1 --port 443 --mpsport 4433
```
-
+
We can setup the server so that MeshAgent and Intel AMT will connect on port 443 of two different IP address or names like this:
-```
-node meshcentral --cert Server1 --mpscert Server2
---port 443 --mpsport 4433 --mpsaliasport 443
+```bash
+node meshcentral --cert Server1 --mpscert Server2 --port 443 --mpsport 4433 --mpsaliasport 443
```
-
+
-In the second example, the server on the right is running HTTPS on port 443 and MPS on port 4433 as usual, but the MPS is now presenting a certificate that has the name âServer2â on it. The server will also configure Intel AMT CIRA to connect to âServer2:443â.
+In the second example, the server on the right is running HTTPS on port 443 and MPS on port 4433 as usual, but the MPS is now presenting a certificate that has the name `Server2` on it. The server will also configure Intel AMT CIRA to connect to `Server2:443`.
-A router or firewall that is located in front of the MeshCentral server needs to be configured correctly to forwarding:
+A router or firewall that is located in front of the MeshCentral server needs to be configured correctly to forwarding :
-```
+```bash
Server1:443 -> 443 on MeshCentral
+```
+```bash
Server2:443 -> 4433 on MeshCentral
```
The routing of IP and ports by the firewall shown on the picture must be configured separately from MeshCentral using separate software. Typically, routers or firewalls have the proper controls to configure this type of traffic routes.
-## Web relay using DNS names and multiple web relays
+## đĄ Web relay using DNS names and multiple web relays
MeshCentral has a web relay feature that allows a user to access remote web sites thru the MeshCentral server without having to install MeshCentral Router. Web relay also allow you to use an alternate DNS name instead of a different web relay port which has a few advantages. You can also use multiple alternate DNS names which can be used at the same time to provide users with many HTTP/HTTPS relays.
-## Video Walkthrus
+
+## đŹ Video Walkthrus
+
+
-## Device Groups with Relay Agent
+## đ§ Device Groups with Relay Agent
MeshCentral supports the local device group allowing devices that do not have an agent to be managed thru MeshCentral with regular SSH, SFTP, RDP, VNC protocols. Until now, the MeshCentral server had to be in LAN or Hybrid modes to support his device group and the managed devices had to be on the same network as the MeshCentral server. Starting with v1.0.11, users can create a local device group specifying a MeshAgent as a relay. This makes it possible to manage agent-less devices from anywhere on the Internet even if the server is in WAN mode. Simply install a single device with a MeshAgent on a network and create a local device group with that device as the relay.
-
+
-
+
-To enable SSH support, add this line to the domain section of your config.json:
+To enable SSH support, add this line to the domain section of your `config.json`:
```json
"ssh": true
```
-Video Walkthru
+### Video Walkthru
@@ -875,39 +991,39 @@ Video Walkthru
In addition to local device groups, the IP-KVM/Power switch device group was also improved to support a MeshAgent as a relay. This is big news for Raritan IP-KVM switch owners as you can now monitor your IP-KVM ports and access them remotely from the Internet. The same can be done with WebPowerSwitch allowing full out-of-band remote access to devices from anywhere in the world.
-
+
-
+
-
+
-## NGINX Reverse-Proxy Setup
+## đ§ NGINX Reverse-Proxy Setup
### Video Walkthru
-
+
-Sometimes itâs useful to setup MeshCentral with a reverse-proxy in front of it. This is useful if you need to host many services on a single public IP address, if you want to offload TLS and perform extra web caching. In this section we will setup NGINX, a popular reverse-proxy, in front of MeshCentral. NGNIX is available at: https://www.nginx.com/
+Sometimes itâs useful to setup MeshCentral with a reverse-proxy in front of it. This is useful if you need to host many services on a single public IP address, if you want to offload TLS and perform extra web caching. In this section we will setup NGINX, a popular reverse-proxy, in front of MeshCentral. NGNIX is available at: [Nginx](https://www.nginx.com/)
-
+
-In this example, we will:
+In this example, we will :
-- MeshCentral on non-standard ports, but alias HTTPS to port 443.
+- Run MeshCentral on non-standard ports, but alias HTTPS to port 443.
- NGINX will be using standard ports 80 and 443.
- We will have NGINX perform all TLS authentication & encryption.
- MeshCentral will read the NGINX web certificate so agents will perform correct server authentication.
- NGINX will be setup with long timeouts, because agents have long standard web socket connections.
-!!!note
+!!! note
With SELinux, NGINX reverse proxy requires 'setsebool -P httpd_can_network_relay 1'
Caution: httpd_can_network_relay only allows certain ports
Confirm you are using ports from this subset in MeshCentral
If you want to use a different port then you will need to add it to http_port_t
-Letâs get started by configuring MeshCentral with the following values in config.json:
+Letâs get started by configuring MeshCentral with the following values in `config.json`:
```json
{
@@ -927,7 +1043,7 @@ Letâs get started by configuring MeshCentral with the following values in conf
}
```
-With this configuration, MeshCentral will be using port 4430 instead of port 443, but because âTlsOffloadâ is set, TLS will not be performed on port 4430. The server name is set to âmyservername.domain.comâ, so that is the name that MeshCentral will give to agents to connect to. Also, the alias port is set to 443. So agents will be told to connect to âmyservername.domain.com:443â.
+With this configuration, MeshCentral will be using port 4430 instead of port 443, but because âTlsOffloadâ is set, TLS will not be performed on port 4430. The server name is set to `myservername.domain.com`, so that is the name that MeshCentral will give to agents to connect to. Also, the alias port is set to 443. So agents will be told to connect to âmyservername.domain.com:443â.
The âAgentPongâ line instructs the server to send data to the agent each 300 seconds and the agent by default will send data to the server every 120 seconds. As long as NGINX timeouts are longer than this, connections should remain open.
@@ -939,7 +1055,7 @@ In this example, make sure to change â127.0.0.1â to the IP address of NGINX
Next, we need to configure and launch NGINX. Here is an ngnix.conf to get started:
-```
+```json
worker_processes 1;
events {
@@ -1001,7 +1117,7 @@ As indicated in the comments of this NGINX configuration file, we set timeouts t
Now we are ready to start NGINX and MeshCentral. You should start NGINX first because MeshCentral will try to fetch the certificate from NGINX upon start. When starting MeshCentral, you should see something like this:
-```
+```bash
MeshCentral HTTP redirection web server running on port 800.
Loaded RSA web certificate at https://127.0.0.1:443/, SHA384: d9de9e27a229b5355708a3672fb23237cc994a680b3570d242a91e36b4ae5bc96539e59746e2b71eef3dbdabbf2ae138.
MeshCentral Intel(R) AMT server running on myservername.domain.com:4433.
@@ -1014,11 +1130,11 @@ Notice on the second line, MeshCentral will have loaded the web certificate from
We can add on the section above and support reverse proxy for IntelÂŽ AMT Client Initiated more Access (CIRA) connecting that come to the server. Normally, CIRA connections come on port 4433 and use TLS.
-
+
Since CIRA is a binary protocol, care must be taken to configure NGINX to handle the data as a TCP stream instead of HTTP. At the very bottom of the nginx.conf file, we can add the following:
-```
+```json
stream {
# Internal MPS servers, in this case we use one MeshCentral MPS server is on our own computer.
upstream mpsservers {
@@ -1066,13 +1182,13 @@ In this new config.json, we added 3 lines. First, the MeshCentral Management Pre
With this configuration, Intel AMT CIRA connections will come in and TLS will be handled by NGINX. With this setup, itâs not possible to configure Intel AMT CIRA to connect using mutual-TLS authentication, only username/password authentication is used.
-## Traefik Reverse-Proxy Setup
+##đŚTraefik Reverse-Proxy Setup
In this section, we will setup MeshCentral with Traefik, a popular reverse proxy software. This section will be much like the previous section setting up NGNIX but with a different software and configuration file. Traefik is open source and available at: https://traefik.io/
This section covers a really simple Traefik configuration. Traefik is capable of a lot more complex configurations.
-
+
In this example, we will:
@@ -1101,9 +1217,15 @@ First we will start with the MeshCentral configuration, here is a minimal config
}
```
-**Note the âagentConfigâ line**: Because Traefik does not support web socket connections that are not âmaskedâ, we have to tell the Mesh Agents to mask web socket connections using this line. Once set, any new agent will be installed with the web socket masking turned on. Also note that we will be running MeshCentral on port HTTPS/4430 and HTTP/800. However, we also indicate to MeshCentral that HTTPS will really be on port 443 using the âAliasPortâ line.
+---
-The âTlsOffloadâ line indicates that MeshCentral should not perform TLS on port 4430. And the âcertUrlâ line indicates what URL can be used to load the external certificate that will be presented on port 443 in front of MeshCentral.
+> **đ Note âagentConfigâ line :**
+
+> Because Traefik does not support web socket connections that are not âmaskedâ, we have to tell the Mesh Agents to mask web socket connections using this line. Once set, any new agent will be installed with the web socket masking turned on. Also note that we will be running MeshCentral on port HTTPS/4430 and HTTP/800. However, we also indicate to MeshCentral that HTTPS will really be on port 443 using the âAliasPortâ line.
+
+---
+
+The `TlsOffload` line indicates that MeshCentral should not perform TLS on port 4430. And the `certUrl` line indicates what URL can be used to load the external certificate that will be presented on port 443 in front of MeshCentral.
Now that we have MeshCentral setup, letâs take a look at a sample Traefik configuration file. In this case, we will manually configure the entrypoints, frontends and backends within the Traefik configuration file. There is a basic configuration file for Traefik 1.7:
@@ -1154,23 +1276,23 @@ The enterPoints section shows we have two entry points, port 80 will be redirect
The backends section configures one MeshCentral server on port â4430â. Traefik will additionally check the health of the MeshCentral server periodically, every 30 seconds.
-The frontends section is what routes the connections coming in the entry points to the backend servers. In this case, the HTTPS entry point is routed to the MeshCentral server is the hostname matches âmyserver.domain.comâ or âlocalhostâ.
+The frontends section is what routes the connections coming in the entry points to the backend servers. In this case, the HTTPS entry point is routed to the MeshCentral server is the hostname matches `myserver.domain.com` or `localhost`.
Finally, the API section creates a web portal on port 8080 for monitoring of Traefik.
-## HAProxy Reverse-Proxy Setup
+## ⥠HAProxy Reverse-Proxy Setup
-In this section, we will setup MeshCentral with HAProxy, a small popular reverse proxy software. This section will be much like the previous sections setting up NGNIX and Traefik but with a different software and configuration file. HAProxy is free and available at:
+In this section, we will setup MeshCentral with HAProxy, a small popular reverse proxy software. This section will be much like the previous sections setting up NGNIX and Traefik but with a different software and configuration file. HAProxy is free and available at: [HAProxy Official Website](https://www.haproxy.org/)
-
+
This section covers a really simple configuration. HAProxy is capable of a lot more complex configurations. In the following example, HAProxy will perform TLS and forward the un-encrypted traffic to MeshCentral on port 444. HAProxy will add extra âX-Forwarded-Hostâ headers to the HTTP headers so that MeshCentral will know from the IP address the connection comes from.
-
+
In the following configuration file, we have browser connections on port 80 being redirected to HTTPS port 443. We also have Letâs Encrypt cert bot for getting a real TLS certificate and âmesh.sample.comâ being redirected to 127.0.0.1:444.
-```
+```yaml
global
log /dev/log local0
log /dev/log local1 notice
@@ -1232,23 +1354,25 @@ On the MeshCentral side, we are not going to use port 80 and need the main HTTPS
We also specify â127.0.0.1â in TLS offload since we want MeshCentral to make use of the X-Forwarded-Host header that is set by HAProxy.
-## Running in a Production Environment
+## đ Running in a Production Environment
-When running MeshCentral is a production environment, administrators should set NodeJS to run in production mode. There is a good article here (http://www.hacksparrow.com/running-express-js-in-production-mode.html) on what this mode is and how to set it. This mode will also boost the speed of the web site on small devices like the Raspberry Pi. To run in production mode, the environment variable âNODE_ENVâ must be set to âproductionâ. On Linux, this is done like this:
+When running MeshCentral is a production environment, administrators should set NodeJS to run in production mode. There is a good article here (http://www.hacksparrow.com/running-express-js-in-production-mode.html) on what this mode is and how to set it. This mode will also boost the speed of the web site on small devices like the Raspberry Pi. To run in production mode, the environment variable âNODE_ENVâ must be set to âproductionâ.
-```
+- On Linux, this is done like this:
+
+```bash
export NODE_ENV=production
```
-On Windows, itâs done like this:
+- On Windows, itâs done like this:
-```
+```shell
SET NODE_ENV=production
```
-Special care must be taken to set the environment variable in such a way that if the server is rebooted, this value is still set. Once set, if you run MeshCentral manually, you will see:
+Special care must be taken to set the environment variable in such a way that if the server is rebooted, this value is still set. Once set, if you run MeshCentral manually, you will see :
-```
+```bash
MeshCentral HTTP redirection web server running on port 80.
MeshCentral v0.2.2-u, Hybrid (LAN + WAN) mode, Production mode.
MeshCentral Intel(R) AMT server running on devbox.mesh.meshcentral.com:4433.
@@ -1257,13 +1381,13 @@ MeshCentral HTTPS web server running on devbox.mesh.meshcentral.com:443.
In production mode, ExpressJS will cache some files in memory making the web server much faster and any exceptions thrown by the ExpressJS will not result in the stack trace being sent to the browser.
-## Two step authentication
+## đ˛ Two step authentication
If the MeshCentral server is setup with a certificate name and not setup to use Windows domain authentication, then users will have the options to use 2-step authentication using the Google Authenticator application or any compatible application. Use of this option should be encouraged for users that manage a lot of critical computers. Once active the users will need to enter their username, password and a time limited token to login.
To get this features setup, users will need to go to the âMy Accountâ tab or the âMy Accountâ menu in the mobile application. They then select, âAdd 2-stop loginâ and follow the instructions.
