mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-26 23:25:53 -05:00
Merge branch 'master' of https://github.com/Ylianst/MeshCentral
This commit is contained in:
commit
a357f0d13f
@ -1,12 +1,10 @@
|
||||
# Uses proxy protocol in HAProxy in combination with SNI to preserve the original host address
|
||||
# Update the config.json to work with HAProxy
|
||||
# Specify the IP addrehostname that the traffic will come from HAProxy (this might not be the address that is bound to the listener)
|
||||
# "tlsOffload": "10.1.1.10",
|
||||
#
|
||||
# Specify the hostname and port that has the public certificate
|
||||
# "tlsOffload": "https://mc.publicdomain.com:443",
|
||||
#
|
||||
# Specify the IP address of the HAProxy instance (this might not be the address that is bound to the listener).
|
||||
# "TrustedProxy": "10.1.1.10",
|
||||
|
||||
# Specify the HAPRoxy URL with the hostname to get the certificate
|
||||
# "certUrl": "https://mc.publicdomain.com:443/"
|
||||
|
||||
frontend sni-front
|
||||
bind 10.1.1.10:443
|
||||
@ -38,3 +36,9 @@ backend mc-back-HTTPS
|
||||
option http-server-close
|
||||
server mc-01 10.1.1.30:443 check port 443 verify none
|
||||
|
||||
# In the event that it is required to have TLS between HAProxy and Meshcentral,
|
||||
# Remove the tls_Offload line and replace with trustedProxy
|
||||
# Specify the IP addrehostname that the traffic will come from HAProxy (this might not be the address that is bound to the listener)
|
||||
# "trustedProxy": "10.1.1.10",
|
||||
# and change the last line of backend mc-back-HTTPS to use HTTPS by adding the ssl keyword
|
||||
# server mc-01 10.1.1.30:443 check ssl port 443 verify none
|
||||
|
@ -31,6 +31,13 @@ Default Install Path: `/usr/local/mesh_services/meshagent/meshagent`
|
||||
|
||||
Launches from `/Library/LaunchAgents/meshagent.plist`
|
||||
|
||||
Controlling agent
|
||||
|
||||
```bash
|
||||
launchctl stop meshagent
|
||||
launchctl start meshagent
|
||||
```
|
||||
|
||||
## Apple macOS Universal
|
||||
|
||||
For OSx 11+ including Big Sur, Monterey and later
|
||||
|
@ -42,6 +42,7 @@ See description for information about each item.
|
||||
}
|
||||
}
|
||||
},
|
||||
"sqlite3": { "type": "boolean", "default": false, "description": "Set true to use SQLite3 as a local MeshCentral database." },
|
||||
"mySQL": {
|
||||
"type": "object",
|
||||
"description": "Add this section to connect MeshCentral to a MySQL database instance.",
|
||||
@ -75,6 +76,11 @@ See description for information about each item.
|
||||
"database": { "type": "string", "default": "meshcentral", "description": "Name of PostgreSQL database used" }
|
||||
}
|
||||
},
|
||||
"acebase": {
|
||||
"type": "object",
|
||||
"description": "Add this section to enable AceBase database support, this is a local database system much like NeDB.",
|
||||
"properties": { "sponsor": { "type": "boolean", "default": false, "description": "Set true to remove the AceBase banner on startup." } }
|
||||
},
|
||||
"WANonly": { "type": "boolean", "default": false, "description": "When enabled, only MeshCentral WAN features are enabled and agents will connect to the server using a well known DNS name." },
|
||||
"LANonly": { "type": "boolean", "default": false, "description": "When enabled, only MeshCentral LAN features are enabled and agents will find the server using multicast LAN packets." },
|
||||
"maintenanceMode": { "type": "boolean", "default": false, "description": "When enabled the server is in maintenance mode, only administrators can login. Use the maintenance command in server console to change." },
|
||||
@ -581,13 +587,14 @@ See description for information about each item.
