MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-07-17 04:32:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dockerrewrite' into latestcode

Browse Source
This commit is contained in:
dselen 2025-03-23 22:07:15 +01:00 committed by GitHub
commit c2f590e39d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 588 additions and 241 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/docker.yml vendored
View File

@ -1,4 +1,4 @@
name: Docker name: Docker-Builder
on: on:
push: push:
branches: branches:
@ -54,7 +54,7 @@ jobs:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push Docker image - name: Build and push Docker image
uses: docker/build-push-action@v5 uses: docker/build-push-action@v6
with: with:
context: . context: .
file: docker/Dockerfile file: docker/Dockerfile

1
.gitignore vendored
View File

@ -311,3 +311,4 @@ __pycache__/
# When running mkdocs locally as dev # When running mkdocs locally as dev
docs/__pycache__/ docs/__pycache__/
docs/env/ docs/env/
docker-compose.yaml

210
docker/Dockerfile
View File

@ -1,102 +1,176 @@
FROM --platform=$BUILDPLATFORM node:22-alpine AS builder ### STAGE 1 BUILDING.
FROM node:lts-alpine AS builder
# Any value inside one of the disable ARGs will be accepted.
ARG DISABLE_MINIFY="yes"
ARG DISABLE_TRANSLATE="yes"
RUN mkdir -p /opt/meshcentral/meshcentral RUN mkdir -p /opt/meshcentral/meshcentral
COPY ./ /opt/meshcentral/meshcentral/
WORKDIR /opt/meshcentral WORKDIR /opt/meshcentral
COPY ./ /opt/meshcentral/meshcentral/
ARG DISABLE_MINIFY="" # Check the Docker build arguments and if they are empty do the task.
ARG DISABLE_TRANSLATE="" RUN if [ -z "$DISABLE_MINIFY" ] || [ -z "$DISABLE_TRANSLATE" ]; then \
cd meshcentral && \
npm install html-minifier@4.0.0 jsdom@26.0.0 esprima@4.0.1 && \
RUN if ! [ -z "$DISABLE_MINIFY" ] && [ "$DISABLE_MINIFY" != "yes" ] && [ "$DISABLE_MINIFY" != "YES" ] \ cd translate && \
&& [ "$DISABLE_MINIFY" != "true" ] && [ "$DISABLE_MINIFY" != "TRUE" ]; then \ node translate.js extractall && \
echo -e "\e[0;31;49mInvalid value for build argument DISABLE_MINIFY, possible values: yes/true\e[;0m"; exit 1; \ case "$DISABLE_MINIFY" in \
fi false|no|FALSE|NO) \
RUN if ! [ -z "$DISABLE_TRANSLATE" ] && [ "$DISABLE_TRANSLATE" != "yes" ] && [ "$DISABLE_TRANSLATE" != "YES" ] \ node translate.js minifyall;; \
&& [ "$DISABLE_TRANSLATE" != "true" ] && [ "$DISABLE_TRANSLATE" != "TRUE" ]; then \ *) \
echo -e "\e[0;31;49mInvalid value for build argument DISABLE_TRANSLATE, possible values: yes/true\e[;0m"; exit 1; \ echo "Setting MINIFY as disabled.";; \
esac && \
case "$DISABLE_TRANSLATE" in \
false|no|FALSE|NO) \
node translate.js translateall;; \
*) \
echo "Setting TRANSLATE as disabled.";; \
esac \
fi fi
# Possible more updated alternative? @minify-html/node@0.15.0 -> https://www.npmjs.com/package/@minify-html/node
# install translate/minify modules if need too # cleanup for inter-container copying.
RUN if [ -z "$DISABLE_MINIFY" ] || [ -z "$DISABLE_TRANSLATE" ]; then cd meshcentral && npm install html-minifier@4.0.0 jsdom@22.1.0 esprima@4.0.1; fi
# first extractall if need too
RUN if [ -z "$DISABLE_MINIFY" ] || [ -z "$DISABLE_TRANSLATE" ]; then cd meshcentral/translate && node translate.js extractall; fi
# minify files
RUN if [ -z "$DISABLE_MINIFY" ]; then cd meshcentral/translate && node translate.js minifyall; fi