-
+
Note that if a user performs a password recovery using email, the 2-step authentication is then turned off and will need to be turned on again. This is not idea as someone being able to intercept the userâs email could still log into the web site. Users should make sure to properly protect their email account.
@@ -1281,80 +1405,87 @@ And taking authentication to the next step is removing the login page entirely.
You can also setup [Duo 2FA](https://github.com/Ylianst/MeshCentral/blob/master/docs/docs/meshcentral/security.md#duo-2fa-setup) which is a commertial offering.
-## Server Backup & Restore
+## đž Server Backup & Restore
Itâs very important that the server be backed up regularly and that a backup be kept offsite. Luckily, performing a full backup of the MeshCentral server is generally easy to do. For all installations make sure to back up the following two folders and all sub-folders.
-```
-meshcentral-data
-meshcentral-files
-```
+ 1. `meshcentral-data`
+ 2. `meshcentral-files`
If using NeDB that is built into MeshCentral, you are done. If you are running MongoDB, you will need to perform an extra step. In the command shell, run mongodump to archive all of the MongoDB databases.
-```
+```bash
mongodump --archive=backup.archive
```
Then, keep the backup.archive file in a safe place. Itâs critical that the content of meshcentral-data be backed up in a secure location and preferably using encryption, this is because it contains certificates that give this server its unique personality. Once agents are installed, they will only connect to this server and no other. If you reinstall MeshCentral, even if it is with the same domain name, agents will not connect to the new server since the server certificates are different. Also, someone with access to a backup of âmeshcentral-dataâ could impersonate the server.
-To restore back backup, just install a MeshCentral server, make sure it works correctly. Stop it, wipe the old âmeshcentral-dataâ and âmeshcentral-filesâ and put the backup version instead. If using MongoDB, copy the backup.archive back, make sure to clean up any existing âmeshcentralâ database, run âmongoâ and type:
+To restore back backup, just install a MeshCentral server, make sure it works correctly. Stop it, wipe the old `meshcentral-data` and `meshcentral-files` and put the backup version instead. If using MongoDB, copy the backup.archive back, make sure to clean up any existing âmeshcentralâ database, run `mongo` and type:
-```
+```bash
use meshcentral
+```
+
+```bash
db.dropDatabase()
```
Then exit with Ctrl-C and run:
-```
+```bash
mongorestore --archive=backup.archive
```
This will re-import the database from the backup. You can then start MeshCentral again.
-!!!note
+!!! note
The two values for `backup` and `restore` in the json are only valid for databases backed by NeDB
### Backup to Google Drive
```bash
sudo systemctl stop meshcentral.service
+```
+
+```bash
nano /opt/meshcentral/meshcentral-data/config.json
```
Remove underscored items
-
+
```bash
sudo systemctl start meshcentral.service
+```
+
+```bash
sudo systemctl status meshcentral.service
```
Log into your MC:
-
+
-
+
Create desktop app
-
+
Enter the Client ID and Client Secret into MC
-
+
-
+
-## HashiCorp Vault support
+## đď¸ HashiCorp Vault support
-MeshCentral has built-in support for HashiCorp Vault so that all configuration and certificates used by MeshCentral are retrieved from a Vault server. Vault is a secret store server and when used with MeshCentral, the MeshCentral server will not be storing any secrets locally. You can get started with Vault here: https://www.vaultproject.io/
+MeshCentral has built-in support for HashiCorp Vault so that all configuration and certificates used by MeshCentral are retrieved from a Vault server. Vault is a secret store server and when used with MeshCentral, the MeshCentral server will not be storing any secrets locally. You can get started with Vault here: [HashiCorp Vault Official Site](https://www.vaultproject.io/)
Once you got a MeshCentral server working correctly, you can start a simple demonstration Vault server by typing:
-```
+```bash
vault server -dev
```
@@ -1366,15 +1497,15 @@ node node_modules/meshcentral --vaultpushconfigfiles --vault http://127.0.0.1:82
Once all of the files have been written into Vault, you can take a look at the Vault web user interface to see all of the secrets. It will be in âsecret/meshcentralâ:
-
+
-The âconfig.jsonâ and âterms.txtâ files and files in âmeshcentral-dataâ that end with â.keyâ, â.crtâ, â.jpgâ and â.pngâ will be stored in Vault. You can then run MeshCentral like this:
+The `config.json` and `terms.txt` files and files in `meshcentral-data` that end with `.key`, `.crt`, `.jpg` and `.png` will be stored in Vault. You can then run MeshCentral like this:
-```
+```bash
node node_modules/meshcentral --vault http://127.0.0.1:8200 --token s.cO4⌠--unsealkey 7g4w⌠--name meshcentral
```
-MeshCentral will first read all of the files from Vault and get started. An alternative to this is to create a very small config.json file in âmeshcentral-dataâ that contains only the Vault configuration like this:
+MeshCentral will first read all of the files from Vault and get started. An alternative to this is to create a very small `config.json` file in âmeshcentral-dataâ that contains only the Vault configuration like this:
```json
{
@@ -1391,31 +1522,31 @@ MeshCentral will first read all of the files from Vault and get started. An alte
Once the config.json file is setup, you can just run MeshCentral without any arguments.
-```
+```bash
node node_modules/meshcentral
```
Lastly you can all pull all of the files out of Vault using this command line:
-```
+```bash
node node_modules/meshcentral --vaultpullconfigfiles --vault http://127.0.0.1:8200 --token s.cO4⌠--unsealkey 7g4w⌠--name meshcentral
```
And delete the Vault secrets using this:
-```
+```bash
node node_modules/meshcentral --vaultdeleteconfigfiles --vault http://127.0.0.1:8200 --token s.cO4⌠--unsealkey 7g4w⌠--name meshcentral
```
-## Database Record Encryption
+## đ Database Record Encryption
Regardless if using the default NeDB database or MongoDB, MeshCentral can optionally encrypt sensitive data that is stored in the database. When enabled, this encryption is applied to user credentials and Intel AMT credentials.
-
+
-The additional encryption does the affect database operations and can be used in addition to additional database security. In the following image, we see on the left a normal user record including user credential hashes and data required for two-factor authentication. On the right side, these values are encrypted using AES-256-GCM in the â_CRYPTâ field.
+The additional encryption does the affect database operations and can be used in addition to additional database security. In the following image, we see on the left a normal user record including user credential hashes and data required for two-factor authentication. On the right side, these values are encrypted using AES-256-GCM in the `_CRYPT` field.
-
+
Only some data fields are encrypted and the â_CRYPTâ entry will only be present when one or more fields are present that need to be secured. To enable this feature, add the âDbRecordsEncryptKeyâ with a password string to the âsettingsâ section of the config.json like this:
@@ -1431,7 +1562,7 @@ Only some data fields are encrypted and the â_CRYPTâ entry will only be pres
The provided password will be hashed using SHA384 and the result with be used as an encryption key. When DbRecordsEncryptKey is set, any new or updated records that are written will be encrypted when needed. Existing encrypted records will be read and decrypted as needed. You can force the all entries to be re-written by running:
-```
+```bash
node node_modules/meshcentral --recordencryptionrecode
```
@@ -1449,27 +1580,33 @@ This command will re-write entries in the database that could require added secu
When set, the key will only be used for decryption and any new or updated records in the database will not be written with record encryption. You can then run this command again to force all records to be rewritten without encryption:
-```
+```bash
node node_modules/meshcentral --recordencryptionrecode
```
Itâs really important to keep the encryption key in a safe place along with database backups. If the database is backed up but the record encryption key is lost, it will not be possible to recover the secured data in the database.
-Also note that database record encryption can and should be used along with other data protection systems.
+ ---
-## MongoDB free server monitoring
+ > **đ Note :**
+
+ > Also note that database record encryption can and should be used along with other data protection systems.
+
+ ---
+
+## đ MongoDB free server monitoring
If running with MongoDB version 4.x, there is a free database monitoring service that is provided. Just run âmongoâ and you may see the following:
-
+
-Type âdb.enableFreemonitoring()â if you want to enable this. You will be given a URL to access the data and can turn it back off at any time. The web page will look something like this:
+Type `db.enableFreemonitoring()` if you want to enable this. You will be given a URL to access the data and can turn it back off at any time. The web page will look something like this:
-
+
In addition to database specific information, the graphs track CPU, memory and disk usage. This can be useful to track how well the server is responding under load.
-## MeshCentral Single Sign-On (SSO)
+## đ MeshCentral Single Sign-On (SSO)
As with any web application deployed in organization, itâs convenient and more secure for users to have a single set of credentials that can be used across many services. In this section we take a look at how to configure MeshCentral so that you can sign-in using credentials from other services. This allows users to completely skip creating a user account on MeshCentral or having to remember usernames and password for one more web site. There are two single sign-on protocols that are supported in MeshCentral, OAuth2 and SAML. We will take a look at an example for each one.
@@ -1488,19 +1625,19 @@ You can integrate LDAP using [these](https://github.com/Ylianst/MeshCentral/blob
### Twitter Authentication
-Like many other services, Twitter allows its users to login to other web site using Twitter credentials using OAuth2. Start by creating an account on Twitter and logging in. Then navigate to , this is where you can create new applications that are compatible with Twitter.
+Like many other services, Twitter allows its users to login to other web site using Twitter credentials using OAuth2. Start by creating an account on Twitter and logging in. Then navigate to [Twitter Developer Apps](https://developer.twitter.com/en/apps), this is where you can create new applications that are compatible with Twitter.
Start by creating a new application and fill in the application form. Give your application and name, description, server URL and more.
-
+
-Make sure to select âEnable Sign in with Twitterâ and set the callback URL to âhttps://(server.domain.com)/auth-twitter-callbackâ. This is the URL that Twitter will redirect users to once they are logged in. For example this is what a sample application would look like:
+Make sure to select âEnable Sign in with Twitterâ and set the callback URL to `https://(server.domain.com)/auth-twitter-callback`. This is the URL that Twitter will redirect users to once they are logged in. For example this is what a sample application would look like:
-
+
-Once the new application is created, go to the âKeys and tokensâ tab. You will need the âAPI Keyâ and âAPI secret keyâ values. In the MeshCentral config.json, place these two values as âclientidâ and âclientsecretâ of the Twitter section of the âAuthStrategiesâ.
+Once the new application is created, go to the `Keys and tokens` tab. You will need the `API Key` and `API secret key` values. In the MeshCentral `config.json`, place these two values as `clientid` and `clientsecret` of the Twitter section of the `AuthStrategies`.
-
+
Once done, your config.json should look a bit like this:
@@ -1527,13 +1664,21 @@ Once done, your config.json should look a bit like this:
}
```
-Note that if you do not allow new accounts, any new users that use Twitter credentials will not be able to login to MeshCentral. One trick is to allow new account, login and change this setting again. Once the config.json is correct, restart the server and you should see the Twitter icon on the login screen. When restarting the MeshCentral server, new modules will need to be installed to support this new feature. Depending on how your server is setup, you may need to restart the server manually to allow the new modules to be installed.
+ ---
-
+ > **đ Note :**
+
+ > Note that if you do not allow new accounts, any new users that use Twitter credentials will not be able to login to MeshCentral. One trick is to allow new account, login and change this setting again. Once the config.json is correct, restart the server and you should see the Twitter icon on the login screen. When restarting the MeshCentral server, new modules will need to be installed to support this new feature. Depending on how your server is setup, you may need to restart the server manually to allow the new modules to be installed.
+
+ ---
+
+
### Google, GitHub, Reddit Authentication
-The exact same process as shown in the previous section can be repeated for Google, GitHub and Reddit. In each case, you need to go to each respective credential provider and get a âClientIDâ and âClientSecretâ for each service. You also need to register the correct callback URL for each service. Take a look at the config.json below and note the callback URL that will need to be registered for each service provider.
+The exact same process as shown in the previous section can be repeated for Google, GitHub and Reddit. In each case, you need to go to each respective credential provider and get a `ClientID` and `ClientSecret` for each service. You also need to register the correct callback URL for each service.
+
+Take a look at the `config.json` below and note the callback URL that will need to be registered for each service provider.
```json
{
@@ -1580,19 +1725,19 @@ Itâs possible to enable all four of these service providers at the same time t
In this section we look at how to setup MeshCentral to Azure Active Directory using OAuth. Like all other sections about setting up single sign-on, make sure your MeshCentral server is already setup on the public Internet with a valid TLS certificate. You can then start by adding a new application registration to the Azure portal.
-
+
-
+
-We give our application a name, generally the domain name of the MeshCentral server is a good choice. Then you can setup the redirect URL to https://[servername]/auth-azure-callback. Make sure to type this correctly, all lower case with the full domain name of your MeshCentral server. Once done, there are two values we will need later, the Application ID and Tenant ID.
+We give our application a name, generally the domain name of the MeshCentral server is a good choice. Then you can setup the redirect URL to `https://[servername]/auth-azure-callback`. Make sure to type this correctly, all lower case with the full domain name of your MeshCentral server. Once done, there are two values we will need later, the Application ID and Tenant ID.
-
+
-Next, we need to create a secret that will be shared between Azure and MeshCentral. Go to the âCertificates & secretsâ section and click âNew client secretâ. You then enter a name and for our example, we will opt to never make it expire.
+Next, we need to create a secret that will be shared between Azure and MeshCentral. Go to the `Certificates & secrets` section and click `New client secret`. You then enter a name and for our example, we will opt to never make it expire.
-
+
-
+
We then copy the resulting secret and this will be the 3rd and final value we need to get MeshCentral setup. Now, we take the application ID, tenant ID and secret and place these values in the MeshCentral config.json like so:
@@ -1621,9 +1766,9 @@ We then copy the resulting secret and this will be the 3rd and final value we ne
}
```
-The âApplication IDâ value is placed as âClient IDâ in the configuration file. You can also see that in the example above, we have âNewAccountsâ set to false in the default MeshCentral domain, but set to true in the Azure section. This indicates that new accounts are not allowed in this domain except if itâs a new user that is authenticating thru Azure. Once done, restart the MeshCentral server. Depending on your setup, you many need to run MeshCentral once manually to allow new required modules to be installed. Once running again, you should see the Azure single sign-on button on the login page.
