diff --git a/.github/ISSUE_TEMPLATE/question.md b/.github/ISSUE_TEMPLATE/question.md new file mode 100644 index 00000000..0a0f20ae --- /dev/null +++ b/.github/ISSUE_TEMPLATE/question.md @@ -0,0 +1,68 @@ +--- +name: Question +about: Create a question for community help +title: '' +labels: question +assignees: '' + +--- + +**Describe your issue** +A clear and concise description of what your issue is. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Server Software (please complete the following information):** + - OS: [e.g. Ubuntu] + - Virtualization: [e.g. Docker] + - Network: [e.g. LAN/WAN, reverse proxy, cloudflare, ssl offload, etc...] + - Version: [e.g. 1.0.43] + - Node: [e.g. 18.4.0] + +**Client Device (please complete the following information):** + - Device: [e.g. Laptop] + - OS: [e.g. Ubuntu] + - Network: [e.g. Local to Meshcentral, Remote over WAN] + - Browser: [e.g. Google Chrome] + - MeshCentralRouter Version: [if applicable] + +**Remote Device (please complete the following information):** + - Device: [e.g. Laptop] + - OS: [e.g. Windows 10 21H2] + - Network: [e.g. Local to Meshcentral, Remote over WAN] + - Current Core Version (if known): [**HINT**: Go to a device then `console` Tab then type `info`] + +**Your config.json file** +``` +{ + "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json", + "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.", + "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.", + "settings": { + "_cert": "myserver.mydomain.com", + "_WANonly": true, + "_LANonly": true, + "_sessionKey": "MyReallySecretPassword1", + "_port": 443, + "_aliasPort": 443, + "_redirPort": 80, + "_redirAliasPort": 80 + }, + "domains": { + "": { + "_title": "MyServer", + "_title2": "Servername", + "_minify": true, + "_newAccounts": true, + "_userNameIsEmail": true + } + }, + "_letsencrypt": { + "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.", + "email": "myemail@mydomain.com", + "names": "myserver.mydomain.com", + "production": false + } +} +``` diff --git a/docs/Example configs/haproxy-with-sni-sample.cfg b/docs/Example configs/haproxy-with-sni-sample.cfg new file mode 100644 index 00000000..4fb3a8d7 --- /dev/null +++ b/docs/Example configs/haproxy-with-sni-sample.cfg @@ -0,0 +1,40 @@ +# Uses proxy protocol in HAProxy in combination with SNI to preserve the original host address +# Update the config.json to work with HAProxy +# +# Specify the hostname and port that has the public certificate +# "tlsOffload": "https://mc.publicdomain.com:443", +# +# Specify the IP address of the HAProxy instance (this might not be the address that is bound to the listener). +# "TrustedProxy": "10.1.1.10", + + +frontend sni-front + bind 10.1.1.10:443 + mode tcp + tcp-request inspect-delay 5s + tcp-request content accept if { req_ssl_hello_type 1 } + default_backend sni-back + +backend sni-back + mode tcp + acl gitlab-sni req_ssl_sni -i gitlab.publicdomain.com + acl mc-sni req_ssl_sni -i mc.publicdomain.com + use-server gitlabSNI if gitlab-sni + use-server mc-SNI if mc-sni + server mc-SNI 10.1.1.10:1443 send-proxy-v2-ssl-cn + +frontend mc-front-HTTPS + mode http + option forwardfor + bind 10.1.1.10:1443 ssl crt /etc/haproxy/vm.publicdomain.net.pem accept-proxy + http-request set-header X-Forwarded-Proto https + option tcpka + default_backend mc-back-HTTP + +backend mc-back-HTTPS + mode http + option forwardfor + http-request add-header X-Forwarded-Host %[req.hdr(Host)] + option http-server-close + server mc-01 10.1.1.30:443 check port 443 verify none +