{ "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json", "__comment__": "This is a sample configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.", "settings": { "_cert": "myserver.mydomain.com", "_mongoDb": "mongodb://127.0.0.1:27017", "_mongoDbName": "meshcentral", "_mongoDbChangeStream": true, "_mongoDumpPath": "C:\\Program Files\\MongoDB\\Server\\4.2\\bin\\mongodump.exe", "_WANonly": true, "_LANonly": true, "_sessionTime": 30, "_sessionKey": "MyReallySecretPassword1", "_sessionSameSite": "strict", "_dbEncryptKey": "MyReallySecretPassword2", "_dbRecordsEncryptKey": "MyReallySecretPassword", "_dbRecordsDecryptKey": "MyReallySecretPassword", "__dbExpire": "Amount of time to keep various events in the database, in seconds. Below are the default values.", "_dbExpire": { "events": 1728000, "powerevents": 864000, "statsevents": 2592000 }, "port": 443, "_portBind": "127.0.0.1", "_aliasPort": 444, "_redirPort": 80, "_redirPortBind": "127.0.0.1", "_redirAliasPort": 80, "_agentPort": 1234, "_agentPortBind": "127.0.0.1", "_agentAliasPort": 1234, "_agentAliasDNS": "agents.myserver.mydomain.com", "_agentPortTls": true, "_exactPorts": true, "_allowLoginToken": true, "_allowFraming": true, "_cookieIpCheck": false, "_cookieEncoding": "hex", "_compression": false, "_webRTC": false, "_nice404": false, "_clickOnce": false, "_selfUpdate": true, "_browserPing": 60, "_browserPong": 60, "_agentPing": 60, "_agentPong": 60, "_agentIdleTimeout": 150, "_meshErrorLogPath": "c:\\tmp", "_npmPath": "c:\\npm.exe", "_npmProxy": "http://1.2.3.4:80", "_allowHighQualityDesktop": true, "_desktopMultiplex": true, "_userAllowedIP": "127.0.0.1,192.168.1.0/24", "_userBlockedIP": "127.0.0.1,::1,192.168.0.100", "_agentAllowedIP": "192.168.0.100/24", "_agentBlockedIP": "127.0.0.1,::1", "_authLog": "c:\\temp\\auth.log", "_manageAllDeviceGroups": [ "user//admin" ], "_manageCrossDomain": [ "user//admin" ], "_localDiscovery": { "name": "Local server name", "info": "Information about this server" }, "_tlsOffload": "127.0.0.1,::1", "_trustedProxy": "127.0.0.1,::1", "_mpsPort": 44330, "_mpsPortBind": "127.0.0.1", "_mpsAliasPort": 4433, "_mpsAliasHost": "mps.mydomain.com", "_mpsTlsOffload": true, "_no2FactorAuth": true, "_log": "main,web,webrequest,cert", "_syslog": "meshcentral", "_syslogauth": "meshcentral-auth", "_syslogjson": "meshcentral-json", "_webrtcConfig": { "iceServers": [ { "urls": "stun:stun.services.mozilla.com" }, { "urls": "stun:stun.l.google.com:19302" } ] }, "_autoBackup": { "backupIntervalHours": 24, "keepLastDaysBackup": 10, "zipPassword": "MyReallySecretPassword3", "_backupPath": "C:\\backups" }, "_redirects": { "meshcommander": "https://www.meshcommander.com/" }, "__maxInvalidLogin": "Time in minutes, max amount of bad logins from a source IP in the time before logins are rejected.", "_maxInvalidLogin": { "time": 10, "count": 10, "coolofftime": 10 }, "watchDog": { "interval": 100, "timeout": 400 }, "_plugins": { "enabled": true } }, "_domaindefaults": { "__comment__": "Any settings in this section is used as default setting for all domains", "title": "MyDefaultTitle", "footer": "Default page footer", "newAccounts": false }, "_domains": { "": { "title": "MyServer", "title2": "Servername", "_titlePicture": "title-sample.png", "_userQuota": 1048576, "_meshQuota": 248576, "minify": true, "_newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "_userNameIsEmail": true, "_newAccountEmailDomains": [ "sample.com" ], "_newAccountsRights": [ "nonewgroups", "notools" ], "_welcomeText": "Sample Text on Login Page.", "_welcomePicture": "mainwelcome.jpg", "___hide__": "Sum of: 1 = Hide header, 2 = Hide tab, 4 = Hide footer, 8 = Hide title, 16 = Hide left bar", "_hide": 4, "_footer": "Twitter", "_certUrl": "https://192.168.2.106:443/", "_passwordRequirements": { "min": 8, "max": 128, "upper": 1, "lower": 1, "numeric": 1, "nonalpha": 1, "reset": 90, "force2factor": true, "skip2factor": "127.0.0.1,192.168.2.0/24" }, "_agentInviteCodes": true, "_agentNoProxy": true, "_geoLocation": true, "_novnc": false, "_mstsc": true, "_WebEmailsPath": "/myserver/email-templates", "_consentMessages": { "title": "MeshCentral", "desktop": "{0} requesting remote desktop access. Grant access?", "terminal": "{0} requesting remote terminal access. Grant access?", "files": "{0} requesting remote files access. Grant access?" }, "_notificationMessages": { "title": "MeshCentral", "desktop": "{0} started a remote desktop session.", "terminal": "{0} started a remote terminal session.", "files": "{0} started a remote files session." }, "_userAllowedIP": "127.0.0.1,192.168.1.0/24", "_userBlockedIP": "127.0.0.1,::1,192.168.0.100", "_agentAllowedIP": "192.168.0.100/24", "_agentBlockedIP": "127.0.0.1,::1", "___userSessionIdleTimeout__": "Number of user idle minutes before auto-disconnect", "_userSessionIdleTimeout": 30, "__userConsentFlags__": "Set to: 1 for desktop, 2 for terminal, 3 for files, 7 for all", "_userConsentFlags": 7, "_urlSwitching": false, "_desktopPrivacyBarText": "Your privacy bar message", "_limits": { "_maxDevices": 100, "_maxUserAccounts": 