+The `Application ID` value is placed as `Client ID` in the configuration file. You can also see that in the example above, we have `NewAccounts` set to false in the default MeshCentral domain, but set to true in the Azure section. This indicates that new accounts are not allowed in this domain except if itâs a new user that is authenticating thru Azure. Once done, restart the MeshCentral server. Depending on your setup, you many need to run MeshCentral once manually to allow new required modules to be installed. Once running again, you should see the Azure single sign-on button on the login page.
-
+
### JumpCloud Authentication using SAML
@@ -1631,37 +1776,39 @@ While using OAuth may be interesting, itâs more likely that MeshCentral server
In this section, we setup MeshCentral with JumpCloud, an easy to use sign-in provider. You can create an account on JumpCloud for free with up to 10 users allowing you to quickly get setup and test the following setup. In the next section, we look at a generic SAML configuration.
-Before getting started with this section, make sure your server is on the Internet and publicly available and that it has a valid TLS certificate. You can use Letâs Encrypt to get a valid TLS certificate. Then, start by going to and creating an administrator account. Once setup, go to âApplicationsâ and click on the big plug sign to create a new application.
+Before getting started with this section, make sure your server is on the Internet and publicly available and that it has a valid TLS certificate. You can use Letâs Encrypt to get a valid TLS certificate. Then, start by going to [JumpCloud](https://jumpcloud.com) and creating an administrator account. Once setup, go to `Applications` and click on the big plug sign to create a new application.
-
+
-You will need to create a custom SAML application by clicking the âCustom SAML Appâ.
+You will need to create a custom SAML application by clicking the `Custom SAML App`.
-
+
Then, you can fill in the form with an application name and logo.
-- For the IdP Entity ID, put âjumpcloudâ.
-- For the SP Entity ID put âmeshcentralâ.
-- For the ACS URL, put the callback URL of your server. In this case it will be âhttps://(yourservername)/auth-jumpcloud-callbackâ
+- For the IdP Entity ID, put `jumpcloud`.
+- For the SP Entity ID put `meshcentral`.
+- For the ACS URL, put the callback URL of your server. In this case it will be `https://(yourservername)/auth-jumpcloud-callback`
- Lastly in the attributes section, add 3 user attribute mapping.
- - âfirstnameâ to âfirstnameâ
- - âlastnameâ to âlastnameâ
- - âemailâ to âemailâ
+ - `firstname` to `firstname`
+ - `lastname` to `lastname`
+ - `email` to `email`
The attribute mappings will allow MeshCentral to receive from JumpCloud the first and last name of the user and the email address of the use. If any of these values are changed in the future, MeshCentral will update them the next time the user logs into MeshCentral. Here is an example configuration with red arrows next to important values.
-
+
-Once setup, you will need to allow one or more users to use the new application. One way to do this is to just add your new application to the âAll Usersâ group.
+Once setup, you will need to allow one or more users to use the new application. One way to do this is to just add your new application to the `All Users` group.
-
+
-We are now almost done with JumpCloud. The last thing we need to do is download the certificate that JumpCloud will be using to sign the SAML assertions. You can get this certificate by going in the âApplicationsâ tab, click on your new application and select âDownload Certificateâ as shown here.
+We are now almost done with JumpCloud. The last thing we need to do is download the certificate that JumpCloud will be using to sign the SAML assertions. You can get this certificate by going in the `Applications` tab, click on your new application and select `Download Certificate` as shown here.
-Save the certificate as âjumpcloud-saml.pemâ and place it in the âmeshcentral-dataâ folder. You are now ready to configure MeshCentral. Edit the config.json and make it look like this:
+Save the certificate as `jumpcloud-saml.pem` and place it in the `meshcentral-data` folder. You are now ready to configure MeshCentral.
+
+Edit the `config.json` and make it look like this:
```json
{
@@ -1689,17 +1836,17 @@ Save the certificate as âjumpcloud-saml.pemâ and place it in the âmeshcent
}
```
-Take note that the âentityidâ, âidpurlâ and âcertâ are values taken from JumpCloud. The callback URL should be configured in JumpCloud as we have done in previous steps. You can see that in the example above, we have âNewAccountsâ set to false in the default MeshCentral domain, but set to true in the JumpCloud section. This indicates that new accounts are not allowed in this domain except if itâs a new user that is authenticating thru JumpCloud.
+Take note that the `entityid`, `idpurl` and `cert` are values taken from JumpCloud. The callback URL should be configured in JumpCloud as we have done in previous steps. You can see that in the example above, we have `NewAccounts` set to false in the default MeshCentral domain, but set to true in the JumpCloud section. This indicates that new accounts are not allowed in this domain except if itâs a new user that is authenticating thru JumpCloud.
You are now ready to restart the MeshCentral server. Extra modules will be needed to support SAML and so, depending on your server configuration, you may need to run MeshCentral manually once to allow the new modules to be installed from NPM. Once restarted, you should see the JumpCloud sign-in button on the login screen.
-
+
Users can sign-in using the regular username and password or using JumpCloud.
### Generic SAML setup
-In this section, we look at configuring SAML with a generic authentication provider. The setup is exactly the same as with JumpCloud in the previous section, but we will be using a different section in the config.json to that a generic login icon is shown on the login page.
+In this section, we look at configuring SAML with a generic authentication provider. The setup is exactly the same as with JumpCloud in the previous section, but we will be using a different section in the `config.json` to that a generic login icon is shown on the login page.
A generic SAML setup will look like this:
@@ -1728,14 +1875,16 @@ A generic SAML setup will look like this:
}
```
-The callback URL will be of the form âhttps://(servername)/auth-saml-callbackâ. You should set the entityid, idpurl as given by the identity provider. Lastly, place the identity provider certificate file in the âmeshcentral-dataâ folder and indicate the name of the file in âcertâ. Once setup, restart the server and you should see a Single Sign-on button on the login screen.
+The callback URL will be of the form `https://(servername)/auth-saml-callback`. You should set the entityid, idpurl as given by the identity provider. Lastly, place the identity provider certificate file in the `meshcentral-data` folder and indicate the name of the file in `cert`.
-
+Once setup, restart the server and you should see a Single Sign-on button on the login screen.
+
+
Enabling SAML will require MeshCentral to install extra modules from NPM, so depending on your server configuration, you may need to run MeshCentral once manually.
-!!!note
- MeshCentral only supports "POST". [For example Authentik's](https://github.com/Ylianst/MeshCentral/issues/4725) default setting is to use "Redirect" as a "Service Provider Binding".
+!!! note
+ MeshCentral only supports "POST". [For example Authentik's](https://github.com/Ylianst/MeshCentral/issues/4725) default setting is to use `Redirect` as a `Service Provider Binding`.
### Generic OpenID Connect Setup
@@ -1767,42 +1916,65 @@ Generally, if you are using an IdP that supports OpenID Connect (OIDC), you can
As you can see, this is roughly the same as all the other OAuth2 based authentication strategies. These are the basics you need to get started using OpenID Connect because it's still authenticating with OAuth2. If you plan to take advantage of some of the more advanced features provided by this strategy you should consider reading the [additional strategy documentation](./openidConnectStrategy.md).
-> NOTE: MeshCentral will use `https://mesh.your.domain/auth-oidc-callback` as the default redirect uri.
+ ---
-## Improvements to MeshCentral
+ > **đ Note :**
-In 2007, the first version of MeshCentral was built. We will refer to it as âMeshCentral1â. When MeshCentral1 was designed, HTML5 did not exist and web sockets where not implemented in any of the major browsers. Many design decisions were made at the time that are no longer optimal today. With the advent of the latest MeshCentral, MeshCentral1 is no longer supported and MeshCentral v2 has been significantly redesigned and mostly re-written based of previous version. Here is a list of improvements made in MeshCentral when compared with MeshCentral1:
+ > MeshCentral will use `https://mesh.your.domain/auth-oidc-callback` as the default redirect uri.
-- Quick Installation â By having MeshCentral published on NPM (www.npmjs.com) itâs now easy to download and install MeshCentral on both Linux and Windows*. On Linux* you can use NPM directly (ânpm install meshcentralâ) and on Windows you can use the .MSI installer.
-- Cross-Platform Support â Contrary to MeshCentral1 that only runs on Windows*, MeshCentral can run on any environment that supports NodeJS. This includes Windows*, Linux* and OSX*. Because MeshCentral runs on Linux, it often lowers hosting costs and makes it possible to run MeshCentral in a Docker* container environment.
-- Runs with Little Compute Resources â Typical MeshCentral1 installation requires a large disk space foot print (approx* 30G of disk space) and is compute intensive even for small deployments. MeshCentral requires little resources to host (70MB) and able to deliver reasonable performance on a 900Mhz CPU with 1GB RAM.
-- Multi-Tenancy and Load Balancing Support â MeshCentral can handle hosting many server instances at once. Each instance or âdomainâ has itâs own administrators, users and computers to manage. The server can handle each instance using a url path âserver.com/customer1â or a DNS name âcustomer1.server.comâ. Many customers can be handled by having all the DNS names point to the same server IP address. MeshCentral will take care of serving the right TLS certificate for each connection.
-- Single Executable â MeshCentral is a single-module or single executable server. All of the components of MeshCentral1 including IIS, Swarm, AJAX, Social, Manageability Servers are all build into one single executable. This makes it super easy to setup and run, it also minimizes problems and overhead caused by having many components communicate to each other. When the server is updated, all of the components are updated at once and effective.
-- Web Application Design â MeshCentral1 has 100âs of web pages and often times a click on a web page causes the browser to load a different web page and this creates more load on the server. With MeshCentral there are only two main web pages: The login page and the main web application. This design is much more responsive since the server now delegates most of the UI workload to the clientâs web browser.
-- Real-Time User Interface â In MeshCentral, the user never has to hit the ârefreshâ button to update the web page. The web interface is completely real-time and updates as things change. MeshCentral uses websockets to connect to the server and get real-time events.
-- Single Programming Language â MeshCentral1 used JavaScript on the browser, C# on the server and C for the agent. Use of 3 different programming languages means that developers wanting to implement a new use-case needs to have sufficient skills to change between these 3 languages during the coding session. Makes the code significantly more difficult to understand and maintain.
-- Support for LAN only Mode â MeshCentral is capable of being setup as âLAN onlyâ mode. In fact, this is the default mode when no static name or IP address is provided. In this mode, MeshAgents perform a multicast search on the network for the server making a static DNS/IP unnecessary.
-- Support for TLS Offloaders â TLS offloaders are now fully supported. This means that MeshCentral can handle way more network connections and traffic significantly.
-- Support for CIRA User/Pass Login â MeshCentral now supports both Intel AMT CIRA user/pass login and certificate login. Compared to MeshCentral1 that only supported certificate login, user/pass login is easier to setup and it can also be used for TLS offloaders and CIRA authentication.
-- No Live State Stored in the Database â One if the big problems with MeshCentral1 is that a lot of the live states (Agent, User and AMT connections and disconnections) needed to be stored in the database. This caused a few problems, first the extra load on the database that was un-necessary, but also that servers did not have real-time state information about other servers (they had to query the database). This resulted in more load on the database and scaling issues. In MeshCentral, all live states are kept in the RAM which boosts performance significantly.
-- Agentless Intel AMT Support â With MeshCentral1, administrators have to install the MeshAgent software on all computers, even if it was only for used for Intel AMT. MeshCentral supports a new agent-less mesh type that allows administrators to just setup the server strictly for Intel AMT only.
-- Latest Security & Crypto algorithms â MeshCentral uses all the latest cryptographic algorithm, notably SHA384 and RSA3072 making it more resistant to future quantum computer attacks. This would be very difficult to retrofit into MeshCentralv1 since it would require change of database schema and 1000âs of line of code thus making the server incompatible with the current version version, making migration difficult.
-- Support for Email Verification and Password Recovery â MeshCentral can be configured with an SMTP server to send out e-mail confirmation messages and password recovery message. This is an important feature that was missing in MeshCentral1.
-- MeshInterceptor Support â MeshCentral can insert HTTP and Intel AMT redirection credential into a live data stream. This is useful to allow an administrator to securely pass Intel AMT password and control over an Intel AMT computer via web browser without the additional administrator login UI.
+ ---
+
+## ⨠Improvements to MeshCentral
+
+In 2007, the first version of MeshCentral was built. We will refer to it as âMeshCentral1â. When MeshCentral1 was designed, HTML5 did not exist and web sockets where not implemented in any of the major browsers. Many design decisions were made at the time that are no longer optimal today. With the advent of the latest MeshCentral, MeshCentral1 is no longer supported and MeshCentral v2 has been significantly redesigned and mostly re-written based of previous version. Here is a list of improvements made in MeshCentral when compared with MeshCentral1 :
+
+- **Quick Installation â**
+ > By having MeshCentral published on NPM (www.npmjs.com) itâs now easy to download and install MeshCentral on both Linux and Windows*. On Linux* you can use NPM directly (`npm install meshcentral`) and on Windows you can use the `.MSI installer`.
+- **Cross-Platform Support â**
+ > Contrary to MeshCentral1 that only runs on Windows*, MeshCentral can run on any environment that supports NodeJS. This includes Windows*, Linux* and *OSX*. Because MeshCentral runs on Linux, it often lowers hosting costs and makes it possible to run MeshCentral in a Docker* container environment.
+- **Runs with Little Compute Resources â**
+ > Typical MeshCentral1 installation requires a large disk space foot print (approx* 30G of disk space) and is compute intensive even for small deployments. MeshCentral requires little resources to host (70MB) and able to deliver reasonable performance on a 900Mhz CPU with 1GB RAM.
+- **Multi-Tenancy and Load Balancing Support â**
+ > MeshCentral can handle hosting many server instances at once. Each instance or `domain` has itâs own administrators, users and computers to manage. The server can handle each instance using a url path `server.com/customer1` or a DNS name `customer1.server.com`. Many customers can be handled by having all the DNS names point to the same server IP address. MeshCentral will take care of serving the right TLS certificate for each connection.