|
||||
"additionalProperties": false,
|
||||
"description": "Use this section to set resource metadata of the Windows agents prior to signing. In Windows, you can right-click and select properties to view these values.",
|
||||
"properties": {
|
||||
"icon": { "type": "string", "description": "Sets the agent icon, this is the name of a .ico file with the file placed in the meshcentral-data folder." },
|
||||
"fileDescription": { "type": "string", "description": "Executable file description." },
|
||||
"fileVersion": { "type": "string", "description": "Executable file version, generally in the form of 1.2.3.4." },
|
||||
"fileVersion": { "type": "string", "description": "Executable file version, in the form of 'n.n.n.n', for example: '1.2.3.4'." },
|
||||
"internalName": { "type": "string", "description": "Executable internal name." },
|
||||
"legalCopyright": { "type": "string", "description": "Executable legal copyright." },
|
||||
"originalFilename": { "type": "string", "description": "Executable original file name." },
|
||||
"productName": { "type": "string", "description": "Executable product name." },
|
||||
"productVersion": { "type": "string", "description": "Executable product version, generally in the form of 1.2.3.4." }
|
||||
"productVersion": { "type": "string", "description": "Executable product version. Any string format will work, but a alphabetic character is required for this value to show correctly in the Windows property box. For example: 'v1.2.3.4' will work, but '1.2.3.4' will not." }
|
||||
}
|
||||
},
|
||||
"assistantCustomization": {
|
||||
@ -934,6 +941,7 @@ See description for information about each item.
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"log": { "type": "string" },
|
||||
"strictCommonName": { "type": "boolean", "default": false, "description": "When set to true, the certificate common name needs to match exactly the Intel AMT trusted FQDN or DHCP Option 15. If false, some flexibility may be given to the matching." },
|
||||
"certs": {
|
||||
"type": "object",
|
||||
"additionalProperties": {
|
||||
@ -1265,5 +1273,4 @@ See description for information about each item.
|
||||
},
|
||||
"required": [ "settings", "domains" ]
|
||||
}
|
||||
|
||||
```
|
@ -37,7 +37,7 @@ cd C:\Program Files\Open Source\MeshCentral\node_modules\meshcentral
|
||||
node meshcentral
|
||||
```
|
||||
|
||||
The problem with the second command is that NPM may install missing modules are the incorrect location.
|
||||
The problem with the second command is that NPM may install missing modules in the incorrect location.
|
||||
|
||||
Also, in general I recommend not using the MeshCentral MSI Installer and just install manually unless you are very much scared of the command prompt. Anyone that knows about bit about the shell should install MeshCentral like this:
|
||||
|
||||
@ -203,6 +203,12 @@ service meshcentral restart
|
||||
|
||||
## MeshAgent
|
||||
|
||||
Troubleshooting agent
|
||||
|
||||
```bash
|
||||
./meshagent -state
|
||||
```
|
||||
|
||||
### Agent Debug Logs to server
|
||||
|
||||
This automatically downloads all agent error logs into `meshcentral-data/agenterrorlogs.txt`
|
||||
|
BIN
docs/docs/meshcentral/images/2022-08-24-06-42-40.png
Normal file
BIN
docs/docs/meshcentral/images/2022-08-24-06-42-40.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 131 KiB |
@ -577,6 +577,42 @@ IP addresses are separated by a comma. As a result, only users coming these IP a
|
||||
|
||||
**Note**: When IP address whitelist is effective, Mesh Agent connection from any IP address will be not affected.
|
||||
|
||||
You can also use files for IP lists
|
||||
|
||||
```json
|
||||
"userAllowedIp": "file:userallowedips.txt",
|
||||
"userBlockedIp": "file:userblockedips.txt",
|
||||
"agentAllowedIp": "file:agentallowedips.txt"
|
||||
```
|
||||
|
||||
Place the file in the `meshcentral-data` folder.
|
||||
|
||||
All the lines that start with a number or `:` will be used, everything else is ignored. So, you can put comments anyway you like, but probably best to start then with a `#` or something to make it clear.