# translate
RUN if [ -z "$DISABLE_TRANSLATE" ]; then cd meshcentral/translate && node translate.js translateall; fi
# cleanup
RUN rm -rf /opt/meshcentral/meshcentral/docker RUN rm -rf /opt/meshcentral/meshcentral/docker
RUN rm -rf /opt/meshcentral/meshcentral/node_modules RUN rm -rf /opt/meshcentral/meshcentral/node_modules
### STAGE 2 BUILDING.
FROM --platform=$TARGETPLATFORM alpine:3.21 FROM alpine:latest
#Add non-root user, add installation directories and assign proper permissions
RUN mkdir -p /opt/meshcentral/meshcentral
# meshcentral installation
WORKDIR /opt/meshcentral
RUN apk update \
&& apk add --no-cache --update tzdata nodejs npm bash python3 make gcc g++ \
&& rm -rf /var/cache/apk/*
RUN npm install -g npm@latest
ARG INCLUDE_MONGODBTOOLS=""
ARG PREINSTALL_LIBS="false" ARG PREINSTALL_LIBS="false"
# environment variables # environment variables
ENV NODE_ENV="production" ENV NODE_ENV="production"
ENV CONFIG_FILE="config.json" ENV CONFIG_FILE="/opt/meshcentral/meshcentral-data/config.json"
ENV DYNAMIC_CONFIG="true"
# environment variables for initial configuration file # environment variables for the above defined MeshCentral Config.json
ENV USE_MONGODB="false"
ENV MONGO_INITDB_ROOT_USERNAME="root"
ENV MONGO_INITDB_ROOT_PASSWORD="pass"
ENV MONGO_URL=""
ENV HOSTNAME="localhost"
ENV ALLOW_NEW_ACCOUNTS="true"
ENV ALLOWPLUGINS="false" ENV ALLOWPLUGINS="false"
ENV LOCALSESSIONRECORDING="true" ENV ALLOW_NEW_ACCOUNTS="false"
ENV MINIFY="false"
ENV WEBRTC="false"
ENV IFRAME="false"
ENV SESSION_KEY=""
ENV REVERSE_PROXY="false"
ENV REVERSE_PROXY_TLS_PORT=""
ENV ARGS=""
ENV ALLOWED_ORIGIN="false" ENV ALLOWED_ORIGIN="false"
ENV ARGS=""
ENV HOSTNAME="localhost"
ENV IFRAME="false"
ENV LOCALSESSIONRECORDING="true"
ENV MINIFY="true"
ENV REGENSESSIONKEY="false"
ENV REVERSE_PROXY=""
ENV REVERSE_PROXY_TLS_PORT="443"
ENV WEBRTC="false"
RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ] && [ "$INCLUDE_MONGODBTOOLS" != "yes" ] && [ "$INCLUDE_MONGODBTOOLS" != "YES" ] \
&& [ "$INCLUDE_MONGODBTOOLS" != "true" ] && [ "$INCLUDE_MONGODBTOOLS" != "TRUE" ]; then \
echo -e "\e[0;31;49mInvalid value for build argument INCLUDE_MONGODBTOOLS, possible values: yes/true\e[;0m"; exit 1; \
fi
RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ]; then apk add --no-cache mongodb-tools; fi # MongoDB Variables
ARG INCLUDE_MONGODB_TOOLS="false"
ENV USE_MONGODB="false"
ENV MONGO_HOST=""
ENV MONGO_PORT="27017"
ENV MONGO_USERNAME=""
ENV MONGO_PASS=""
# The following Mongo variable overwrites most previously declared variables.
ENV MONGO_URL=""
# PostgreSQL Variables
ARG INCLUDE_POSTGRESQL_TOOLS="false"
ENV USE_POSTGRESQL="false"
ENV PSQL_HOST=""
ENV PSQL_PORT="5432"
ENV PSQL_USER=""
ENV PSQL_PASS=""
ENV PSQL_DATABASE=""
# MariaDB/MySQL Variables, Alpine Linux only provides the actual MariaDB binaries.
ARG INCLUDE_MARIADB_TOOLS="false"
ENV USE_MARIADB="false"
ENV MARIADB_HOST=""
ENV MARIADB_PORT="3306"
ENV MARIADB_USER=""
ENV MARIADB_PASS=""
ENV MARIADB_DATABASE=""
RUN mkdir -p /opt/meshcentral/meshcentral
WORKDIR /opt/meshcentral
RUN apk update \
&& apk add --no-cache --update \
bash gcc g++ jq make nodejs npm python3 tzdata \
&& rm -rf /var/cache/* \
/tmp/* \
/usr/share/man/ \
/usr/share/doc/ \
/var/log/* \
/var/spool/* \
/usr/lib/debug/
RUN npm install -g npm@latest