+- **Single Executable â**
+ > MeshCentral is a single-module or single executable server. All of the components of MeshCentral1 including IIS, Swarm, AJAX, Social, Manageability Servers are all build into one single executable. This makes it super easy to setup and run, it also minimizes problems and overhead caused by having many components communicate to each other. When the server is updated, all of the components are updated at once and effective.
+- **Web Application Design â**
+ > MeshCentral1 has 100âs of web pages and often times a click on a web page causes the browser to load a different web page and this creates more load on the server. With MeshCentral there are only two main web pages: The login page and the main web application. This design is much more responsive since the server now delegates most of the UI workload to the clientâs web browser.
+- **Real-Time User Interface â**
+ > In MeshCentral, the user never has to hit the `refresh` button to update the web page. The web interface is completely real-time and updates as things change. MeshCentral uses websockets to connect to the server and get real-time events.
+- **Single Programming Language â**
+ > MeshCentral1 used JavaScript on the browser, C# on the server and C for the agent. Use of 3 different programming languages means that developers wanting to implement a new use-case needs to have sufficient skills to change between these 3 languages during the coding session. Makes the code significantly more difficult to understand and maintain.
+- **Support for LAN only Mode â**
+ > MeshCentral is capable of being setup as âLAN onlyâ mode. In fact, this is the default mode when no static name or IP address is provided. In this mode, MeshAgents perform a multicast search on the network for the server making a static DNS/IP unnecessary.
+- **Support for TLS Offloaders â**
+ > TLS offloaders are now fully supported. This means that MeshCentral can handle way more network connections and traffic significantly.
+- **Support for CIRA User/Pass Login â**
+ > MeshCentral now supports both Intel AMT CIRA user/pass login and certificate login. Compared to MeshCentral1 that only supported certificate login, user/pass login is easier to setup and it can also be used for TLS offloaders and CIRA authentication.
+- **No Live State Stored in the Database â**
+ > One if the big problems with MeshCentral1 is that a lot of the live states (Agent, User and AMT connections and disconnections) needed to be stored in the database. This caused a few problems, first the extra load on the database that was un-necessary, but also that servers did not have real-time state information about other servers (they had to query the database). This resulted in more load on the database and scaling issues. In MeshCentral, all live states are kept in the RAM which boosts performance significantly.
+- **Agentless Intel AMT Support â**
+ > With MeshCentral1, administrators have to install the MeshAgent software on all computers, even if it was only for used for Intel AMT. MeshCentral supports a new agent-less mesh type that allows administrators to just setup the server strictly for Intel AMT only.
+- **Latest Security & Crypto algorithms â**
+ > MeshCentral uses all the latest cryptographic algorithm, notably SHA384 and RSA3072 making it more resistant to future quantum computer attacks. This would be very difficult to retrofit into MeshCentralv1 since it would require change of database schema and 1000âs of line of code thus making the server incompatible with the current version version, making migration difficult.
+- **Support for Email Verification and Password Recovery â**
+ > MeshCentral can be configured with an SMTP server to send out e-mail confirmation messages and password recovery message. This is an important feature that was missing in MeshCentral1.
+- **MeshInterceptor Support â**
+ > MeshCentral can insert HTTP and Intel AMT redirection credential into a live data stream. This is useful to allow an administrator to securely pass Intel AMT password and control over an Intel AMT computer via web browser without the additional administrator login UI.
Itâs possible to perform migration to MeshCentral from MeshCentral1 server using a migration package. The MeshCentral Migration Tool will convert your existing user database into a format that can be imported into MeshCentral.
-
+
In addition to the migration tool, MeshCentral has a special module that will update all MeshAgents from v1 to v2 so the transition should be simple.
-## Additional Resources
+## đĄ Additional Resources
-In addition to this document, there are a growing set of MeshCentral tutorial videos available on YouTube which covers all of the basic at www.meshcommander.com/meshcentral2/tutorials. The tutorial includes videos on how to perform server installation using both the Windows MSI installer and NPM methods.
+In addition to this document, there are a growing set of MeshCentral tutorial videos available on YouTube which covers all of the basic at [www.meshcommander.com/meshcentral2/tutorials](https://www.meshcommander.com/meshcentral2/tutorials)
+. The tutorial includes videos on how to perform server installation using both the Windows MSI installer and NPM methods.
-
+
-## Conclusion
+## đ Conclusion
MeshCentral is a free, open source and powerful remote management solution that is cross-platform. In this document, we have covered in detail on how to install and configure MeshCentral server to meet specific environment and use-case. MeshCentral works in many environments and situations. MeshCentral is not only simple to install but also takes minimal resources to host which makes it a very good remote management solution. As with any good software, MeshCentral will continue to be updated and evolve.
@@ -1888,13 +2060,13 @@ In this annex, we present various suggestions. These are often found by users on
When doing a remote terminal session to a Linux computer, it may be interesting to run the bash shell under a different user. One would typically use the command:
-```
+```bash
su -s /bin/bash myOtherUser
```
However, because bash is not run in interactive mode, the command line prompt may be empty and history keys (up and down), tab and backspace will not work right. The correct command is:
-```
+```bash
su -c '/bin/bash -i' myOtherUser
```
@@ -1905,5 +2077,11 @@ This will run bash in interactive mode and work correctly.
MeshCentral has built-in web-based integration of SSH in the "Terminal" tab and SFTP in the "Files" tab.
-
+
+
+## PDF and ODT handout(s).
+
+[MeshCentral Guide](https://meshcentral.com/docs/MeshCentral2UserGuide.pdf)
+
+MeshCmd Guide [as .pdf](https://meshcentral.com/docs/MeshCmdUserGuide.pdf) [as .odt](https://github.com/Ylianst/MeshCentral/blob/master/docs/MeshCentral User's Guide v0.2.9.odt?raw=true)
\ No newline at end of file
diff --git a/docs/docs/meshcmd/index.md b/docs/docs/meshcmd/index.md
index 2c4cf1bb..eea8a7ae 100644
--- a/docs/docs/meshcmd/index.md
+++ b/docs/docs/meshcmd/index.md
@@ -1,8 +1,13 @@
# MeshCmd
-MeshCmd Guide [as .pdf](https://meshcentral.com/docs/MeshCmdUserGuide.pdf) [as .odt](https://github.com/Ylianst/MeshCentral/blob/master/docs/MeshCmd User's Guide v0.0.3.odt?raw=true)
+---
+Access the official MeshCmd user guide in your preferred format
-## Video Walkthru
+> - [đ PDF version](https://meshcentral.com/docs/MeshCmdUserGuide.pdf)
+> - [đ ODT version](https://github.com/Ylianst/MeshCentral/blob/master/docs/MeshCmd%20User%27s%20Guide%20v0.0.3.odt?raw=true)
+---
+
+## đŹ Video Walkthru
@@ -10,22 +15,24 @@ MeshCmd Guide [as .pdf](https://meshcentral.com/docs/MeshCmdUserGuide.pdf) [as .
-## Abstract
+## 𧞠Abstract
This user guide contains all essential information for the user to make full use of MeshCmd, a command line tool used to perform tasks on MeshCentral and for IntelÂŽ AMT. This tool run on Windows and Linux and perform a wide array of different tasks. From routing traffic over the Internet to activating Intel AMT, MeshCmd is a great do it all tool for computer management.
-## Introduction
+## đ Introduction
-MeshCmd, called âMesh Commandâ, is a command line tool that runs on both Windows and Linux and used to perform many tasks related to computer management. As the tool continues to evolve, it will continue to be improved and acquire more features. Broadly, the tool is intended to perform three sets of tasks.
+MeshCmd, called âMesh Commandâ, is a command line tool that runs on both Windows and Linux and used to perform many tasks related to computer management. As the tool continues to evolve, it will continue to be improved and acquire more features.
-`MeshCentral2 command line operations`
-- There are command line operations that relate to interacting with the MeshCentral2 server. A good example of this is to route traffic from your computer to a remote computer on the internet thru a MeshCentral2 server.
+Broadly, the tool is intended to perform three sets of tasks :
+
+- `MeshCentral2 command line operations`
+> There are command line operations that relate to interacting with the MeshCentral2 server. A good example of this is to route traffic from your computer to a remote computer on the internet thru a MeshCentral2 server.
-`Intel AMT local actions`
-- If you happen to have Intel AMT on your computer, MeshCmd can take a look at the version and activation status, activate and de-activate Intel AMT and help with getting access to Intel AMT and more.
+- `Intel AMT local actions`
+> If you happen to have Intel AMT on your computer, MeshCmd can take a look at the version and activation status, activate and de-activate Intel AMT and help with getting access to Intel AMT and more.
-`Intel AMT remote actions`
-- Whether you have Intel AMT on your local computer or a remote computer on your network, MeshCmd can help unlock the features Intel AMT provides. From getting the state of Intel AMT remotely to running configuration scripts and loading MeshCommander into Intel AMT web storage.
+- `Intel AMT remote actions`
+> Whether you have Intel AMT on your local computer or a remote computer on your network, MeshCmd can help unlock the features Intel AMT provides. From getting the state of Intel AMT remotely to running configuration scripts and loading MeshCommander into Intel AMT web storage.
To get started, you need to download MeshCmd for your computer. MeshCmd is a single file executable that you can get on MeshCommander.com at: [http://www.meshcommander.com/meshcommander/meshcmd](http://www.meshcommander.com/meshcommander/meshcmd)
@@ -35,11 +42,11 @@ If you have access to a MeshCentral2 server, the download link to MeshCmd is at
-Once you click on the âMeshCmdâ link, a dialog box will allow you to select the operating system you want to get a link to MeshCmd. MeshCentral will also provide an action file called meshaction.txt that contains information on how MeshCmd can connect back to that MeshCentral server. This is optional, and only used for some operations.
+Once you click on the `MeshCmd` link, a dialog box will allow you to select the operating system you want to get a link to MeshCmd. MeshCentral will also provide an action file called meshaction.txt that contains information on how MeshCmd can connect back to that MeshCentral server. This is optional, and only used for some operations.
Once downloaded, just run it from the command prompt or terminal window.
-```
+```bash
C:\Temp>meshcmd
MeshCentral Command (MeshCmd)
No action specified, use MeshCmd like this:
@@ -78,9 +85,9 @@ Help on a specific action using:
meshcmd help [action]
```
-By default you will get the help screen with all of the different actions you can take with the tool. You can also get help by typing âhelpâ followed by the action name. In this document we will cover the main actions that MeshCmd can perform. If you donât use Intel AMT at all, then only the MeshCentral actions are interesting for you. If you use Intel AMT, the rest of the actions will be of interest to you.
+By default you will get the help screen with all of the different actions you can take with the tool. You can also get help by typing `help` followed by the action name. In this document we will cover the main actions that MeshCmd can perform. If you donât use Intel AMT at all, then only the MeshCentral actions are interesting for you. If you use Intel AMT, the rest of the actions will be of interest to you.
-## MeshCentral TCP port mapping
+## đ MeshCentral TCP port mapping
MeshCmd can map a TCP port from your local computer to any remote port on any computer with one of your MeshAgents installed. This port mapping will work over a local network or the Internet and should work even thru proxies and firewalls.
@@ -90,13 +97,13 @@ In order to start using MeshCmd in this way, you first need to have access to a
Of course, this picture is a bit simplify. Firewalls, NAT routers and HTTP proxies may be in the way and the MeshAgent on the remote computer will act at the TCP traffic relay in most cases.
-One typical use of this is to route local port 1234 to port Microsoft RDP port 3389 on a remote device. Once routed, you can start a RDP session on âlocalhost:1234â and get a RDP session to the remote device. The RDP protocol is feature rich and efficient, so you get a great user experience regardless of where in the world the remote computer is at.
+One typical use of this is to route local port `1234` to port Microsoft RDP port 3389 on a remote device. Once routed, you can start a RDP session on `localhost:1234` and get a RDP session to the remote device. The RDP protocol is feature rich and efficient, so you get a great user experience regardless of where in the world the remote computer is at.
-To get started, click on a device in MeshCentral and click on the âRouterâ link on the bottom left of the device page.
+To get started, click on a device in MeshCentral and click on the `Router` link on the bottom left of the device page.
-You can download MeshCmd is you have not done so already, but more importantly, download the action.txt file. The file is in text format and contain something like this:
+You can download MeshCmd is you have not done so already, but more importantly, download the action.txt file. The file is in text format and contain something like this :
```json
{
@@ -118,119 +125,135 @@ You can download MeshCmd is you have not done so already, but more importantly,
The action file contains almost all the parameters needed to perform the route. It indicates the local and remote ports, the remote computer unique identifier, server location and authentication information and more. You can just put the action file in the same folder as MeshCmd and run MeshCmd, it will automatically pick up the arguments from the meshaction.txt file.
-You may want to change the local and remote port in the action file to suite your needs. Be default, the Microsoft RDP port is the target. If the password is not specified in the meshaction.txt file, you can also specify it as a meshcmd argument.
+You may want to change the local and remote port in the action file to suite your needs. By default, the Microsoft RDP port is the target. If the password is not specified in the `meshaction.txt` file, you can also specify it as a meshcmd argument.
-```
+```bash
C:\MeshCmd>meshcmd --pass xxxxxxxx
Redirecting local port 1234 to AmtMachine7:3389. Press ctrl-c to exit.
Now, the traffic router is ready. You can now RDP to localhost:1234 and login to the remote computer.
```
-## MeshCommander
+## đ§ MeshCommander
MeshCommander is a web based Intel AMT management console. MeshCmd has no less then three different versions of MeshCommander built-in, so if you are using Intel AMT, itâs worth a moment to get some knowledge about MeshCommander which is available as a standalone tool along with a full userâs guide at:[http://www.meshcommander.com/](http://www.meshcommander.com/)and also included as part of MeshCentral.
-The three versions included in MeshCmd are:
+The three versions included in MeshCmd are :
-- MeshCommander as a local web server.
-- MeshCommander for LMS
-- MeshCommander for firmware.
+- **MeshCommander as a local web server**.
+- **MeshCommander for LMS** .
+- **MeshCommander for firmware**.
In this section, we review the three versions, how they are used and what can be done with them.
