{ "__comment__" : "This is a sample configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.", "settings": { "_Cert": "myserver.mydomain.com", "_MongoDb": "mongodb://127.0.0.1:27017", "_MongoDbName": "meshcentral", "_MongoDbChangeStream": true, "_MongoDumpPath": "C:\\Program Files\\MongoDB\\Server\\4.2\\bin\\mongodump.exe", "_WANonly": true, "_LANonly": true, "_SessionTime": 30, "_SessionKey": "MyReallySecretPassword1", "_SessionSameSite": "strict", "_DbEncryptKey": "MyReallySecretPassword2", "_DbRecordsEncryptKey": "MyReallySecretPassword", "_DbRecordsDecryptKey": "MyReallySecretPassword", "__DbExpire": "Amount of time to keep various events in the database, in seconds. Below are the default values.", "_DbExpire": { "events": 1728000, "powerevents": 864000, "statsevents": 2592000 }, "_Port": 443, "_PortBind": "127.0.0.1", "_AliasPort": 444, "_RedirPort": 80, "_RedirPortBind": "127.0.0.1", "_RedirAliasPort": 80, "_AgentPort": 1234, "_AgentPortBind": "127.0.0.1", "_AgentAliasPort": 1234, "_AgentAliasDNS": "agents.myserver.mydomain.com", "_AgentPortTls": true, "_ExactPorts": true, "_AllowLoginToken": true, "_AllowFraming": true, "_CookieIpCheck": false, "_CookieEncoding": "hex", "_WebRTC": false, "_Nice404": false, "_ClickOnce": false, "_SelfUpdate": true, "_BrowserPing": 60, "_BrowserPong": 60, "_AgentPing": 60, "_AgentPong": 60, "_AgentIdleTimeout": 150, "_MeshErrorLogPath": "c:\\tmp", "_NpmPath": "c:\\npm.exe", "_NpmProxy": "http://1.2.3.4:80", "_AllowHighQualityDesktop": true, "_DesktopMultiplex": true, "_UserAllowedIP": "127.0.0.1,192.168.1.0/24", "_UserBlockedIP": "127.0.0.1,::1,192.168.0.100", "_AgentAllowedIP": "192.168.0.100/24", "_AgentBlockedIP": "127.0.0.1,::1", "_AuthLog": "c:\\temp\\auth.log", "_ManageAllDeviceGroups": [ "user//admin" ], "_ManageCrossDomain": [ "user//admin" ], "_LocalDiscovery": { "name": "Local server name", "info": "Information about this server" }, "_TlsOffload": "127.0.0.1,::1", "_TrustedProxy": "127.0.0.1,::1", "_MpsPort": 44330, "_MpsPortBind": "127.0.0.1", "_MpsAliasPort": 4433, "_MpsAliasHost": "mps.mydomain.com", "_MpsTlsOffload": true, "_No2FactorAuth": true, "_Log": "main,web,webrequest,cert", "_syslog": "meshcentral", "_syslogauth": "meshcentral-auth", "_syslogjson": "meshcentral-json", "_WebRtConfig": { "iceServers": [ { "urls": "stun:stun.services.mozilla.com" }, { "urls": "stun:stun.l.google.com:19302" } ] }, "_AutoBackup": { "backupIntervalHours": 24, "keepLastDaysBackup": 10, "zipPassword": "MyReallySecretPassword3", "_backupPath": "C:\\backups" }, "_Redirects": { "meshcommander": "https://www.meshcommander.com/" }, "__MaxInvalidLogin": "Time in minutes, max amount of bad logins from a source IP in the time before logins are rejected.", "_MaxInvalidLogin": { "time": 10, "count": 10, "coolofftime": 10 }, "_Plugins": { "enabled": true } }, "_domaindefaults": { "__comment__": "Any settings in this section is used as default setting for all domains", "Title": "MyDefaultTitle", "Footer": "Default page footer", "NewAccounts": false }, "_domains": { "": { "Title": "MyServer", "Title2": "Servername", "_TitlePicture": "title-sample.png", "_UserQuota": 1048576, "_MeshQuota": 248576, "Minify": true, "_NewAccounts": true, "_NewAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "_UserNameIsEmail": true, "_NewAccountEmailDomains": [ "sample.com" ], "_NewAccountsRights": [ "nonewgroups", "notools" ], "_WelcomeText": "Sample Text on Login Page.", "_WelcomePicture": "mainwelcome.jpg", "___Hide__": "Sum of: 1 = Hide header, 2 = Hide tab, 4 = Hide footer, 8 = Hide title, 16 = Hide left bar", "_Hide": 4, "_Footer": "Twitter", "_CertUrl": "https://192.168.2.106:443/", "_PasswordRequirements": { "min": 8, "max": 128, "upper": 1, "lower": 1, "numeric": 1, "nonalpha": 1, "reset": 90, "force2factor": true, "skip2factor": "127.0.0.1,192.168.2.0/24" }, "_AgentInviteCodes": true, "_AgentNoProxy": true, "_GeoLocation": true, "_novnc": false, "_mstsc": true, "_consentMessages": { "Title": "MeshCentral", "Desktop": "{0} requesting remote desktop access. Grant access?", "Terminal": "{0} requesting remote terminal access. Grant access?", "Files": "{0} requesting remote files access. Grant access?" }, "_notificationMessages": { "Title": "MeshCentral", "Desktop": "{0} started a remote desktop session.", "Terminal": "{0} started a remote terminal session.", "Files": "{0} started a remote files session." }, "_UserAllowedIP": "127.0.0.1,192.168.1.0/24", "_UserBlockedIP": "127.0.0.1,::1,192.168.0.100", "_AgentAllowedIP": "192.168.0.100/24", "_AgentBlockedIP": "127.0.0.1,::1", "___UserSessionIdleTimeout__" : "Number of user idle minutes before auto-disconnect", "_UserSessionIdleTimeout" : 30, "__UserConsentFlags__" : "Set to: 1 for desktop, 2 for terminal, 3 for files, 7 for all", "_UserConsentFlags" : 7, "_UrlSwitching": false, "_DesktopPrivacyBarText": "Your privacy bar message", "_Limits": { "_MaxDevices": 100, "_MaxUserAccounts": 100, "_MaxUserSessions": 