# NOTE: ALL MODULES MUST HAVE A VERSION NUMBER AND THE VERSION MUST MATCH THAT USED IN meshcentraljs mainStart()
RUN case "$INCLUDE_MONGODB_TOOLS" in \
true|yes|TRUE|YES) \
apk add --no-cache mongodb-tools && \
cd meshcentral && npm install mongodb@6.15.0 saslprep@1.0.3 \
;; \
false|no|FALSE|NO) \
echo "Not including MongoDB Tools.";; \
*) \
echo "Invalid value for build argument INCLUDE_MONGODB_TOOLS, possible values: 'yes' or 'true'"; \
exit 1;; \
esac
RUN case "$INCLUDE_POSTGRESQL_TOOLS" in \
true|yes|TRUE|YES) \
apk add --no-cache postgresql-client && \
cd meshcentral && npm install pg@8.14.1 \
;; \
false|no|FALSE|NO) \
echo "Not including PostgreSQL Tools.";; \
*) \
echo -e "Invalid value for build argument INCLUDE_POSTGRESQL_TOOLS, possible values: 'yes' or 'true'"; \
exit 1;; \
esac
RUN case "$INCLUDE_MARIADB_TOOLS" in \
true|yes|TRUE|YES) \
apk add --no-cache mariadb-client && \
cd meshcentral && npm install mariadb@3.4.0 \
;; \
false|no|FALSE|NO) \
echo "Not including MariaDB/MySQL Tools.";; \
*) \
echo -e "Invalid value for build argument INCLUDE_MARIADB_TOOLS, possible values: 'yes' or 'true'"; \
exit 1;; \
esac
# copy files from builder-image # copy files from builder-image
COPY --from=builder /opt/meshcentral/meshcentral /opt/meshcentral/meshcentral COPY --from=builder /opt/meshcentral/meshcentral /opt/meshcentral/meshcentral
COPY ./docker/startup.sh ./startup.sh
COPY ./docker/config.json.template /opt/meshcentral/config.json.template
# install dependencies from package.json # install dependencies from package.json
RUN cd meshcentral && npm install RUN cd meshcentral && npm install
# NOTE: ALL MODULES MUST HAVE A VERSION NUMBER AND THE VERSION MUST MATCH THAT USED IN meshcentral.js mainStart() RUN case "$PREINSTALL_LIBS" in \
RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ]; then cd meshcentral && npm install mongodb@4.13.0 saslprep@1.0.3; fi true|yes|TRUE|YES) \
RUN if ! [ -z "$PREINSTALL_LIBS" ] && [ "$PREINSTALL_LIBS" == "true" ]; then cd meshcentral && npm install ssh2@1.16.0 semver@7.5.4 nodemailer@6.9.15 image-size@1.1.1 wildleek@2.0.0 otplib@12.0.1 yubikeyotp@0.2.0; fi cd meshcentral && \
npm install ssh2@1.16.0 semver@7.7.1 nodemailer@6.10.0 image-size@2.0.1 wildleek@2.0.0 otplib@12.0.1 yubikeyotp@0.2.0;; \
false|no|FALSE|NO) \
echo "Not pre-installing libraries.";; \
*) \
echo -e "Invalid value for build argument INCLUDE_POSTGRESQL_TOOLS, possible values: 'yes' or 'true'"; \
exit 1;; \
esac
EXPOSE 80 443 4433 # Expose only 443 by default to reduce attack surface. (Only encrypted ports).
EXPOSE 443
# volumes # These volumes will be created by default even without any declaration, this allows default persistence in Docker/Podman.
VOLUME /opt/meshcentral/meshcentral-data VOLUME /opt/meshcentral/meshcentral-data
VOLUME /opt/meshcentral/meshcentral-files VOLUME /opt/meshcentral/meshcentral-files
VOLUME /opt/meshcentral/meshcentral-web VOLUME /opt/meshcentral/meshcentral-web
VOLUME /opt/meshcentral/meshcentral-backups VOLUME /opt/meshcentral/meshcentral-backups
CMD ["bash", "/opt/meshcentral/startup.sh"] # Copy images from Git repo, place it before ending so recompilation can make good use of cache.
COPY ./docker/entrypoint.sh ./entrypoint.sh
COPY ./docker/config.json.template /opt/meshcentral/config.json.template
ENTRYPOINT ["bash", "/opt/meshcentral/entrypoint.sh"]