100, "_maxUserSessions": 100, "_maxAgentSessions": 100, "maxSingleUserSessions": 10 }, "_amtScanOptions": [ "LabNetwork 192.168.15.0/23", "SalesNetwork 192.168.8.0/24" ], "_amtAcmActivation": { "log": "amtactivation.log", "certs": { "mycertname": { "certfiles": [ "amtacm-leafcert.crt", "amtacm-intermediate1.crt", "amtacm-intermediate2.crt", "amtacm-rootcert.crt" ], "keyfile": "amtacm-leafcert.key" } } }, "_redirects": { "meshcommander": "https://www.meshcommander.com/" }, "_yubikey": { "id": "0000", "secret": "xxxxxxxxxxxxxxxxxxxxx", "_proxy": "http://myproxy.domain.com:80" }, "_httpHeaders": { "Strict-Transport-Security": "max-age=360000", "x-frame-options": "SAMEORIGIN", "Content-Security-Policy": "default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-src 'self'; media-src 'self'" }, "_agentConfig": [ "webSocketMaskOverride=1", "coreDumpEnabled=1" ], "_sessionRecording": { "_filepath": "C:\\temp", "_index": true, "_maxRecordings": 10, "_maxRecordingSizeMegabytes": 3, "__protocols__": "Is an array: 1 = Terminal, 2 = Desktop, 5 = Files, 100 = Intel AMT WSMAN, 101 = Intel AMT Redirection", "protocols": [ 1, 2, 101 ] }, "_authStrategies": { "__comment__": "This section is used to allow users to login using other accounts. You will need to get an API key from the services and register callback URL's", "twitter": { "_callbackurl": "https://server/auth-twitter-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "clientid": "xxxxxxxxxxxxxxxxxxxxxxx", "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }, "google": { "_callbackurl": "https://server/auth-google-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "clientid": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com", "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxx" }, "github": { "_callbackurl": "https://server/auth-github-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "clientid": "xxxxxxxxxxxxxxxxxxxxxxx", "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }, "reddit": { "_callbackurl": "https://server/auth-reddit-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "clientid": "xxxxxxxxxxxxxxxxxxxxxxx", "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }, "azure": { "_callbackurl": "https://server/auth-azure-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "clientid": "00000000-0000-0000-0000-000000000000", "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "tenantid": "00000000-0000-0000-0000-000000000000" }, "jumpcloud": { "_callbackurl": "https://server/auth-jumpcloud-callback", "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "entityid": "meshcentral", "idpurl": "https://sso.jumpcloud.com/saml2/saml2", "cert": "jumpcloud-saml.pem" }, "saml": { "_callbackurl": "https://server/auth-saml-callback", "_disableRequestedAuthnContext": true, "newAccounts": true, "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], "_newAccountsRights": [ "nonewgroups", "notools" ], "entityid": "meshcentral", "idpurl": "https://server/saml2", "cert": "saml.pem" } } }, "_customer1": { "_dns": "customer1.myserver.com", "_title": "Customer1", "_title2": "TestServer", "_newAccounts": 1, "_auth": "sspi", "__auth": "ldap", "_LDAPUserName": "gecos", "_LDAPUserKey": "uid", "_LDAPUserEmail": "otherMail", "_LDAPPptions": { "url": "test", "anne": { "gecos": "Anne O'Nyme", "displayName": "O Nyme anne", "uid": "anneonyme", "mail": "anneonyme@example.com", "email": "anneonyme@example.com", "otherMail": [ "other.anneonyme@example.com", "anneonyme@example.com" ] }, "so": { "displayName": "Sticker Sophie", "gecos": "Sophie Sticker", "uid": "ssticker", "mail": "ssticker@example.com", "email": "ssticker@example.com", "otherMail": [ "other.ssticker@example.com", "ssticker@example.com" ] } }, "__LDAPOptions": { "URL": "ldap://1.2.3.4:389", "BindDN": "CN=svc_meshcentral,CN=Users,DC=meshcentral,DC=local", "BindCredentials": "Password.1", "SearchBase": "DC=meshcentral,DC=local", "SearchFilter": "(sAMAccountName={{username}})" }, "_footer": "Test", "_certUrl": "https://192.168.2.106:443/" }, "_info": { "_share": "C:\\ExtraWebSite" } }, "_letsencrypt": { "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.", "email": "myemail@myserver.com", "names": "myserver.com,customer1.myserver.com", "production": false }, "_peers": { "serverId": "server1", "servers": { "server1": { "url": "wss://192.168.2.133:443/" }, "server2": { "url": "wss://192.168.1.106:443/" } } }, "_smtp": { "host": "smtp.myserver.com", "port": 25, "from": "myemail@myserver.com", "__tls__": "When 'tls' is set to true, TLS is used immidiatly when connecting. For SMTP servers that use TLSSTART, set this to 'false' and TLS will still be used.", "tls": false, "___tlscertcheck__": "When set to false, the TLS certificate of the SMTP server is not checked.", "_tlscertcheck": false, "__tlsstrict__": "When set to true, TLS cypher setup is more limited, SSLv2 and SSLv3 are not allowed.", "_tlsstrict": true }, "_sms": { "provider": "twilio", "sid": "ACxxxxxxxxx", "auth": "xxxxxxx", "from": "+1-555-555-5555" }, "__sms": { "provider": "plivo", "id": "xxxxxxx", "token": "xxxxxxx", "from": "1-555-555-5555" } }