439 lines
26 KiB
JSON
439 lines
26 KiB
JSON
{
|
|
"id": "http://info.meshcentral.com/download/meshcentral-config-schema.json",
|
|
"$schema": "http://json-schema.org/draft-04/schema#",
|
|
"description": "MeshCentral configuration file schema",
|
|
"type": "object",
|
|
"properties": {
|
|
"settings": {
|
|
"type": "object",
|
|
"properties": {
|
|
"cert": { "type": "string", "description": "Set this to the primary DNS name of this MeshCentral server." },
|
|
"mongoDb": { "type": "string" },
|
|
"mongoDbName": { "type": "string" },
|
|
"mongoDbChangeStream": { "type": "boolean" },
|
|
"mongoDumpPath": { "type": "string" },
|
|
"WANonly": { "type": "boolean", "default": false, "description": "When enabled, only MeshCentral WAN features are enabled and agents will connect to the server using a well known DNS name." },
|
|
"LANonly": { "type": "boolean", "default": false, "description": "When enabled, only MeshCentral LAN features are enabled and agents will find the server using multicast LAN packets." },
|
|
"sessionTime": { "type": "integer" },
|
|
"sessionKey": { "type": "string" },
|
|
"sessionSameSite": { "type": "string" },
|
|
"dbEncryptKey": { "type": "string" },
|
|
"dbRecordsEncryptKey": { "type": "string" },
|
|
"dbRecordsDecryptKey": { "type": "string" },
|
|
"dbExpire": {
|
|
"type": "object",
|
|
"properties": {
|
|
"events": { "type": "integer", "default": 1728000, "description": "Amount of time in seconds that events are kept in the database." },
|
|
"powerevents": { "type": "integer", "default": 864000, "description": "Amount of time in seconds that device power events are kept in the database." },
|
|
"statsevents": { "type": "integer", "default": 2592000, "description": "Amount of time in seconds that server statistics are kept in the database." }
|
|
}
|
|
},
|
|
"port": { "type": "integer", "minimum": 1, "maximum": 65535 },
|
|
"portBind": { "type": "string", "description": "When set, bind the HTTPS main port to a specific network address." },
|
|
"aliasPort": { "type": "integer", "minimum": 1, "maximum": 65535 },
|
|
"redirPort": { "type": "integer", "minimum": 1, "maximum": 65535 },
|
|
"redirPortBind": { "type": "string", "description": "When set, bind the HTTP redirection port to a specific network address." },
|
|
"redirAliasPort": { "type": "integer", "minimum": 1, "maximum": 65535 },
|
|
"agentPort": { "type": "integer", "minimum": 1, "maximum": 65535, "description": "When set, enabled a new HTTPS server port that only accepts agent connections." },
|
|
"agentPortBind": { "type": "string", "description": "When set, binds the agent port to a specific network interface." },
|
|
"agentAliasPort": { "type": "integer", "minimum": 1, "maximum": 65535, "description": "When set, indicates the actual publically visible agent-only port. If not set, the AgentPort value is used." },
|
|
"agentAliasDNS": { "type": "string", "format": "hostname", "description": "When set, specified the DNS name used by agents to connect to the agent-only port." },
|
|
"agentPortTls": { "type": "boolean", "default": true, "description": "Indicates if the agent-only port must perform TLS, this should be set to false if TLS is performed in front of this server." },
|
|
"agentCoreDump": { "type": "boolean", "default": false, "description": "Automatically activates and transfers any agent crash dump files to the server in meshcentral-data/coredumps." },
|
|
"exactPorts": { "type": "boolean", "default": false },
|
|
"allowLoginToken": { "type": "boolean", "default": false },
|
|
"allowFraming": { "type": "boolean", "default": false, "description": "When enabled, the MeshCentral web site can be embedded within another website's iframe." },
|
|
"cookieIpCheck": { "type": "boolean" },
|
|
"cookieEncoding": { "type": "string", "enum": [ "hex", "base64" ], "default": "base64", "description": "Encoding format of cookies in the HTTP headers, this is typically Base64 but some reverse proxies will require HEX." },