185
docker/README.md Normal file
View File

@ -0,0 +1,185 @@
# MeshCentral Docker Configuration Guide
## Overview
This document provides a comprehensive guide to setting up and configuring MeshCentral in a Docker environment. It includes available options, security measures, and deployment instructions.
## Environment Variables
Below is a breakdown of environment variables used in this setup.
### General MeshCentral Configuration
| Variable | Default Value | Description |
|----------|--------------|-------------|
| NODE_ENV | production | Specifies the Node.js environment. |
| CONFIG_FILE | /opt/meshcentral/meshcentral-data/config.json | Path to the configuration file. |
| DYNAMIC_CONFIG | true | Enables/disables dynamic configuration. This means config is being rechecked every container restart. |
| ALLOWPLUGINS | false | Enables/disables plugins. |
| ALLOW_NEW_ACCOUNTS | false | Enables/disables new account creation. |
| ALLOWED_ORIGIN | false | Enables/disables allowed origin policy. |
| ARGS | "" | Additional arguments for MeshCentral. |
| HOSTNAME | localhost | Specifies the hostname. |
| IFRAME | false | Enables/disables embedding in an iframe. |
| LOCALSESSIONRECORDING | true | Enables session recording. |
| MINIFY | true | Minifies the JavaScript and HTML output. |
| REGENSESSIONKEY | false | Regenerates the session key on each restart of the container. |
| REVERSE_PROXY | "" | Configures reverse proxy support through `certUrl`. |
| REVERSE_PROXY_TLS_PORT | "443" | Configures reverse proxy TLS port, will be combined with: `REVERSE_PROXY`. |
| WEBRTC | false | Enables/disables WebRTC support. |
### Database Configuration
#### MeshCentral Database Settings
| Variable | Default Value | Description |
|----------|--------------|-------------|
| USE_MONGODB | false | Enables MongoDB usage. |
| USE_POSTGRESQL | false | Enables PostgreSQL usage. |
| USE_MARIADB | false | Enables MariaDB usage. |
#### MongoDB Configuration
| Variable | Default Value | Description |
|----------|--------------|-------------|
| MONGO_HOST | "" | MongoDB server hostname. |
| MONGO_PORT | 27017 | MongoDB server port. |
| MONGO_USERNAME | "" | MongoDB username. |
| MONGO_PASS | "" | MongoDB password. |
| MONGO_URL | "" | Overrides other MongoDB connection settings. |
#### PostgreSQL Configuration
| Variable | Default Value | Description |
|----------|--------------|-------------|
| PSQL_HOST | "" | PostgreSQL server hostname. |
| PSQL_PORT | 5432 | PostgreSQL server port. |
| PSQL_USER | "" | PostgreSQL username. |
| PSQL_PASS | "" | PostgreSQL password. |
| PSQL_DATABASE | "" | PostgreSQL database name. |
#### MariaDB Configuration
| Variable | Default Value | Description |
|----------|--------------|-------------|
| MARIADB_HOST | "" | MariaDB server hostname. |
| MARIADB_PORT | 3306 | MariaDB server port. |
| MARIADB_USER | "" | MariaDB username. |
| MARIADB_PASS | "" | MariaDB password. |
| MARIADB_DATABASE | "" | MariaDB database name. |
## Deployment Instructions
### Running with Docker CLI
```sh
docker run -d \
-e HOSTNAME=myserver.domain.com \
-e ALLOW_NEW_ACCOUNTS=true \
-e USE_MONGODB=true \
-e MONGO_HOST=mongodb \
-e MONGO_PORT=27017 \
-v meshcentral-data:/opt/meshcentral/meshcentral-data \
-p 443:443 \
ghcr.io/ylianst/meshcentral:<tag>
```
### Running with Docker Compose
```yaml
services:
meshcentral:
image: ghcr.io/ylianst/meshcentral:<tag>
environment:
- HOSTNAME=myserver.domain.com
- ALLOW_NEW_ACCOUNTS=true
- USE_MONGODB=true
- MONGO_HOST=mongodb
- MONGO_PORT=27017
volumes:
- meshcentral-data:/opt/meshcentral/meshcentral-data
ports:
- "443:443"
volumes:
meshcentral-data:
```
### Using an `.env` File
Create a `.env` file:
```ini
# Environment variables
NODE_ENV=production
CONFIG_FILE=/opt/meshcentral/meshcentral-data/config.json
DYNAMIC_CONFIG=true
# MeshCentral Configuration
ALLOWPLUGINS=false
ALLOW_NEW_ACCOUNTS=false
ALLOWED_ORIGIN=false
ARGS=
HOSTNAME=localhost
IFRAME=false
LOCALSESSIONRECORDING=true
MINIFY=true
REGENSESSIONKEY=false
REVERSE_PROXY=
REVERSE_PROXY_TLS_PORT=
WEBRTC=false
# MongoDB Configuration
USE_MONGODB=false
MONGO_HOST=
MONGO_PORT=27017
MONGO_USERNAME=
MONGO_PASS=
MONGO_URL=
# PostgreSQL Configuration
USE_POSTGRESQL=false
PSQL_HOST=
PSQL_PORT=5432
PSQL_USER=
PSQL_PASS=
PSQL_DATABASE=
# MariaDB/MySQL Configuration
USE_MARIADB=false
MARIADB_HOST=
MARIADB_PORT=3306
MARIADB_USER=
MARIADB_PASS=
MARIADB_DATABASE=
# Build options
INCLUDE_MONGODB_TOOLS=false
INCLUDE_POSTGRESQL_TOOLS=false
INCLUDE_MARIADB_TOOLS=false
PREINSTALL_LIBS=false
```
Then run Docker Compose:
```sh
docker-compose --env-file .env up -d
```
# MeshCentral Docker Build Process
This document explains the build process for the MeshCentral Docker image, along with details on various build arguments and how to use them.
## Build Arguments
The following build arguments are available for customizing the build process:
- **DISABLE_MINIFY**: Disable HTML/JS minification during the build.
- **DISABLE_TRANSLATE**: Disable translation of strings in MeshCentral.
- **INCLUDE_MONGODB_TOOLS**: Include MongoDB client and related tools.
- **INCLUDE_POSTGRESQL_TOOLS**: Include PostgreSQL client tools.
- **INCLUDE_MARIADB_TOOLS**: Include MariaDB/MySQL client tools.
- **PREINSTALL_LIBS**: Pre-install specific libraries like `ssh2`, `semver`, `nodemailer`, etc.
### Build Commands with Arguments
Here are the shell commands to build the Docker image with different configurations.
#### 1. Build with Minify and Translate Disabled
If you want to disable both HTML/JS minification and translation during the build process, use the following command:
```sh
docker build --build-arg DISABLE_MINIFY=no --build-arg DISABLE_TRANSLATE=no -t meshcentral .
```
## Security Measures
- Only exposing port 443 to minimize attack surface.
- Using environment variables for sensitive credentials.
- Removing unnecessary files after installation.
- Enforcing proper permissions on configuration files.