-### MeshCommander local web server
+### 1. MeshCommander local web server
-You can start MeshCommander on a local web server by typing âmeshcmd meshcommanderâ. By default, local port 3000 is used, but you can optionally specify the port using â--localport [port]â. Running it with look like this:
+You can start MeshCommander on a local web server by typing `meshcmd meshcommander`. By default, local port `3000` is used, but you can optionally specify the port using `--localport [port]`. Running it with look like this:
-```
+```bash
C:\MeshCmd>meshcmd meshcommander
MeshCommander running on HTTP port 3000. Ctrl-C to exit.
```
-Once running, use a web browser and go to âhttp://localhost:3000â to see the MeshCommander web page. The page will start out without any computers in it and you will have to add some.
+Once running, use a web browser and go to `http://localhost:3000` to see the MeshCommander web page. The page will start out without any computers in it and you will have to add some.
-In this mode, the local computers that are added will be stored in the browserâs storage cache. So, clearing the browserâs cache will also clear the list of computers. You can however load and save the list of computers using the âOpenâŚâ and âSaveâŚâ buttons. This version of MeshCommander will have some limitations when compared to the full version installed using the Windows .MSI installer. Notably:
+In this mode, the local computers that are added will be stored in the browserâs storage cache. So, clearing the browserâs cache will also clear the list of computers. You can however load and save the list of computers using the `OpenâŚ` and `SaveâŚ` buttons. This version of MeshCommander will have some limitations when compared to the full version installed using the *Windows .MSI installer*. Notably :
- No certificate management or validation.
- Mutual-Authenticated TLS is not supported.
- Kerberos authentication is not supported.
- IDE-R is not supported.
-This said, features like KVM, Terminal and most Intel AMT configuration options are available which makes this a fairly powerful Intel AMT management console. You can run MeshCommander as a background server on both Windows and Linux. To do this, use the install, uninstall, start and stop commands like this:
+This said, features like KVM, Terminal and most Intel AMT configuration options are available which makes this a fairly powerful Intel AMT management console.
-```
+You can run MeshCommander as a background server on both Windows and Linux. To do this, use the install, uninstall, start and stop commands like this:
+
+```bash
C:\MeshCmd>meshcmd meshcommander install
-Installing to "C:\Program Files (x86)\Open Source\MeshCmd\MeshCommander.exe" MeshCommander installed.
+Installing to "C:\Program Files (x86)\Open Source\MeshCmd\MeshCommander.exe" MeshCommander installed.
+```
+```bash
C:\MeshCmd>meshcmd meshcommander start
MeshCommander starting.
```
On Linux computers, both systemd and initd are supported. When installing, the MeshCmd executable will be copied to a different installation folder.
-### LMS & MeshCommander
+### 2. LMS & MeshCommander
-The Layered Management Service (LMS) is a background process that runs in the operating system and provides local OS access to Intel AMT. More specifically, it redirects local TCP ports 16992 and 16993 to Intel AMT thru the MEI driver. One way to check if the LMS service is installed on your computer is to try[http://localhost:16992](http://localhost:16992/) or [https://localhost:16993](https://localhost:16993/)in a browser. A page should generally show up.
+The Layered Management Service (LMS) is a background process that runs in the operating system and provides local OS access to Intel AMT. More specifically, it redirects local TCP ports `16992` and `16993` to Intel AMT thru the MEI driver. One way to check if the LMS service is installed on your computer is to try *[http://localhost:16992](http://localhost:16992/)* or *[https://localhost:16993](https://localhost:16993/)* in a browser. A page should generally show up.
-On Windows, LMS is a Windows service that must be downloaded and installed as part of the OEM drivers for a computer. On Linux, itâs generally never installed and users normally have to download the source code and compile it themselves.
+> **đ Note :**
+
+> On Windows, LMS is a Windows service that must be downloaded and installed as part of the OEM drivers for a computer.
+
+> On Linux, itâs generally never installed and users normally have to download the source code and compile it themselves.
+
+---
MeshCmd has its own LMS implementation, so is LMS is not installed it will automatically use its own internal one. In addition, you can run MicroLMS alone by typing the following list while running as root or local administrator:
-```
+```bash
C:\MeshCmd>meshcmd microlms
MicroLMS started, MeshCommander on HTTP/16994.
```
-This will start MicroLMS and as indicated, start MeshCommander on local port 16994 at the same time. In total, traffic redirection looks like this:
+This will start MicroLMS and as indicated, start MeshCommander on local port `16994` at the same time.
+
+In total, traffic redirection looks like this :
-In addition to providing normal services, MicroLMS that is part of MeshCmd will also start a web server on port 16994 and allow a browser to access LMS MeshCommander, a special version of MeshCommander specially made to run in this situation.
+In addition to providing normal services, MicroLMS that is part of MeshCmd will also start a web server on port `16994` and allow a browser to access LMS MeshCommander, a special version of MeshCommander specially made to run in this situation.
-MeshCommander for LMS will show up even if the computer has Intel AMT un-configured and offer the user the choice to activate Intel AMT and perform configuration actions. In the following screen, we see a computer activated in Client Control Mode. Because itâs in this mode, you can use the web interface to de-activate Intel AMT or login to perform additional configuration.
+MeshCommander for LMS will show up even if the computer has Intel AMT un-configured and offer the user the choice to activate Intel AMT and perform configuration actions. In the following screen, we see a computer activated in Client Control Mode.
+
+Because itâs in this mode, you can use the web interface to de-activate Intel AMT or login to perform additional configuration.
-MicroLMS along with MeshCommander for LMS is very useful, especially on Linux as it offers a single tool to setup and configuration Intel AMT. If you wish you run MicroLMS without MeshCommander being available on port 16994, run MeshCmd with â--noconsole":
+MicroLMS along with MeshCommander for LMS is very useful, especially on Linux as it offers a single tool to setup and configuration Intel AMT. If you wish you run MicroLMS without MeshCommander being available on port 16994, run MeshCmd with `--noconsole`:
-```
+```bash
C:\MeshCmd>meshcmd microlms --noconsole
MicroLMS started.
```
-You can run MicroLMS as a background server on both Windows and Linux. To do this, use the MicroLMS install, uninstall, start and stop commands like this:
+You can run MicroLMS as a background server on both Windows and Linux. To do this, use the MicroLMS install, uninstall, start and stop commands like this :
-```
+```bash
C:\MeshCmd>meshcmd microlms install
Installing to "C:\Program Files (x86)\Open Source\MeshCmd\MicroLMS.exe"
MicroLMS installed.
+```
+```bash
C:\MeshCmd>meshcmd microlms start
MicroLMS starting.
```
On Linux computers, both systemd and initd are supported. When installing, the MeshCmd executable will be copied to a different installation folder.
-### MeshCommander for firmware
+### 3. MeshCommander for firmware
-MeshCmd also includes a surprising version of MeshCommander, the one you can load into the firmware of Intel AMT. Starting with Intel AMT 11.6, you can push into the small ~190k storage space of Intel AMT a replacement to the index.htm page served by the firmware on port 16992 & 16993. In the following picture, the left side is the original Intel AMT web page, the right is the replaced MeshCommander built to go in firmware.
+MeshCmd also includes a surprising version of MeshCommander, the one you can load into the firmware of Intel AMT. Starting with Intel AMT 11.6, you can push into the small ~190k storage space of Intel AMT a replacement to the index.htm page served by the firmware on port `16992` & `16993`. In the following picture, the left side is the original Intel AMT web page, the right is the replaced MeshCommander built to go in firmware.
The firmware version of MeshCommander has support for remote desktop, terminal and all sorts of Intel AMT usages and configuration. Probably the most surprising is that this entire page is between 40k and 100k depending on the version you select. Itâs notable that with MeshCommander loaded into Intel AMT firmware, one does not need any other tool except for a browser to perform most Intel AMT maintenance operations.
-```
+```bash
C:\MeshCmd>meshcmd amtloadwebapp --host 192.168.2.144 --pass xxxxxxxx
Uploading MeshCommander...
Verifying MeshCommander...
Done.
```
-To get the current state of Intel AMT web storage, type this:
+To get the current state of Intel AMT web storage, type this :
-```
+```bash
C:\MeshCmd>meshcmd amtstoragestate --host 192.168.2.144 --pass xxxxxxxx
Storage State: {
"information": {
@@ -248,16 +271,16 @@ Storage State: {
Here, a 57k index.htm replacement is present in the Intel AMT flash. You can clear the web storage, revering the web page back to the original like this:
-```
+```bash
C:\MeshCmd>meshcmd amtclearwebapp --host 192.168.2.144 --pass xxxxxxxx
Done.
```
-When MeshCommander is loaded into Intel AMT, you can access it from a different computer using [http://computername:16992 ](http://computername:16992/)or[https://computername:16993](https://computername:16993/) You will need to authenticate first before getting access to the web page.
+When MeshCommander is loaded into Intel AMT, you can access it from a different computer using *[http://computername:16992 ](http://computername:16992/)* or *[https://computername:16993](https://computername:16993/)* You will need to authenticate first before getting access to the web page.
-## Intel AMT state & activation
+## đ§ Intel AMT state & activation
-MeshCmd can easily be used to read the local state of the computer and Intel AMT. There are many commands available to do this. The âSMBiosâ action works on most computers and is used to get basic information about your current system. The output is JSON format.
+MeshCmd can easily be used to read the local state of the computer and Intel AMT. There are many commands available to do this. The `SMBios` action works on most computers and is used to get basic information about your current system. The output is JSON format.
```json
C:\MeshCmd>meshcmd smbios
@@ -301,26 +324,33 @@ C:\MeshCmd>meshcmd smbios
}
```
-If you have Intel AMT on your system, you can use the âamtinfoâ, âamtversionsâ and âamthashesâ to get lots of information about Intel AMT current state. These commands use the Intel AMT MEI driver to get this information and require MeshCmd be run as root or administrator:
+If you have Intel AMT on your system, you can use the `amtinfo`, `amtversions` and `amthashes` to get lots of information about Intel AMT current state. These commands use the Intel AMT MEI driver to get this information and require MeshCmd be run as root or administrator :
-```
-C:\MeshCmd>meshcmd amtinfo
-Intel AMT v8.1.71, activated in client control mode.
-Wired Enabled, DHCP, 00:1E:8C:F5:4F:ED, 192.168.2.10.
+> `meshcmd amtinfo`
+ ```bash
+ C:\MeshCmd>meshcmd amtinfo
+ Intel AMT v8.1.71, activated in client control mode.
+ Wired Enabled, DHCP, 00:1E:8C:F5:4F:ED, 192.168.2.10.
+ ```
-C:\MeshCmd>meshcmd amtversions
-MEI Version = MKQ7710H.86A.0072.2017.0519.1347
-Flash = 8.1.71
-Netstack = 8.1.71
-AMTApps = 8.1.71
-AMT = 8.1.71
-Sku = 24584
-VendorID = 8086
-Build Number = 3608
-Recovery Version = 8.1.71
-Recovery Build Num = 3608
-Legacy Mode = False
+> `meshcmd amtversions`
+ ```bash
+ C:\MeshCmd>meshcmd amtversions
+ MEI Version = MKQ7710H.86A.0072.2017.0519.1347
+ Flash = 8.1.71
+ Netstack = 8.1.71
+ AMTApps = 8.1.71
+ AMT = 8.1.71
+ Sku = 24584
+ VendorID = 8086
+ Build Number = 3608
+ Recovery Version = 8.1.71
+ Recovery Build Num = 3608
+ Legacy Mode = False
+ ```
+> `meshcmd amthashes`
+```bash
C:\MeshCmd>meshcmd amthashes
VeriSign Class 3 Primary CA-G1, (Default, Active)
SHA256: E7685634EFACF69ACE939A6B255B7B4FABEF42935B50A265ACB5CB6027E44E70
@@ -329,25 +359,38 @@ VeriSign Class 3 Primary CA-G3, (Default, Active)
âŚ
```
-In addition to getting Intel AMT state, MeshCmd can activate Intel AMT in client control mode (CCM) and de-activate Intel AMT if itâs in this mode. Doing this is very simple, starting with Intel AMT not being activated, you use the âamtccmâ and âamtdeactivateâ actions.
+In addition to getting Intel AMT state, MeshCmd can activate Intel AMT in client control mode (CCM) and de-activate Intel AMT if itâs in this mode. Doing this is very simple, starting with Intel AMT not being activated, you use the `amtccm` and `amtdeactivate` actions.
-```cmd
+> `meshcmd amtinfo`
+```bash
C:\MeshCmd>meshcmd amtinfo
Intel AMT v8.1.71, pre-provisioning state.
-
+```
+> `meshcmd amtccm --pass xxxxxxxx`
+```bash
C:\MeshCmd>meshcmd amtccm --pass xxxxxxxx
Success
-
+```
+> `meshcmd amtinfo`
+```bash
C:\MeshCmd>meshcmd amtinfo
Intel AMT v8.1.71, activated in client control mode.
-
+```
+> `meshcmd amtdeactivate`
+```bash
C:\MeshCmd>meshcmd amtdeactivate
Success
```
-Note that when using the âamtccmâ action, you need to provide a password that will be used for authentication into Intel AMT. This password must be strong with at least 8 characters including a lower case, an uppercase, a numeric value and a non-alpha-numeric value.
+---
-## Intel AMT Audit Log
+> **đ Note :**
+
+> Note that when using the `amtccm` action, you need to provide a password that will be used for authentication into Intel AMT. This password must be strong with at least 8 characters including a lower case, an uppercase, a numeric value and a non-alpha-numeric value.
+
+---
+
+## đ Intel AMT Audit Log
One very useful feature of MeshCmd is its ability to fetch the Intel AMT audit log. This can be valuable when doing forensics on a computer or just trying figure out what is being done thru Intel AMT. MeshCmd can pull the audit log on a local computer without any credentials, as long as itâs running as root or administrator, or pull the audit log remotely if usual credentials are provided.
@@ -355,7 +398,7 @@ One very useful feature of MeshCmd is its ability to fetch the Intel AMT audit l
The Intel AMT audit log will show when a computerâs Intel AMT was activated, when remote desktop sessions where initiated and more. To get the local audit log, just use the âAmtAuditLogâ action.