|
|
"webRTC": { "type": "boolean", "default": false, "description": "When enabled, allows use of WebRTC to allow direct network traffic between the agent and browser." },
|
|
"nice404": { "type": "boolean", "default": true, "description": "By default, a nice looking 404 error page is displayed when needed. Set this to false to disable it." },
|
|
"clickOnce": { "type": "boolean", "default": true, "description": "By default Microsoft ClickOnce support is enabled allowing connection routing from the web site on IE browser and browsers with ClickOnce add-in." },
|
|
"selfUpdate": { "type": "boolean", "default": false, "description": "When true, this server will attempt to self-update everyday after midnight." },
|
|
"browserPing": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the browser at x seconds interval and expects a response from the browser." },
|
|
"browserPong": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the browser at x seconds interval." },
|
|
"agentsInRam": { "type": "boolean", "default": false, "description": "Loads all agent binaries in RAM for faster agent updates." },
|
|
"agentPing": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval and expects a response from the agent." },
|
|
"agentPong": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval." },
|
|
"orphanAgentUser": { "type": "string", "default": null, "description": "If an agent attempts to connect to a unknown device group, automatically create a new device group and grant access to the specified user. Example: admin" },
|
|
"agentIdleTimeout": { "type": "integer", "minimum": 1 },
|
|
"compression": { "type": "boolean", "default": true, "description": "Enables GZIP compression for web requests." },
|
|
"wscompression": { "type": "boolean", "default": false, "description": "Enables server-side, websocket per-message deflate compression." },
|
|
"agentwscompression": { "type": "boolean", "default": true, "description": "Enables agent-side, websocket per-message deflate compression. wscompression must also be true for this to work." },
|
|
"meshErrorLogPath": { "type": "string" },
|
|
"npmPath": { "type": "string" },
|
|
"npmProxy": { "type": "string", "format": "uri" },
|
|
"allowHighQualityDesktop": { "type": "boolean", "default": true },
|
|
"desktopMultiplex": { "type": "boolean", "default": false },
|
|
"userAllowedIP": { "type": [ "string", "array" ] },
|
|
"userBlockedIP": { "type": [ "string", "array" ] },
|
|
"agentAllowedIP": { "type": [ "string", "array" ] },
|
|
"agentBlockedIP": { "type": [ "string", "array" ] },
|
|
"authLog": { "type": "string" },
|
|
"manageAllDeviceGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
|
|
"manageCrossDomain": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
|
|
"localDiscovery": {
|
|
"type": "object",
|
|
"description": "When this server is in LAN mode, you may discover this server using a multicast discovery tool. When discovery happens, the name and info fields are sent back to the discovery tool.",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"name": { "type": "string" },
|
|
"info": { "type": "string" },
|
|
"key": { "type": "string", "description": "When set, encrypts all LAN discovery traffic to agents and tools using this key. This is only useful in LAN/Hybrid mode when agents and tools user multicast to find the server." }
|
|
},
|
|
"required": [ "name", "info" ]
|
|
},
|
|
"tlsOffload": { "type": [ "string", "boolean" ], "default": false },
|
|
"trustedProxy": { "type": "string" },
|
|
"mpsPort": { "type": "integer", "minimum": 1, "maximum": 65535 },
|
|
"mpsPortBind": { "type": "string" },
|
|
"mpsAliasPort": { "type": "integer", "minimum": 1, "maximum": 65535 },
|
|
"mpsAliasHost": { "type": "string" },
|
|
"mpsTlsOffload": { "type": "boolean", "default": false },
|
|
"no2FactorAuth": { "type": "boolean" },
|
|
"log": { "type": "string" },
|
|
"syslog": { "type": "string" },
|
|