22
docker/config.json.template
View File

@ -1,8 +1,9 @@
{ {
"$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json", "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
"settings": { "settings": {
"plugins":{"enabled": false}, "plugins":{
"_mongoDb": null, "enabled": false
},
"cert": "myserver.mydomain.com", "cert": "myserver.mydomain.com",
"_WANonly": true, "_WANonly": true,
"_LANonly": true, "_LANonly": true,
@ -15,7 +16,22 @@
"TLSOffload": false, "TLSOffload": false,
"SelfUpdate": false, "SelfUpdate": false,
"AllowFraming": false, "AllowFraming": false,
"WebRTC": false "WebRTC": false,
"_mongoDb": "",
"_postgres": {
"host": "",
"port": "",
"user": "",
"password": "",
"database": ""
},
"_mariaDB": {
"host": "",
"port": "",
"user": "",
"password": "",
"database": ""
}
}, },
"domains": { "domains": {
"": { "": {

237
docker/entrypoint.sh Normal file
View File

@ -0,0 +1,237 @@
#!/bin/bash
graceful_shutdown() {
echo "Received SIGTERM. Cleaning up..."
node /opt/meshcentral/meshcentral/meshcentral --stop
echo "MeshCentral process stopped. Exiting..."
exit 0
}
trap graceful_shutdown SIGTERM
### Start MeshCentral Docker Container.
date
echo "Config file: $CONFIG_FILE"
# Failsafe to create a new config if the expected config is not there.
if [ -f "${CONFIG_FILE}" ]; then
echo "Pre-existing config found, not recreating..."
else
cp /opt/meshcentral/config.json.template "${CONFIG_FILE}"
fi
if [[ "$DYNAMIC_CONFIG" =~ ^(true|yes)$ ]]; then
cat $CONFIG_FILE
echo "Using Dynamic Configuration values..."
# BEGIN DATABASE CONFIGURATION FIELDS
if [[ "$USE_MONGODB" =~ ^(true|yes)$ ]]; then
echo "Enabling MongoDB-connector..."
if [[ -n "$MONGO_URL" ]]; then
echo "MONGO_URL is set, using that..."
else
MONGO_URL="${MONGO_URL:-$MONGO_USERNAME:$MONGO_PASS@}$MONGO_HOST:$MONGO_PORT"
fi
ESCAPED_MONGO_URL=$(echo "$MONGO_URL" | sed 's/[\/&?=:]/\\&/g')
sed -i 's/"_mongoDb"/"mongoDb"/' "$CONFIG_FILE"
sed -i "s/\"mongoDb\": *\"[^\"]*\"/\"mongoDb\": \"$ESCAPED_MONGO_URL\"/" "$CONFIG_FILE"
else
echo "Disabling MongoDB-connector..."
sed -i 's/"mongoDb"/"_mongoDb"/' "$CONFIG_FILE"
fi
if [[ "$USE_POSTGRESQL" =~ ^(true|yes)$ ]]; then
echo "Enabling PostgreSQL-connector..."
sed -i 's/"_postgres"/"postgres"/' "$CONFIG_FILE"
jq --arg psql_host "$PSQL_HOST" \
--arg psql_port "$PSQL_PORT" \
--arg psql_user "$PSQL_USER" \
--arg psql_pass "$PSQL_PASS" \
--arg psql_db "$PSQL_DATABASE" \
'.settings.postgres.host = $psql_host |
.settings.postgres.port = $psql_port |
.settings.postgres.user = $psql_user |
.settings.postgres.password = $psql_pass |
.settings.postgres.database = $psql_db' \
"$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
else
echo "Disabling PostgreSQL-connector..."
sed -i 's/"postgres"/"_postgres"/' "$CONFIG_FILE"
fi
if [[ "$USE_MARIADB" =~ ^(true|yes)$ ]]; then
echo "Enabling MariaDB-connector..."
sed -i 's/"_mariaDB"/"mariaDB"/' "$CONFIG_FILE"
jq --arg mariadb_host "$MARIADB_HOST" \
--arg mariadb_port "$MARIADB_PORT" \
--arg mariadb_user "$MARIADB_USER" \
--arg mariadb_pass "$MARIADB_PASS" \
--arg mariadb_db "$MARIADB_DATABASE" \
'.settings.mariaDB.host = $mariadb_host |
.settings.mariaDB.port = $mariadb_port |
.settings.mariaDB.user = $mariadb_user |
.settings.mariaDB.password = $mariadb_pass |
.settings.mariaDB.database = $mariadb_db' \
"$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
else
echo "Disabling MariaDB-connector..."
sed -i 's/"mariaDB"/"_mariaDB"/' "$CONFIG_FILE"
fi
# END DATABASE CONFIGURATION FIELDS
# Doing the bulk with JQ utility. Given the remaining variables an opportunity with Sed.
# The way this works is if the environment variable is empty, it will add a _ in front of the variable, commenting it.
# This will make the default value apply, as per: https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json
echo "Compiling given environment variables..."
echo "If defaults are going to get applied, refer to: https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json"
# SESSIONKEY
if [[ $REGENSESSIONKEY =~ ^(true|yes)$ ]]; then
echo "Regenerating Session-Key because REGENSESSIONKEY is 'true' or 'yes'"
SESSION_KEY=$(tr -dc 'A-Z0-9' < /dev/urandom | fold -w 96 | head -n 1)
sed -i 's/"_sessionKey"/"sessionKey"/' "$CONFIG_FILE"
jq --arg session_key "$SESSION_KEY" \
'.settings.sessionKey = $session_key' \
"$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
else
echo "REGENSESSIONKEY is not 'true' or 'yes', therefore it's being kept as is."
fi
# HOSTNAME
if [[ -n $HOSTNAME ]] && [[ $HOSTNAME =~ ^[a-zA-Z0-9-]+$ ]]; then
echo "Setting hostname (cert)... $HOSTNAME"
jq --arg hostname "$HOSTNAME" \
'.settings.cert = $hostname' \
"$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
else
echo "Invalid or no hostname, defaulting to 'localhost', value given: $HOSTNAME"