|
||||
|
||||
```txt
|
||||
# My list of blocked IP's
|
||||
185.101.70.0/24
|
||||
185.46.85.0/24
|
||||
37.9.44.0/24
|
||||
37.9.45.0/24
|
||||
5.189.205.0/24
|
||||
5.189.206.0/24
|
||||
5.189.207.0/24
|
||||
5.62.153.0/24
|
||||
5.62.156.0/24
|
||||
5.62.158.0/24
|
||||
|
||||
# One more list
|
||||
5.8.44.0/24
|
||||
5.8.45.0/24
|
||||
5.8.46.0/24
|
||||
79.110.28.0/24
|
||||
79.110.31.0/24
|
||||
91.204.14.0/24
|
||||
95.181.218.0/24
|
||||
95.85.81.0/24
|
||||
```
|
||||
|
||||
## Email Setup
|
||||
|
||||
We highly recommend the use of an email server (SMTP) because we could allow MeshCentral to verify user account’s email address by sending a confirmation request to the user to complete the account registration and for password recovery, should a user forget account password as illustrated below
|
||||
@ -1155,6 +1191,18 @@ To get this features setup, users will need to go to the “My Account” tab or
|
||||
|
||||
Note that if a user performs a password recovery using email, the 2-step authentication is then turned off and will need to be turned on again. This is not idea as someone being able to intercept the user’s email could still log into the web site. Users should make sure to properly protect their email account.
|
||||
|
||||
Another form of MFA or Multi-factor Authentication is hardware based OTP (One Time Password) solution providing 2FA or Two-factor authentication. Yubikey is fully supported in MeshCentral.
|
||||
|
||||
<div class="video-wrapper">
|
||||
<iframe width="320" height="180" src="https://www.youtube.com/embed/FvDHlcdNepQ" frameborder="0" allowfullscreen></iframe>
|
||||
</div>
|
||||
|
||||
And taking authentication to the next step is removing the login page entirely. Use LoginKey 3FA with MeshCentral.
|
||||
|
||||
<div class="video-wrapper">
|
||||
<iframe width="320" height="180" src="https://www.youtube.com/embed/-WKY8Wy0Huk" frameborder="0" allowfullscreen></iframe>
|
||||
</div>
|
||||
|
||||
## Branding & Terms of use
|
||||
|
||||
Once MeshCentral is setup, you may want to customize the web site with your own brand and terms of use. This is important to personalize the web site to your organization. We also want to customize the web site in such a way that updating to the latest version will keep the branding as-is.
|
||||
@ -1194,6 +1242,10 @@ If, for example, MeshCentral is running on a Raspberry Pi. You may want to put a
|
||||
|
||||
This is great to personalize the look of the server within the web site.
|
||||
|
||||
### Agent Branding
|
||||
|
||||
![](images/2022-08-24-06-42-40.png)
|
||||
|
||||
### Terms of use
|
||||
|
||||
You can change the terms of use of the web site by adding a “terms.txt” file in the “meshcentral-data” folder. The file can include HTML markup. Once set, the server does not need to be restarted, the updated terms.txt file will get used the next time it’s requested.
|
||||
@ -1404,6 +1456,10 @@ Before you get started, your MeshCentral server must be publicly facing on the i
|
||||
|
||||
### LDAP
|
||||
|
||||
<div class="video-wrapper">
|
||||
<iframe width="320" height="180" src="https://www.youtube.com/embed/UQMbNQk85g8" frameborder="0" allowfullscreen></iframe>
|
||||
</div>
|
||||
|
||||
You can integrate LDAP using [these](https://github.com/Ylianst/MeshCentral/blob/f05eb9a198bed249c2b1a969ce17a41404ef70a6/meshcentral-config-schema.json#L505-L513) configuration options
|
||||
|
||||
![](images/ldap_integration.png)
|
||||
|
BIN
docs/powerpoints/MeshCentral - 0084 - LDAP Integration.pptx
Normal file
BIN
docs/powerpoints/MeshCentral - 0084 - LDAP Integration.pptx
Normal file
Binary file not shown.
BIN
docs/powerpoints/MeshCentral - 0087 - AceBase Database.pptx
Normal file
BIN
docs/powerpoints/MeshCentral - 0087 - AceBase Database.pptx
Normal file
Binary file not shown.
BIN
docs/powerpoints/MeshCentral - 0088 - SQLite Database.pptx
Normal file
BIN
docs/powerpoints/MeshCentral - 0088 - SQLite Database.pptx
Normal file
Binary file not shown.
BIN
docs/powerpoints/MeshCentral - 0091 - SessionKey.pptx
Normal file
BIN
docs/powerpoints/MeshCentral - 0091 - SessionKey.pptx
Normal file
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue
Block a user