"syslogauth": { "type": "string" },
|
|
"syslogjson": { "type": "string" },
|
|
"webrtcConfig": {
|
|
"type": "object",
|
|
"properties": {
|
|
"iceServers": { "type": "array", "uniqueItems": true, "items": { "type": "object", "properties": { "urls": { "type": "string" } }, "required": [ "urls" ] } }
|
|
},
|
|
"required": [ "iceServers" ]
|
|
},
|
|
"autoBackup": {
|
|
"type": "object",
|
|
"properties": {
|
|
"backupIntervalHours": { "type": "integer" },
|
|
"keepLastDaysBackup": { "type": "integer" },
|
|
"zipPassword": { "type": "string" },
|
|
"backupPath": { "type": "string" },
|
|
"googleDrive": {
|
|
"type": "object",
|
|
"description": "Enabled automated upload of the server backups to a Google Drive account, once enabled you need to go in \"My Server\" tab as administrator to associate the account.",
|
|
"properties": {
|
|
"folderName": { "type": "integer", "default": "MeshCentral-Backups", "description": "The name of the folder to create in the Google Drive account." },
|
|
"maxFiles": { "type": "string", "default": null, "description": "The maximum number of files to keep in the Google Drive folder, older files will be removed if needed." }
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"redirects": { "type": "object" },
|
|
"maxInvalidLogin": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"time": { "type": "integer" },
|
|
"count": { "type": "integer" },
|
|
"coolofftime": { "type": "integer" }
|
|
}
|
|
},
|
|
"plugins": {
|
|
"type": "object",
|
|
"properties": { "enabled": { "type": "boolean" } },
|
|
"required": [ "enabled" ]
|
|
}
|
|
}
|
|
},
|
|
"domaindefaults": { "$ref": "#/properties/domains/items" },
|
|
"domains": {
|
|
"type": "object",
|
|
"items": {
|
|
"type": "object",
|
|
"properties": {
|
|
"title": { "type": "string" },
|
|
"title2": { "type": "string" },
|
|
"titlePicture": { "type": "string" },
|
|
"userQuota": { "type": "integer" },
|
|
"meshQuota": { "type": "integer" },
|
|
"minify": { "type": "boolean", "default": false, "description": "When enabled, the server will send reduced sided web pages." },
|
|
"newAccounts": { "type": "boolean" },
|
|
"newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
|
|
"userNameIsEmail": { "type": "boolean", "default": false, "description": "When enabled, the username of each account is also the email address of the account." },
|
|
"newAccountEmailDomains": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
|
|
"newAccountsRights": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
|
|
"welcomeText": { "type": "string", "description": "Text that will be shown on the login screen." },
|
|
"welcomePicture": { "type": "string", "description": "Name of the JPG file that will be shown on the login screen. Out this file in the meshcentral-data folder and place the name here." },
|
|
"hide": { "type": "integer" },
|
|
"footer": { "type": "string" },
|
|
"certUrl": { "type": "string", "format": "uri", "description": "https url when to get the TLS certificate that MeshAgent's will see when connecting to this server. This setting is used when a reverse proxy like NGINX is used in front of MeshCentral." },
|
|
"passwordRequirements": {
|
|
"type": "object",
|
|
"properties": {
|
|
"min": { "type": "integer", "description": "Minimum number of characters allowed for the account password." },
|
|
"max": { "type": "integer", "description": "Maximum number of characters allowed for the account password." },
|
|
"upper": { "type": "integer", "description": "Minimum number of upper case characters required in the password." },
|
|
"lower": { "type": "integer", "description": "Minimum number of lower case characters required in the password." },
|
|
"numeric": { "type": "integer", "description": "Minimum number of numeric characters required in the password." },
|
|
"nonalpha": { "type": "integer", "description": "Minimum number of non-alpha-numeric characters required in the password." },
|
|