jq --arg hostname "localhost" \
'.settings.cert = $hostname' \
"$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
fi
# ALLOW_NEW_ACCOUNTS
if [[ -n $ALLOW_NEW_ACCOUNTS ]] && [[ $ALLOW_NEW_ACCOUNTS =~ ^(true|false)$ ]]; then
echo "Setting NewAccounts... $ALLOW_NEW_ACCOUNTS"
sed -i 's/"_NewAccounts"/"NewAccounts"/' "$CONFIG_FILE"
jq --argjson new_accounts "$ALLOW_NEW_ACCOUNTS" \
'.domains[""].NewAccounts = $new_accounts' \
"$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
else
echo "Invalid or no ALLOW_NEW_ACCOUNTS value given, commenting out so default applies... Value given: $ALLOW_NEW_ACCOUNTS"
sed -i 's/"NewAccounts":/"_NewAccounts":/g' "$CONFIG_FILE"
fi
# ALLOWPLUGINS
if [[ -n $ALLOWPLUGINS ]] && [[ $ALLOWPLUGINS =~ ^(true|false)$ ]]; then
echo "Setting plugins... $ALLOWPLUGINS"
sed -i 's/"_plugins"/"plugins"/' "$CONFIG_FILE"
jq --argjson allow_plugins "$ALLOWPLUGINS" \
'.settings.plugins.enabled = $allow_plugins' \
"$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
else
echo "Invalid or no ALLOWPLUGINS value given, commenting out so default applies... Value given: $ALLOWPLUGINS"
sed -i 's/"plugins":/"_plugins":/g' "$CONFIG_FILE"
fi
# LOCALSESSIONRECORDING
if [[ -n $LOCALSESSIONRECORDING ]] && [[ $LOCALSESSIONRECORDING =~ ^(true|false)$ ]]; then
echo "Setting localSessionRecording... $LOCALSESSIONRECORDING"
sed -i 's/"_localSessionRecording"/"localSessionRecording"/' "$CONFIG_FILE"
jq --argjson session_recording "$LOCALSESSIONRECORDING" \
'.domains[""].localSessionRecording = $session_recording' \
"$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
else
echo "Invalid or no LOCALSESSIONRECORDING value given, commenting out so default applies... Value given: $LOCALSESSIONRECORDING"
sed -i 's/"localSessionRecording":/"_localSessionRecording":/g' "$CONFIG_FILE"
fi
# MINIFY
if [[ -n $MINIFY ]] && [[ $MINIFY =~ ^(true|false)$ ]]; then
echo "Setting minify... $MINIFY"
sed -i 's/"_minify"/"minify"/' "$CONFIG_FILE"
jq --arg minify "$MINIFY" \
'.domains[""].minify = $minify' \
"$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
#sed -i "s/\"minify\": *[a-z]*/\"minify\": $MINIFY/" "$CONFIG_FILE"
else
echo "Invalid or no MINIFY value given, commenting out so default applies... Value given: $MINIFY"
sed -i 's/"minify":/"_minify":/g' "$CONFIG_FILE"
fi
# WEBRTC
if [[ -n $WEBRTC ]] && [[ $WEBRTC =~ ^(true|false)$ ]]; then
echo "Setting WebRTC... $WEBRTC"
sed -i 's/"_WebRTC"/"WebRTC"/' "$CONFIG_FILE"
jq --argjson webrtc "$WEBRTC" \
'.settings.WebRTC = $webrtc' \
"$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
#sed -i "s/\"WebRTC\": *[a-z]*/\"WebRTC\": $WEBRTC/" "$CONFIG_FILE"
else
echo "Invalid or no WEBRTC value given, commenting out so default applies... Value given: $WEBRTC"
sed -i 's/"WebRTC":/"_WebRTC":/g' "$CONFIG_FILE"
fi
# IFRAME
if [[ -n $IFRAME ]] && [[ $IFRAME =~ ^(true|false)$ ]]; then
echo "Setting AllowFraming... $IFRAME"
sed -i 's/"_AllowFraming"/"AllowFraming"/' "$CONFIG_FILE"
jq --argjson allow_framing "$IFRAME" \
'.settings.AllowFraming = $allow_framing' \
"$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
else
echo "Invalid or no IFRAME value given, commenting out so default applies... Value given: $IFRAME"
sed -i 's/"AllowFraming":/"_AllowFraming":/g' "$CONFIG_FILE"
fi
# ALLOWED_ORIGIN
if [[ -n $ALLOWED_ORIGIN ]] && [[ $ALLOWED_ORIGIN =~ ^(true|false)$ ]]; then
echo "Setting allowedOrigin... $ALLOWED_ORIGIN"
sed -i 's/"_allowedOrigin"/"allowedOrigin"/' "$CONFIG_FILE"
jq --arg allowed_origin "$ALLOWED_ORIGIN" \
'.domains[""].allowedOrigin = $allowed_origin' \
"$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
else
echo "Invalid or no ALLOWED_ORIGIN value given, commenting out so default applies... Value given: $ALLOWED_ORIGIN"
sed -i 's/"allowedOrigin":/"_allowedOrigin":/g' "$CONFIG_FILE"
fi
# certUrl
if [[ -n $REVERSE_PROXY ]] && [[ -n $REVERSE_PROXY_TLS_PORT ]]; then
REVERSE_PROXY_STRING="${REVERSE_PROXY}:${REVERSE_PROXY_TLS_PORT}"
echo "Setting certUrl... - $REVERSE_PROXY_STRING"
sed -i 's/"_certUrl"/"certUrl"/' "$CONFIG_FILE"
jq --arg cert_url "$REVERSE_PROXY_STRING" \
'.domains[""].certUrl = $cert_url' \
"$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
#sed -i "s/\"certUrl\": *[a-z]*/\"certUrl\": $REVERSE_PROXY_STRING/" "$CONFIG_FILE"
else
echo "Invalid or no REVERSE_PROXY and/or REVERSE_PROXY_TLS_PORT value given, commenting out so default applies... Value(s) given: $REVERSE_PROXY_STRING"
sed -i 's/"certUrl":/"_certUrl":/g' "$CONFIG_FILE"
fi
echo -e "\n$(cat "$CONFIG_FILE")"
else
echo "Leaving config as-is."
fi
# Actually start MeshCentral.
node /opt/meshcentral/meshcentral/meshcentral --configfile "${CONFIG_FILE}" "${ARGS}" >> /proc/1/fd/1 &
meshcentral_pid=$!
wait "$meshcentral_pid"