100, "_MaxAgentSessions": 100, "MaxSingleUserSessions": 10 }, "_AmtAcmActivation": { "log": "amtactivation.log", "certs": { "mycertname": { "certfiles": [ "amtacm-leafcert.crt", "amtacm-intermediate1.crt", "amtacm-intermediate2.crt", "amtacm-rootcert.crt" ], "keyfile": "amtacm-leafcert.key" } } }, "_Redirects": { "meshcommander": "https://www.meshcommander.com/" }, "_yubikey": { "id": "0000", "secret": "xxxxxxxxxxxxxxxxxxxxx", "_proxy": "http://myproxy.domain.com:80" }, "_httpheaders": { "Strict-Transport-Security": "max-age=360000", "x-frame-options": "SAMEORIGIN", "Content-Security-Policy": "default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-src 'self'; media-src 'self'" }, "_agentConfig": [ "webSocketMaskOverride=1" ], "_SessionRecording": { "_filepath": "C:\\temp", "_index": true, "_maxRecordings": 10, "_maxRecordingSizeMegabytes": 3, "__protocols__": "Is an array: 1 = Terminal, 2 = Desktop, 5 = Files, 100 = Intel AMT WSMAN, 101 = Intel AMT Redirection", "protocols": [ 1, 2, 101 ] }, "_authStrategies": { "__comment__" : "This section is used to allow users to login using other accounts. You will need to get an API key from the services and register callback URL's", "twitter": { "_callbackurl": "https://server/auth-twitter-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "clientid": "xxxxxxxxxxxxxxxxxxxxxxx", "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }, "google": { "_callbackurl": "https://server/auth-google-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "clientid": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com", "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxx" }, "github": { "_callbackurl": "https://server/auth-github-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "clientid": "xxxxxxxxxxxxxxxxxxxxxxx", "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }, "reddit": { "_callbackurl": "https://server/auth-reddit-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "clientid": "xxxxxxxxxxxxxxxxxxxxxxx", "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }, "azure": { "_callbackurl": "https://server/auth-azure-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "clientid": "00000000-0000-0000-0000-000000000000", "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "tenantid": "00000000-0000-0000-0000-000000000000" }, "jumpcloud": { "_callbackurl": "https://server/auth-jumpcloud-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "entityid": "meshcentral", "idpurl": "https://sso.jumpcloud.com/saml2/saml2", "cert": "jumpcloud-saml.pem" }, "saml": { "_callbackurl": "https://server/auth-saml-callback", "_disableRequestedAuthnContext": true, "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "_newAccountsRights": [ "nonewgroups", "notools" ], "entityid": "meshcentral", "idpurl": "https://server/saml2", "cert": "saml.pem" } } }, "_customer1": { "_DNS": "customer1.myserver.com", "_Title": "Customer1", "_Title2": "TestServer", "_NewAccounts": 1, "_Auth": "sspi", "__Auth": "ldap", "_LDAPUserName": "gecos", "_LDAPUserKey": "uid", "_LDAPUserEmail": "otherMail", "_LDAPPptions": { "URL": "test", "anne": { "gecos": "Anne O'Nyme", "displayName": "O Nyme anne", "uid": "anneonyme", "mail": "anneonyme@example.com", "email": "anneonyme@example.com", "otherMail": [ "other.anneonyme@example.com", "anneonyme@example.com" ] }, "so": { "displayName": "Sticker Sophie", "gecos": "Sophie Sticker", "uid": "ssticker", "mail": "ssticker@example.com", "email": "ssticker@example.com", "otherMail": [ "other.ssticker@example.com", "ssticker@example.com" ] } }, "__LDAPOptions": { "URL": "ldap://1.2.3.4:389", "BindDN": "CN=svc_meshcentral,CN=Users,DC=meshcentral,DC=local", "BindCredentials": "Password.1", "SearchBase": "DC=meshcentral,DC=local", "SearchFilter": "(sAMAccountName={{username}})" }, "_Footer": "Test", "_CertUrl": "https://192.168.2.106:443/" }, "_info": { "_share": "C:\\ExtraWebSite" } }, "_letsencrypt": { "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.", "email": "myemail@myserver.com", "names": "myserver.com,customer1.myserver.com", "production": false }, "_peers": { "serverId": "server1", "servers": { "server1": { "url": "wss://192.168.2.133:443/" }, "server2": { "url": "wss://192.168.1.106:443/" } } }, "_smtp": { "host": "smtp.myserver.com", "port": 25, "from": "myemail@myserver.com", "__tls__": "When 'tls' is set to true, TLS is used immidiatly when connecting. For SMTP servers that use TLSSTART, set this to 'false' and TLS will still be used.", "tls": false, "___tlscertcheck__": "When set to false, the TLS certificate of the SMTP server is not checked.", "_tlscertcheck": false, "__tlsstrict__": "When set to true, TLS cypher setup is more limited, SSLv2 and SSLv3 are not allowed.", "_tlsstrict": true }, "_sms": { "provider": "twilio", "sid": "ACxxxxxxxxx", "auth": "xxxxxxx", "from": "+1-555-555-5555" }, "__sms": { "provider": "plivo", "id": "xxxxxxx", "token": "xxxxxxx", "from": "1-555-555-5555" } }