-```cmd
+```shell
C:\MeshCmd>meshcmd amtauditlog
2004-01-01 19:17:58.000-08:00 - Local: Provisioning Started
2018-01-26 14:03:16.000-08:00 - Local: Unprovisioning Started
@@ -367,9 +410,9 @@ C:\MeshCmd>meshcmd amtauditlog
2018-02-02 10:56:08.000-08:00 - admin: KVM Session Ended
```
-To get a remote audit log:
+To get a remote audit log :
-```cmd
+```shell
C:\MeshCmd>meshcmd amtauditlog --host 192.168.2.144 --user admin --pass xxxxxxxx
2003-12-31 23:06:58.000-08:00 - $$OsAdmin: Intel(r) ME Time Set
2017-08-15 06:53:31.000-07:00 - $$OsAdmin: Intel(r) ME Time Set
@@ -378,23 +421,23 @@ C:\MeshCmd>meshcmd amtauditlog --host 192.168.2.144 --user admin --pass xxxxxxxx
2017-10-15 06:44:38.000-07:00 - admin: KVM Enabled
```
-You can also save the audit log to file using the â--output" option.
+You can also save the audit log to file using the `--output` option.
-## Running Intel AMT script
+## đť Running Intel AMT script
-MeshCmd has a full WSMAN stack built-in and can be used to run â.mescriptâ file on a target Intel AMT computer. Script file are useful when you want to run a set of actions on one or more Intel AMT computers at once. You can build a .mescript file using the script editor within MeshCommander.
+MeshCmd has a full WSMAN stack built-in and can be used to run `.mescript` file on a target Intel AMT computer. Script file are useful when you want to run a set of actions on one or more Intel AMT computers at once. You can build a .mescript file using the script editor within MeshCommander.
This script editor allows the user to drag & drop script blocks, set parameters on each block and test the script against a connected Intel AMT computer.
-In addition to building your own scripts, you can download a CIRA setup script from a MeshCentral server. When running this script, Intel AMT will be setup to call back to the server using an encrypted connection. This enables remote management of Intel AMT over the Internet. The CIRA setup script is available in the âAdd CIRAâ link for meshes that are Intel AMT only (no agent).
+In addition to building your own scripts, you can download a CIRA setup script from a MeshCentral server. When running this script, Intel AMT will be setup to call back to the server using an encrypted connection. This enables remote management of Intel AMT over the Internet. The CIRA setup script is available in the `Add CIRA` link for meshes that are Intel AMT only (no agent).
Once you got the script, run it with MeshCmd like this. You specify the host if itâs not localhost, the password and the script file.
-```cmd
+```shell
C:\MeshCmd>meshcmd amtscript --host 192.168.2.106 --pass xxxxxxxx --script cira_setup.mescript
Script Started
Policies removed successfully
@@ -414,9 +457,9 @@ In this example, the CIRA setup script was run on a remote computer. After the s
-## IDE Redirection
+## âĄď¸ IDE Redirection
-## Video Walkthru
+## đŹ Video Walkthru
@@ -426,9 +469,9 @@ MeshCmd has all the code needed to perform Intel AMT IDE Redirection from the co
-Then use the âAmtIDERâ command of MeshCMD to start an IDER session. The help command for AmtIDER looks like this:
+Then use the `AmtIDER` command of MeshCMD to start an IDER session. The help command for AmtIDER looks like this:
-```cmd
+```shell
C:\Temp>meshcmd help amtider
AmtIDER will mount a local disk images to a remote Intel AMT computer. Example usage:
@@ -447,7 +490,7 @@ Possible arguments:
The command is fairly simple. It takes as input a remote host, username/password for Intel AMT login, the disk images and TLS option. One can also specify the timeout option so that MeshCMD will automatically disconnect when no disk read operations are performed for a set number of seconds.
-## Conclusion
+## đ Conclusion
MeshCmd is a cross-platform command line tools that perform an ever-growing list of actions that are important for remote computer management. MeshCmd works alone or with MeshCentral and MeshCommander to offer a suite of free, opens source and powerful tools that work well together.
diff --git a/docs/docs/other/adfs_sso_guide.md b/docs/docs/other/adfs_sso_guide.md
index cd16e759..7adc5f10 100644
--- a/docs/docs/other/adfs_sso_guide.md
+++ b/docs/docs/other/adfs_sso_guide.md
@@ -1,41 +1,49 @@
# ADFS SSO Guide
-## Assumptions
+## đ Assumptions
-The following guide was built under the assumptions that:
+The following guide was built under the assumptions that :
-1. ADFS 4.0 running on Server 2016 using Active Directory
-2. Main ADFS setup already completed / working. SSL certs installed and port forwarded as expected.
+1. *ADFS 4.0 running on Server 2016 using Active Directory*
+
+2. *Main ADFS setup already completed / working. SSL certs installed and port forwarded as expected.*
The guide was built to deal specifically with adding mesh as a Relying Party. Iâm far from an ADFS expert and some configurations may not be needed. Most of this was built by reading the code and taking guesses as to the needed values.
-## Guide
+## đ Guide
As with anything SSO, you need 2 pieces â the IDP setup (in this case ADFS) and the SP setup (in this case Mesh).
### Mesh Setup
-Add the following to your mesh config file in the domains part:
+Add the following to your mesh config file in the domains part :
-`Callback URL`: Should be the FQDN for your Mesh Server, ending with /auth-saml-callback
+- `Callback URL` :
-`Entity ID`: This is how ADFS IDs which party the request goes to. You can set this to whatever you want, but you will need this value later on when working in ADFS.
+ > Should be the FQDN for your Mesh Server, ending with /auth-saml-callback
-`IDP URL`: This is the URL to ADFS. Ends with /adfs/ls unless you did something very weird in ADFS.
+- `Entity ID` :
-`Cert`: You will need to export the token signing cert from ADFS, then convert it to PEM format. This cert can be found in `ADFS -> Service -> Certificates`. You can use this openssl command to convert it from CRT to PEM format:
+ > This is how ADFS IDs which party the request goes to. You can set this to whatever you want, but you will need this value later on when working in ADFS.
-```
-openssl x509 -in mycert.crt -out mycert.pem -outform PEM
-```
+- `IDP URL`:
+
+ > This is the URL to ADFS. Ends with /adfs/ls unless you did something very weird in ADFS.
+
+- `Cert`:
+
+ > You will need to export the token signing cert from ADFS, then convert it to PEM format. This cert can be found in `ADFS -> Service -> Certificates`. You can use this openssl command to convert it from CRT to PEM format :
+ ```bash
+ openssl x509 -in mycert.crt -out mycert.pem -outform PEM
+ ```
Save the config and restart the mesh server.
### Windows Server Configuration
-ADFS setup (in pictures):
+ADFS setup (in pictures) :
Relying Party Trust -> New Relying Party Trust
diff --git a/docs/docs/other/meshcentral_satellite.md b/docs/docs/other/meshcentral_satellite.md
index c6f572e7..154d2490 100644
--- a/docs/docs/other/meshcentral_satellite.md
+++ b/docs/docs/other/meshcentral_satellite.md
@@ -1,15 +1,15 @@
# MeshCentral Satellite
-Coming Soon
+### **_đ Coming Soon!_**
-## Abstract
+## 𧞠Abstract
MeshCentral Satellite is a Windows application that acts as a relay between a Windows Active Directory Domain and a MeshCentral Server. Once setup, the MeshCentral server can request that MeshCentral Satellite create an 802.1x computer profile for Intel AMT in the domain, or ask a certificate authority to issue or revoke a certificate.
-## Introduction
+## đ Introduction
A MeshCentral server can run in the cloud on a Linux server, but it may occasionally need to interact with a domain controller to perform some operations. MeshCentral Satellite is built to perform this function. MeshCentral Satellite is a Windows application built in C# and must run on a computer that is part of a domain and must run with sufficient rights to perform LDAP object addition and removal. If a certificate authority (CA) needs to be used, MeshCentral Satellite needs to have sufficient rights to ask the CA issue or revoke certificates.
@@ -17,18 +17,18 @@ MeshCentral Satellite should run on a computer that is always on. Once running,
-Currently, MeshCentral Satellite can perform four operations on behalf of the MeshCentral server:
+Currently, MeshCentral Satellite can perform four operations on behalf of the MeshCentral server :
-- Create an Intel AMT domain computer.
-- Remove an Intel AMT domain computer.
-- Issue a certificate for Intel AMT.
-- Revoke an Intel AMT certificate.
+- **Create an Intel AMT domain computer**.
+- **Remove an Intel AMT domain computer**.
+- **Issue a certificate for Intel AMT**.
+- **Revoke an Intel AMT certificate**.
MeshCentral Satellite can run both as a standalone application which is practical to get started and it can be setup as a background Windows Service for long term operations. To get started, we will run it as a standalone application and start working on getting it setup.
-## Installation and Configuration
+## 𧰠Installation and Configuration
-Start by creating an empty folder on a computer that is part of the domain you need to interact with. For example, create a âc:\MeshCentralSatelliteâ then copy âMeshCentralSatellite.exeâ into that folder. You can find that executable in the ânode_modules/meshcentral/agentsâ folder of your server. If itâs not present, update your server to the latest version and look again.
+Start by creating an empty folder on a computer that is part of the domain you need to interact with. For example, create a `c:\MeshCentralSatellite` then copy `MeshCentralSatellite.exe` into that folder. You can find that executable in the `node_modules/meshcentral/agents` folder of your server. If itâs not present, update your server to the latest version and look again.
Once started you should see something this:
@@ -46,23 +46,23 @@ If your MeshCentral server is a test server that does not have a real TLS certif
-The âDevice Nameâ has two options, âOperating System Nameâ or âNode Identifierâ. If you opt for âOperating System Nameâ, Intel AMT devices will show as, for example, âiME-ComputerNameâ in the list of domain computers. If ânode identifierâ is used, Intel AMT devices will look like âiME-xxxxxxxxxxxâ where xxx is the start of the MeshCentral node identifier for this device.
+The `Device Name` has two options, `Operating System Name` or `Node Identifier`. If you opt for `Operating System Name`, Intel AMT devices will show as, for example, `iME-ComputerName` in the list of domain computers. If `node identifier` is used, Intel AMT devices will look like `iME-xxxxxxxxxxx` where xxx is the start of the MeshCentral node identifier for this device.
Using the node identifier is more secure as it canât easily be replicate by any other device. The operating system name would be impersonated by another device causing various security issues.
-The security groups section will list any security groups created until the âComputersâ section of the domain controller. Checking one or more of these security groups will automatically going new Intel AMT devices to these groups.
+The security groups section will list any security groups created until the `Computers` section of the domain controller. Checking one or more of these security groups will automatically going new Intel AMT devices to these groups.
-Lastly, we have the certificate authority and certificate settings. If a certificate authority needs to used, enter the name of the CA which is in the format â\â you can then hit the check box next to the name and select the certificate template to use.
+Lastly, we have the certificate authority and certificate settings. If a certificate authority needs to used, enter the name of the CA which is in the format `\` you can then hit the check box next to the name and select the certificate template to use.
-For certificate configuration, you can leave it as-is with âSAM Account Nameâ and the common name and all alternative names selected.
+For certificate configuration, you can leave it as-is with `SAM Account Name` and the common name and all alternative names selected.
-Once done, you can hit ok. The settings will be saved in a file called âconfig.txtâ in plain text in the same folder as âMeshCentralSatellite.exeâ. Make sure not to grant access to this file to anyone not authorized to do so as it will have the MeshCentral login username and password.
+Once done, you can hit ok. The settings will be saved in a file called `config.txt` in plain text in the same folder as `MeshCentralSatellite.exe`. Make sure not to grant access to this file to anyone not authorized to do so as it will have the MeshCentral login username and password.
-Once done, select âLocal Connectâ the âFilesâ menu to connect to the MeshCentral server.
+Once done, select `Local Connect` the `Files` menu to connect to the MeshCentral server.
@@ -70,19 +70,21 @@ Once done, select âLocal Connectâ the âFilesâ menu to connect to the Mes
MeshCentral Satellite should be connected and ready to receive commands from the server.
-## Checking the connection
+## â Checking the connection
-In order to make sure the server correctly recognizes the MeshCentral Satellite connection, you can go to the server console and type âusersessionâ. The Satellite session should be marked.
+In order to make sure the server correctly recognizes the MeshCentral Satellite connection, you can go to the server console and type `usersession`. The Satellite session should be marked.
Currently, you should only have a single satellite session per user. In the future, multiple sessions could be supported for redundancy.
-## Configuring IntelÂŽ AMT 802.1x
+## đ§ Configuring IntelÂŽ AMT 802.1x
-To start using MeshCentral Satellite, you can configure Intel AMT with an 802.1x profile, this is done in the domain section of the config.json. Here is an example of an 802.1x EAP-TLS profile that will require that Intel AMT be issued a certificate:
+To start using MeshCentral Satellite, you can configure Intel AMT with an 802.1x profile, this is done in the domain section of the config.json.
-```
+Here is an example of an 802.1x EAP-TLS profile that will require that Intel AMT be issued a certificate :
+
+```json
"AmtManager": {
"802.1x": {
"AuthenticationProtocol": "EAP-TLS",
@@ -100,7 +102,7 @@ To start using MeshCentral Satellite, you can configure Intel AMT with an 802.1x
In this following example, MSCHAPv2 is used and so, MeshCentral Satellite will need to generate a random password, save it in the active directory and send the password back to MeshCentral for Intel AMT configuration:
-```
+```json
"AmtManager": {
"802.1x": {
"AuthenticationProtocol": "PEAPv0/EAP-MSCHAPv2",
@@ -116,19 +118,19 @@ In this following example, MSCHAPv2 is used and so, MeshCentral Satellite will n
}
```
-The second example does not require that a certificate authority be setup, the first example does. In both cases, the WIFI profile is set to âwpa2-802.1xâ and so, the 802.1x profile will be setup for both the Intel AMT wired interface and the specified WIFI profile for wireless.