127
docker/readme.md
View File

@ -1,127 +0,0 @@
# Create folder-structure and files
```
| - meshcentral/ # this folder contains the persistent data
| - data/ # MeshCentral data-files
| - user_files/ # where file uploads for users live
| - web/ # location for site customization files
| - backup/ # location for the meshcentral-backups
| - .env # environment file with initial variables
| - docker-compose.yml
```
# Templates
## .env
You can place the `config.json` file directly under `./meshcentral/data/`, or use the following `.env` file instead.
```ini
NODE_ENV=production
USE_MONGODB=false
# set already exist mongo connection string url here
MONGO_URL=
# or set following init params for new mongodb, use it with docker-compose file with mongodb version
MONGO_INITDB_ROOT_USERNAME=mongodbadmin
MONGO_INITDB_ROOT_PASSWORD=mongodbpasswd
# initial meshcentral-variables
# the following options are only used if no config.json exists in the data-folder
# your hostname
HOSTNAME=my.domain.com
# set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy
REVERSE_PROXY=false
REVERSE_PROXY_TLS_PORT=
# set to true if you wish to enable iframe support
IFRAME=false
# set to false if you want disable self-service creation of new accounts besides the first (admin)
ALLOW_NEW_ACCOUNTS=true
# set to true to enable WebRTC - per documentation it is not officially released with meshcentral and currently experimental. Use with caution
WEBRTC=false
# set to true to allow plugins
ALLOWPLUGINS=false
# set to true to allow session recording
LOCALSESSIONRECORDING=false
# set to enable or disable minification of json, reduces traffic
MINIFY=true
# set this value to add extra arguments to meshcentral on startup (e.g --debug ldap)
ARGS=
# set to the hostname(s) meshcentral will be reachable on, or true to disable origin checking
# forms allowed "hostname" or "hostname1,hostname2" or ["hostname1","hostname2"]
ALLOWED_ORIGIN=false
```
## docker-compose.yml
```yaml
version: '3'
services:
meshcentral:
restart: always
container_name: meshcentral
# use the official meshcentral container
image: ghcr.io/ylianst/meshcentral:latest
ports:
# MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs
- 8086:443
env_file:
- .env
volumes:
# config.json and other important files live here. A must for data persistence
- ./meshcentral/data:/opt/meshcentral/meshcentral-data
# where file uploads for users live
- ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
# location for the meshcentral-backups - this should be mounted to an external storage
- ./meshcentral/backup:/opt/meshcentral/meshcentral-backups
# location for site customization files
- ./meshcentral/web:/opt/meshcentral/meshcentral-web
```
## docker-compose.yml mongodb
```yaml
version: '3'
networks:
meshcentral-tier:
driver: bridge
services:
mongodb:
restart: always
container_name: mongodb
image: mongo:latest
env_file:
- .env
volumes:
# mongodb data-directory - A must for data persistence
- ./meshcentral/mongodb_data:/data/db
networks:
- meshcentral-tier
meshcentral:
restart: always
container_name: meshcentral
# use the official meshcentral container
image: ghcr.io/ylianst/meshcentral:latest
depends_on:
- mongodb
ports:
# MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs
- 8086:443
env_file:
- .env
volumes:
# config.json and other important files live here. A must for data persistence
- ./meshcentral/data:/opt/meshcentral/meshcentral-data
# where file uploads for users live
- ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
# location for the meshcentral-backups - this should be mounted to an external storage
- ./meshcentral/backup:/opt/meshcentral/meshcentral-backups
# location for site customization files
- ./meshcentral/web:/opt/meshcentral/meshcentral-web
networks:
- meshcentral-tier
```

39
docker/startup.sh
View File

@ -1,39 +0,0 @@
#!/bin/bash
if [ -f "meshcentral-data/${CONFIG_FILE}" ]; then
node meshcentral/meshcentral --configfile "${CONFIG_FILE}" ${ARGS}
else
cp config.json.template meshcentral-data/"${CONFIG_FILE}"
if [ -n "$USE_MONGODB" ] && [ "$USE_MONGODB" == "true" ]; then
if [ -z "$MONGO_URL" ]; then
prefix=""
if [ -n "$MONGO_INITDB_ROOT_USERNAME" ] && [ -n "$MONGO_INITDB_ROOT_PASSWORD" ]; then
prefix="$MONGO_INITDB_ROOT_USERNAME:$MONGO_INITDB_ROOT_PASSWORD@"
fi
MONGO_URL="${prefix}mongodb:27017"
fi
sed -i "s/\"_mongoDb\": null/\"mongoDb\": \"mongodb:\/\/$MONGO_URL\"/" meshcentral-data/"${CONFIG_FILE}"
fi
sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/"${CONFIG_FILE}"
sed -i "s/\"NewAccounts\": true/\"NewAccounts\": $ALLOW_NEW_ACCOUNTS/" meshcentral-data/"${CONFIG_FILE}"
sed -i "s/\"enabled\": false/\"enabled\": $ALLOWPLUGINS/" meshcentral-data/"${CONFIG_FILE}"
sed -i "s/\"localSessionRecording\": false/\"localSessionRecording\": $LOCALSESSIONRECORDING/" meshcentral-data/"${CONFIG_FILE}"
sed -i "s/\"minify\": false/\"minify\": $MINIFY/" meshcentral-data/"${CONFIG_FILE}"
sed -i "s/\"WebRTC\": false/\"WebRTC\": $WEBRTC/" meshcentral-data/"${CONFIG_FILE}"
sed -i "s/\"AllowFraming\": false/\"AllowFraming\": $IFRAME/" meshcentral-data/"${CONFIG_FILE}"
if [[ "$ALLOWED_ORIGIN" =~ ^\[.*\]|^true|^false ]]; then
sed -i "s/\"allowedOrigin\": false/\"allowedOrigin\": $ALLOWED_ORIGIN/" meshcentral-data/"${CONFIG_FILE}"
else
sed -i "s/\"allowedOrigin\": false/\"allowedOrigin\": \"$ALLOWED_ORIGIN\"/" meshcentral-data/"${CONFIG_FILE}"
fi
if [ -z "$SESSION_KEY" ]; then
SESSION_KEY="$(cat /dev/urandom | tr -dc 'A-Z0-9' | fold -w 48 | head -n 1)"
fi
sed -i "s/\"_sessionKey\": \"MyReallySecretPassword1\"/\"sessionKey\": \"$SESSION_KEY\"/" meshcentral-data/"${CONFIG_FILE}"
if [ "$REVERSE_PROXY" != "false" ]; then
sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/"${CONFIG_FILE}"
node meshcentral/meshcentral --configfile "${CONFIG_FILE}" ${ARGS}
exit
fi
node meshcentral/meshcentral --configfile "${CONFIG_FILE}" --cert "$HOSTNAME" ${ARGS}
fi

0
docker/docker.build.sh → docker/tools/docker.build.sh
View File