+The second example does not require that a certificate authority be setup, the first example does. In both cases, the WIFI profile is set to `wpa2-802.1x` and so, the 802.1x profile will be setup for both the Intel AMT wired interface and the specified WIFI profile for wireless.
-Note that is both examples, âSatelliteCredentialsâ indicates the account name that MeshCentral Satellite will be connected on. In our case, we used the âadminâ account that matches the account configuration we used in sections 3 and 4.
+Note that is both examples, `SatelliteCredentials` indicates the account name that MeshCentral Satellite will be connected on. In our case, we used the `admin` account that matches the account configuration we used in sections 3 and 4.
-Make these changes to the config.json and restart the MeshCentral server. Once done, any device groups that are set to configure Intel AMT will generate operations for MeshCentral Satellite.
+Make these changes to the `config.json` and restart the MeshCentral server. Once done, any device groups that are set to configure Intel AMT will generate operations for MeshCentral Satellite.
-## Computer and certificate operations
+## 𧞠Computer and certificate operations
Once MeshCentral and MeshCentral Satellite are setup, make sure a device group has an active Intel AMT policy. In the example below, we have a device group with an Admin Control Mode (ACM) activation policy.
-Computers connecting to this device group will automatically be setup with the new 802.1x and WIFI profile, but you can go in an agent console and type âamtconfigâ to force the check of the Intel AMT configuration. In our case, it looks like this:
+Computers connecting to this device group will automatically be setup with the new 802.1x and WIFI profile, but you can go in an agent console and type `amtconfig` to force the check of the Intel AMT configuration. In our case, it looks like this :
@@ -140,29 +142,29 @@ The MeshCentral Satellite received an 802.1x EAP-TLS request. It asked Intel AMT
-The new Intel AMT device was added to the domain along with the Intel AMT version and node identifier in the description. If âNode Identifierâ was selected as the computer name in MeshCentral Satellite settings, the friendly name would be in the description and the node identifier would be used as the device name.
+The new Intel AMT device was added to the domain along with the Intel AMT version and node identifier in the description. If `Node Identifier` was selected as the computer name in MeshCentral Satellite settings, the friendly name would be in the description and the node identifier would be used as the device name.
-Finally, itâs worth taking a look at how Intel AMT was configured before and after this operation. Before setting up the 802.1x profile, Intel AMT looked like this:
+Finally, itâs worth taking a look at how Intel AMT was configured before and after this operation. Before setting up the 802.1x profile, Intel AMT looked like this :
-Note that there is no 802.1x profiles or WIFI profiles. After the new configuration, MeshCommander shows Intel AMT looking like this:
+Note that there is no 802.1x profiles or WIFI profiles. After the new configuration, MeshCommander shows Intel AMT looking like this :
-There are now two new certificates in the âSecurityâ tab. One if the root of the domain CA, the other is the certificate assigned to the Intel AMT device by the CA. You also see the WIFI 802.1x profile. In this example, the device did not have a wired network interface, but if it did, 802.1x would also be setup for the wired interface.
+There are now two new certificates in the `Security` tab. One if the root of the domain CA, the other is the certificate assigned to the Intel AMT device by the CA. You also see the WIFI 802.1x profile. In this example, the device did not have a wired network interface, but if it did, 802.1x would also be setup for the wired interface.
-## Running as a Background Service
+## đĽď¸ Running as a Background Service
-MeshCentral Satellite can be run as a background service. This is useful when running for lang periods on a domain server. You can use the âServiceâ menu in MeshCentral Satellite to install, start, stop and uninstall the Windows service. Make sure to come and run âMeshCentralSatellite.exeâ from the correct location you want to install the Windows Service from.
+MeshCentral Satellite can be run as a background service. This is useful when running for lang periods on a domain server. You can use the `Service` menu in MeshCentral Satellite to install, start, stop and uninstall the Windows service. Make sure to come and run âMeshCentralSatellite.exeâ from the correct location you want to install the Windows Service from.
-Since MeshCentral Satellite need to have domain rights to add and remove computer objects from the active directory and to have certificate authority (CA) rights, you may want to install the service, go in the service manager and change the âLog Onâ account to one with the proper rights.
+Since MeshCentral Satellite need to have domain rights to add and remove computer objects from the active directory and to have certificate authority (CA) rights, you may want to install the service, go in the service manager and change the `Log On` account to one with the proper rights.
@@ -170,8 +172,8 @@ Once set, you can start the service from within MeshCentral Satellite. Once the
-The lines starting with âService:â are coming from the background service. At this point, you can close the local application and the service will keep running in the background.
+The lines starting with `Service:` are coming from the background service. At this point, you can close the local application and the service will keep running in the background.
## License
-MeshCentral, MeshCentral Satellite and this document are both opens source and licensed using Apache 2.0, the full license can be found at .
\ No newline at end of file
+MeshCentral, MeshCentral Satellite and this document are both opens source and licensed using Apache 2.0, the full license can be found at [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0).
\ No newline at end of file
diff --git a/docs/docs/stylesheets/extra.css b/docs/docs/stylesheets/extra.css
index 721e0b33..92b9ef9e 100644
--- a/docs/docs/stylesheets/extra.css
+++ b/docs/docs/stylesheets/extra.css
@@ -1,99 +1,24 @@
-/* Maximum space for text block */
.md-grid {
- max-width: 95%; /* or 100%, if you want to stretch to full-width */
- }
+ max-width: 80%;
+}
-.md-header {
- background-color: #0b3e81 !important;
- color: white !important;
+img {
+ height: auto;
+ width: auto;
+ border: none;
+ border-radius: 10px;
+ transition: transform ease-in-out 0.3s;
}
-.md-search__input {
- background-color: white !important;
+img:hover {
+ transform: scale(1.025); /* Slightly enlarges on hover */
}
-.md-search__icon[for=__search]{
- color: initial;
+
+.video-wrapper iframe {
+ width: 100%; /* Ratio 16:9 */
+ height: 600px; /* Ratio 16:9 */
+ border-radius: 10px; /* Rounded Corners */
+ transition: transform ease-in-out 0.3s;
}
-.md-container {
- background-color: #0b3e81;
-}
-.md-footer-meta__inner {
- background-color: #0b3e81;
-}
-.md-grid {
-}
-.md-nav__item .md-nav__link--active {
- color: white;
-}
-.md-nav__link {
- color: white;
-}
-.md-nav__link[data-md-state=blur] {
- color: white;
-}
-.md-tabs {
- background-color: #0b3e81;
- color: white;
-}
-.md-tabs__list {
-}
-.md-typeset a {
- color: whitesmoke;
- text-decoration: underline;
- text-shadow: 4px 4px 8px black;
-}
-.md-typeset h1 {
- color: white;
- text-shadow: 4px 4px 8px black;
-}
-.md-typeset h2 {
- color: white;
- text-shadow: 4px 4px 8px black;
-}
-.md-typeset h3 {
- color: white;
- text-shadow: 4px 4px 8px black;
-}
-.md-typeset h4 {
- color: white;
- text-shadow: 4px 4px 8px black;
-}
-.md-typeset h5 {
- color: white;
- text-shadow: 4px 4px 8px black;
-}
-.md-typeset table {
- color: black;
-}
-.md-main {
- color: white !important;
- background-color: #113962;
- background: linear-gradient(to bottom, #104893 0%,#113962 100%);
-}
-a:link {
- color: #c8c8c8;
-}
-.html {
- background-color: #0b3e81;
-}
-.dlspan {
- background-color:gray;
- color:black;
- font-size:16px;
- padding:4px;
- border-radius:4px;
- box-shadow: 2px 2px 4px black;
-}
-.md-typeset .tabbed-set {
- border-left-width: 0.2rem;
- border-left-color: rgb(244, 244, 244);
- border-left-style: solid;
- border-radius: 4px;
- background-color: rgba(68,138,255,.1);
- border-color: rgb(244, 244, 244);
- padding: 5px;
-}
-@media only screen and (max-width: 76.1875em) {
- .md-nav__link {
- color: black;
- }
- }
+.video-wrapper:hover iframe {
+ transform: scale(1.025); /* Slightly enlarges on hover */
+}
\ No newline at end of file
diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml
index 8773ed8a..0d820b4c 100644
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@@ -1,53 +1,59 @@
site_name: "MeshCentral Documentation"
nav:
- - Home: index.md
+ - Home:
+ - 'Abstract': './index.md'
- - Install:
- - install/index.md
- - install/install2.md
+ - 'Install':
+ - 'Abstract': './install/abstract.md'
+ - 'Quickstart': 'install/quickstart.md'
+ - 'Installation Guides':
+ - 'Abstract': './install/abstract.md'
+ - 'Advanced': './install/advanced.md'
+ - 'Container (Docker)': './install/container.md'
+ - 'Windows': './install/windows.md'
+ - 'Databases':
+ - 'MongoDB': './install/database/mongodb.md'
+ - 'PostgreSQL': './install/database/postgresql.md'
+ - 'MariaDB/MySQL': './install/database/mariadb.md'
+ - 'Local Databases': './install/database/local.md'
+ - 'Security':
+ - 'Crowdsec': './install/security/crowdsec.md'
+ - 'Secure Installation': './install/security/secure.md'
- - MeshCentral2:
- - 'MeshCentral2 Guide': 'meshcentral/index.md'
- - 'All Configuration Options': 'meshcentral/config.md'
- - 'Agent Information': 'meshcentral/agents.md'
- - 'Assistant': 'meshcentral/assistant.md'
- - 'Code Signing': 'meshcentral/codesigning.md'
- - 'Debugging': 'meshcentral/debugging.md'
- - 'Device Tabs': 'meshcentral/devicetabs.md'
- - 'Plugins': 'meshcentral/plugins.md'
- - 'SSL': 'meshcentral/SSLnletsencrypt.md'
- - 'Security': 'meshcentral/security.md'
- - 'Tokens': 'meshcentral/tokens.md'
- - 'FAQ': 'meshcentral/faq.md'
- - 'Tips n Tricks': 'meshcentral/tipsntricks.md'
- - 'Messaging': 'messaging/index.md'
- - 'Customization': 'meshcentral/customization.md'
- - 'openidConnectStrategy': 'meshcentral/openidConnectStrategy.md'
-
- - Design and Architecture:
- - design/index.md
+ - 'MeshCentral':
+ - 'MeshCentral Guide': './meshcentral/index.md'
+ - 'All Configuration Options': './meshcentral/config.md'
+ - 'SSL/TLS': './meshcentral/SSLnletsencrypt.md'
+ - 'Agent Information': './meshcentral/agents.md'
+ - 'Assistant': './meshcentral/assistant.md'
+ - 'Code Signing': './meshcentral/codesigning.md'
+ - 'Debugging': './meshcentral/debugging.md'
+ - 'Device Tabs': './meshcentral/devicetabs.md'
+ - 'Plugins': './meshcentral/plugins.md'
+ - 'Security': './meshcentral/security.md'
+ - 'Tokens': './meshcentral/tokens.md'
+ - 'FAQ': './meshcentral/faq.md'
+ - 'Tips n Tricks': './meshcentral/tipsntricks.md'
+ - 'Messaging': './messaging/index.md'
+ - 'Customization': './meshcentral/customization.md'
+ - 'OpenID Connect Strategy (OIDC)': './meshcentral/openidConnectStrategy.md'
- - MeshCmd:
- - meshcmd/index.md
+ - 'Submodules and Features':
+ - 'MeshCmd': ./meshcmd/index.md
+ - 'MeshCtrl': ./meshctrl/index.md
+ - 'Mesh Router': ./meshrouter/index.md
+ - 'Intel AMT': ./intelamt/index.md
- - MeshCtrl:
- - meshctrl/index.md
+ - 'How to Contribute': './how-to-contribute/index.md'
- - Mesh Router:
- - meshrouter/index.md
+ - 'Design and Architecture': './design/index.md'
- - Intel AMT:
- - intelamt/index.md
-
- - How to Contribute:
- - how-to-contribute/index.md
-
- - Other:
- - other/adfs_sso_guide.md
- - other/meshcentral_satellite.md
+ - 'Other':
+ - './other/adfs_sso_guide.md'
+ - './other/meshcentral_satellite.md'
site_description: "A remote monitoring and management tool"
-site_author: "Ylianst"
+site_author: "Ylianst and others"
site_url: "https://ylianst.github.io/MeshCentral/"
dev_addr: "0.0.0.0:8010"
@@ -55,46 +61,45 @@ dev_addr: "0.0.0.0:8010"
# Repository
repo_name: "Ylianst/MeshCentral"
repo_url: "https://github.com/Ylianst/MeshCentral"
-edit_uri: ""
theme:
name: "material"
logo: "images/favicon.ico"
favicon: "images/favicon.ico"
- language: "en"
+ language: en
+ locale: en
+ include_sidebar: false
palette:
- primary: "white"
- accent: "indigo"
+ - scheme: default # Palette toggle for dark mode
+ toggle:
+ icon: material/brightness-7
+ name: Switch to light mode
+ - scheme: slate # Palette toggle for light mode
+ toggle:
+ icon: material/brightness-4
+ name: Switch to dark mode
features:
+ - content.code.copy
+ - content.code.select
- navigation.tabs
- - navigation.expand
- navigation.top
+ - navigation.sections
- navigation.instant
+ - search.suggest
extra_css:
- stylesheets/extra.css
extra:
generator: false
+plugins:
+ - search
+ - print-site
markdown_extensions:
- - pymdownx.keys
- - pymdownx.inlinehilite
- - pymdownx.arithmatex:
- generic: true
- - pymdownx.betterem:
- smart_enable: all
- - pymdownx.caret
- - admonition
- - pymdownx.details
- - pymdownx.highlight
- - pymdownx.mark
- - pymdownx.smartsymbols
- - codehilite:
- guess_lang: true
- - toc:
- permalink: true
- pymdownx.emoji:
- emoji_index: !!python/name:materialx.emoji.twemoji
- emoji_generator: !!python/name:materialx.emoji.to_svg
+ emoji_index: !!python/name:material.extensions.emoji.twemoji
+ emoji_generator: !!python/name:material.extensions.emoji.to_svg
- pymdownx.superfences
- pymdownx.tabbed:
alternate_style: true
+ - admonition
+ - tables
diff --git a/docs/powerpoints/MeshCentral - 0009 - Desktop Multiplexer.pptx b/docs/presentations/MeshCentral - 0009 - Desktop Multiplexer.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0009 - Desktop Multiplexer.pptx
rename to docs/presentations/MeshCentral - 0009 - Desktop Multiplexer.pptx
diff --git a/docs/powerpoints/MeshCentral - 0027 - Overview Presentation.pptx b/docs/presentations/MeshCentral - 0027 - Overview Presentation.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0027 - Overview Presentation.pptx
rename to docs/presentations/MeshCentral - 0027 - Overview Presentation.pptx
diff --git a/docs/powerpoints/MeshCentral - 0028 - Multi-domain Server.pptx b/docs/presentations/MeshCentral - 0028 - Multi-domain Server.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0028 - Multi-domain Server.pptx
rename to docs/presentations/MeshCentral - 0028 - Multi-domain Server.pptx
diff --git a/docs/powerpoints/MeshCentral - 0029 - Technical - A short history of MeshCentral.pptx b/docs/presentations/MeshCentral - 0029 - Technical - A short history of MeshCentral.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0029 - Technical - A short history of MeshCentral.pptx
rename to docs/presentations/MeshCentral - 0029 - Technical - A short history of MeshCentral.pptx
diff --git a/docs/powerpoints/MeshCentral - 0030 - Technical - REST vs WebSocket.pptx b/docs/presentations/MeshCentral - 0030 - Technical - REST vs WebSocket.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0030 - Technical - REST vs WebSocket.pptx
rename to docs/presentations/MeshCentral - 0030 - Technical - REST vs WebSocket.pptx
diff --git a/docs/powerpoints/MeshCentral - 0031 - Technical - Agent Updates.pptx b/docs/presentations/MeshCentral - 0031 - Technical - Agent Updates.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0031 - Technical - Agent Updates.pptx
rename to docs/presentations/MeshCentral - 0031 - Technical - Agent Updates.pptx
diff --git a/docs/powerpoints/MeshCentral - 0037 - Technical - Agent Tunnels(1).pptx b/docs/presentations/MeshCentral - 0037 - Technical - Agent Tunnels(1).pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0037 - Technical - Agent Tunnels(1).pptx
rename to docs/presentations/MeshCentral - 0037 - Technical - Agent Tunnels(1).pptx
diff --git a/docs/powerpoints/MeshCentral - 0037 - Technical - Agent Tunnels.pptx b/docs/presentations/MeshCentral - 0037 - Technical - Agent Tunnels.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0037 - Technical - Agent Tunnels.pptx
rename to docs/presentations/MeshCentral - 0037 - Technical - Agent Tunnels.pptx
diff --git a/docs/powerpoints/MeshCentral - 0038 - Server & DB Migration.pptx b/docs/presentations/MeshCentral - 0038 - Server & DB Migration.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0038 - Server & DB Migration.pptx
rename to docs/presentations/MeshCentral - 0038 - Server & DB Migration.pptx
diff --git a/docs/powerpoints/MeshCentral - 0039 - Intel AMT Configuration and CIRA.pptx b/docs/presentations/MeshCentral - 0039 - Intel AMT Configuration and CIRA.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0039 - Intel AMT Configuration and CIRA.pptx
rename to docs/presentations/MeshCentral - 0039 - Intel AMT Configuration and CIRA.pptx
diff --git a/docs/powerpoints/MeshCentral - 0040 - Technical - Inter-User Messaging.pptx b/docs/presentations/MeshCentral - 0040 - Technical - Inter-User Messaging.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0040 - Technical - Inter-User Messaging.pptx
rename to docs/presentations/MeshCentral - 0040 - Technical - Inter-User Messaging.pptx
diff --git a/docs/powerpoints/MeshCentral - 0042 - Technical - Web Applications.pptx b/docs/presentations/MeshCentral - 0042 - Technical - Web Applications.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0042 - Technical - Web Applications.pptx
rename to docs/presentations/MeshCentral - 0042 - Technical - Web Applications.pptx
diff --git a/docs/powerpoints/MeshCentral - 0043 - Let's Encrypt.pptx b/docs/presentations/MeshCentral - 0043 - Let's Encrypt.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0043 - Let's Encrypt.pptx
rename to docs/presentations/MeshCentral - 0043 - Let's Encrypt.pptx
diff --git a/docs/powerpoints/MeshCentral - 0044 - JumpCloud.pptx b/docs/presentations/MeshCentral - 0044 - JumpCloud.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0044 - JumpCloud.pptx
rename to docs/presentations/MeshCentral - 0044 - JumpCloud.pptx
diff --git a/docs/powerpoints/MeshCentral - 0045 - Local Device Management.pptx b/docs/presentations/MeshCentral - 0045 - Local Device Management.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0045 - Local Device Management.pptx
rename to docs/presentations/MeshCentral - 0045 - Local Device Management.pptx
diff --git a/docs/powerpoints/MeshCentral - 0047 - MongoDB.pptx b/docs/presentations/MeshCentral - 0047 - MongoDB.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0047 - MongoDB.pptx
rename to docs/presentations/MeshCentral - 0047 - MongoDB.pptx
diff --git a/docs/powerpoints/MeshCentral - 0048 - IP-KVM Support.pptx b/docs/presentations/MeshCentral - 0048 - IP-KVM Support.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0048 - IP-KVM Support.pptx
rename to docs/presentations/MeshCentral - 0048 - IP-KVM Support.pptx
diff --git a/docs/powerpoints/MeshCentral - 0049 - Web Power Switch.pptx b/docs/presentations/MeshCentral - 0049 - Web Power Switch.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0049 - Web Power Switch.pptx
rename to docs/presentations/MeshCentral - 0049 - Web Power Switch.pptx
diff --git a/docs/powerpoints/MeshCentral - 0050 - 2021 in Review.pptx b/docs/presentations/MeshCentral - 0050 - 2021 in Review.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0050 - 2021 in Review.pptx
rename to docs/presentations/MeshCentral - 0050 - 2021 in Review.pptx
diff --git a/docs/powerpoints/MeshCentral - 0054 - Public Server.pptx b/docs/presentations/MeshCentral - 0054 - Public Server.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0054 - Public Server.pptx
rename to docs/presentations/MeshCentral - 0054 - Public Server.pptx
diff --git a/docs/powerpoints/MeshCentral - 0057 - Technical - MeshCore & MeshCmd.pptx b/docs/presentations/MeshCentral - 0057 - Technical - MeshCore & MeshCmd.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0057 - Technical - MeshCore & MeshCmd.pptx
rename to docs/presentations/MeshCentral - 0057 - Technical - MeshCore & MeshCmd.pptx
diff --git a/docs/powerpoints/MeshCentral - 0063 - Port Aliasing.pptx b/docs/presentations/MeshCentral - 0063 - Port Aliasing.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0063 - Port Aliasing.pptx
rename to docs/presentations/MeshCentral - 0063 - Port Aliasing.pptx
diff --git a/docs/powerpoints/MeshCentral - 0064 - April Fools Joke - Car Automation Mesh.pptx b/docs/presentations/MeshCentral - 0064 - April Fools Joke - Car Automation Mesh.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0064 - April Fools Joke - Car Automation Mesh.pptx
rename to docs/presentations/MeshCentral - 0064 - April Fools Joke - Car Automation Mesh.pptx
diff --git a/docs/powerpoints/MeshCentral - 0066 - Basic AMT 802.1x with JumpCloud.pptx b/docs/presentations/MeshCentral - 0066 - Basic AMT 802.1x with JumpCloud.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0066 - Basic AMT 802.1x with JumpCloud.pptx
rename to docs/presentations/MeshCentral - 0066 - Basic AMT 802.1x with JumpCloud.pptx
diff --git a/docs/powerpoints/MeshCentral - 0067 - Satellite & Advanced AMT 802.1x.pptx b/docs/presentations/MeshCentral - 0067 - Satellite & Advanced AMT 802.1x.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0067 - Satellite & Advanced AMT 802.1x.pptx
rename to docs/presentations/MeshCentral - 0067 - Satellite & Advanced AMT 802.1x.pptx
diff --git a/docs/powerpoints/MeshCentral - 0068 - Local Device Management thru a Agent Relay.pptx b/docs/presentations/MeshCentral - 0068 - Local Device Management thru a Agent Relay.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0068 - Local Device Management thru a Agent Relay.pptx
rename to docs/presentations/MeshCentral - 0068 - Local Device Management thru a Agent Relay.pptx
diff --git a/docs/powerpoints/MeshCentral - 0070 - Intel AMT System Defense.pptx b/docs/presentations/MeshCentral - 0070 - Intel AMT System Defense.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0070 - Intel AMT System Defense.pptx
rename to docs/presentations/MeshCentral - 0070 - Intel AMT System Defense.pptx
diff --git a/docs/powerpoints/MeshCentral - 0075 - Intel AMT MEI and LMS.pptx b/docs/presentations/MeshCentral - 0075 - Intel AMT MEI and LMS.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0075 - Intel AMT MEI and LMS.pptx
rename to docs/presentations/MeshCentral - 0075 - Intel AMT MEI and LMS.pptx
diff --git a/docs/powerpoints/MeshCentral - 0077 - History of Intel AMT.pptx b/docs/presentations/MeshCentral - 0077 - History of Intel AMT.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0077 - History of Intel AMT.pptx
rename to docs/presentations/MeshCentral - 0077 - History of Intel AMT.pptx
diff --git a/docs/powerpoints/MeshCentral - 0078 - Intel AMT Activation.pptx b/docs/presentations/MeshCentral - 0078 - Intel AMT Activation.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0078 - Intel AMT Activation.pptx
rename to docs/presentations/MeshCentral - 0078 - Intel AMT Activation.pptx
diff --git a/docs/powerpoints/MeshCentral - 0078 - Web Relay.pptx b/docs/presentations/MeshCentral - 0078 - Web Relay.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0078 - Web Relay.pptx
rename to docs/presentations/MeshCentral - 0078 - Web Relay.pptx
diff --git a/docs/powerpoints/MeshCentral - 0079 - Intel AMT Activation.pptx b/docs/presentations/MeshCentral - 0079 - Intel AMT Activation.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0079 - Intel AMT Activation.pptx
rename to docs/presentations/MeshCentral - 0079 - Intel AMT Activation.pptx
diff --git a/docs/powerpoints/MeshCentral - 0080 - Web Relay with DNS.pptx b/docs/presentations/MeshCentral - 0080 - Web Relay with DNS.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0080 - Web Relay with DNS.pptx
rename to docs/presentations/MeshCentral - 0080 - Web Relay with DNS.pptx
diff --git a/docs/powerpoints/MeshCentral - 0081 - CrowdSec.pptx b/docs/presentations/MeshCentral - 0081 - CrowdSec.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0081 - CrowdSec.pptx
rename to docs/presentations/MeshCentral - 0081 - CrowdSec.pptx
diff --git a/docs/powerpoints/MeshCentral - 0082 - New Account CAPTCHA.pptx b/docs/presentations/MeshCentral - 0082 - New Account CAPTCHA.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0082 - New Account CAPTCHA.pptx
rename to docs/presentations/MeshCentral - 0082 - New Account CAPTCHA.pptx
diff --git a/docs/powerpoints/MeshCentral - 0083 - Yubikey OTP.pptx b/docs/presentations/MeshCentral - 0083 - Yubikey OTP.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0083 - Yubikey OTP.pptx
rename to docs/presentations/MeshCentral - 0083 - Yubikey OTP.pptx
diff --git a/docs/powerpoints/MeshCentral - 0084 - LDAP Integration.pptx b/docs/presentations/MeshCentral - 0084 - LDAP Integration.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0084 - LDAP Integration.pptx
rename to docs/presentations/MeshCentral - 0084 - LDAP Integration.pptx
diff --git a/docs/powerpoints/MeshCentral - 0087 - AceBase Database.pptx b/docs/presentations/MeshCentral - 0087 - AceBase Database.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0087 - AceBase Database.pptx
rename to docs/presentations/MeshCentral - 0087 - AceBase Database.pptx
diff --git a/docs/powerpoints/MeshCentral - 0088 - SQLite Database.pptx b/docs/presentations/MeshCentral - 0088 - SQLite Database.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0088 - SQLite Database.pptx
rename to docs/presentations/MeshCentral - 0088 - SQLite Database.pptx
diff --git a/docs/powerpoints/MeshCentral - 0091 - SessionKey.pptx b/docs/presentations/MeshCentral - 0091 - SessionKey.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0091 - SessionKey.pptx
rename to docs/presentations/MeshCentral - 0091 - SessionKey.pptx
diff --git a/docs/powerpoints/MeshCentral - 0092 - Agent Ping and Browser Pong.pptx b/docs/presentations/MeshCentral - 0092 - Agent Ping and Browser Pong.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0092 - Agent Ping and Browser Pong.pptx
rename to docs/presentations/MeshCentral - 0092 - Agent Ping and Browser Pong.pptx
diff --git a/docs/powerpoints/MeshCentral - 0093 - Web Relay Sharing.pptx b/docs/presentations/MeshCentral - 0093 - Web Relay Sharing.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0093 - Web Relay Sharing.pptx
rename to docs/presentations/MeshCentral - 0093 - Web Relay Sharing.pptx
diff --git a/docs/powerpoints/MeshCentral - 0094 - Device Pages.pptx b/docs/presentations/MeshCentral - 0094 - Device Pages.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0094 - Device Pages.pptx
rename to docs/presentations/MeshCentral - 0094 - Device Pages.pptx
diff --git a/docs/powerpoints/MeshCentral - 0095 - Security Password Policies.pptx b/docs/presentations/MeshCentral - 0095 - Security Password Policies.pptx
similarity index 100%
rename from docs/powerpoints/MeshCentral - 0095 - Security Password Policies.pptx
rename to docs/presentations/MeshCentral - 0095 - Security Password Policies.pptx
diff --git a/docs/powerpoints/README.md b/docs/presentations/README.md
similarity index 100%
rename from docs/powerpoints/README.md
rename to docs/presentations/README.md