"reset": { "type": "integer", "description": "Number of days after which the user is required to change the account password." },
|
|
"force2factor": { "type": "boolean", "description": "Requires that all accounts setup 2FA." },
|
|
"skip2factor": { "type": "string", "description": "IP addresses where 2FA login is skipped, for example: 127.0.0.1,192.168.2.0/24" },
|
|
"oldPasswordBan": { "type": "integer", "description": "Number of old passwords the server should remember and not allow the user to switch back to." },
|
|
"banCommonPasswords": { "type": "boolean", "description": "Uses WildLeek to block use of the 10000 most commonly used passwords." }
|
|
}
|
|
},
|
|
"agentInviteCodes": { "type": "boolean", "default": false, "description": "Enabled a feature where you can set one or more invitation codes in a device group. You can then give a invitation link to users who can use it to download the agent." },
|
|
"agentNoProxy": { "type": "boolean", "default": false, "description": "When enabled, all newly installed MeshAgents will be instructed to no use a HTTP/HTTPS proxy even if one is configured on the remote system" },
|
|
"geoLocation": { "type": "boolean", "default": false, "description": "Enables the geo-location feature and device location map in the user interface, this feature is not being worked on." },
|
|
"novnc": { "type": "boolean", "default": true, "description": "When enabled, activates the built-in web-based noVNC client." },
|
|
"mstsc": { "type": "boolean", "default": false, "description": "When enabled, activates the built-in web-based RDP client." },
|
|
"webEmailsPath": { "type": "string", "description": "Path where to find custom email templates for this domain." },
|
|
"customUI": { "type": "object" },
|
|
"consentMessages": {
|
|
"type": "object",
|
|
"description": "This section is user to customize user consent prompts, these show up when asking if a remote session is allowed or not.",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"Title": { "type": "string" },
|
|
"Desktop": { "type": "string" },
|
|
"Terminal": { "type": "string" },
|
|
"Files": { "type": "string" }
|
|
}
|
|
},
|
|
"notificationMessages": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"description": "This section is user to customize user notifications when a remote desktop, terminal or file session is connected to a remote system.",
|
|
"properties": {
|
|
"Title": { "type": "string" },
|
|
"Desktop": { "type": "string" },
|
|
"Terminal": { "type": "string" },
|
|
"Files": { "type": "string" }
|
|
}
|
|
},
|
|
"userAllowedIP": { "type": "string" },
|
|
"userBlockedIP": { "type": "string" },
|
|
"agentAllowedIP": { "type": "string" },
|
|
"agentBlockedIP": { "type": "string" },
|
|
"userSessionIdleTimeout": { "type": "integer" },
|
|
"userConsentFlags": { "type": "integer" },
|
|
"urlSwitching": { "type": "boolean" },
|
|
"desktopPrivacyBarText": { "type": "string" },
|
|
"limits": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"MaxDevices": { "type": "integer" },
|
|
"MaxUserAccounts": { "type": "integer" },
|
|
"MaxUserSessions": { "type": "integer" },
|
|
"MaxAgentSessions": { "type": "integer" },
|
|
"MaxSingleUserSessions": { "type": "integer" }
|
|
}
|
|
},
|
|
"amtAcmActivation": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"log": { "type": "string" },
|
|
"certs": {
|
|
"type": "object",
|
|
"additionalProperties": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"certfiles": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
|
|
"keyfile": { "type": "string" }
|
|
},
|
|
"required": [ "certfiles", "keyfile" ]
|
|
}
|
|
}
|
|
},
|
|
"required": [ "certs" ]
|
|
},
|
|
"redirects": {
|
|
"type": "object",
|
|
"additionalProperties": { "type": "string" }
|
|
},
|
|
"yubikey": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"id": { "type": "string" },
|
|
"secret": { "type": "string" },
|
|
"proxy": { "type": "string", "format": "uri" }
|
|
},
|
|
"required": [ "id", "secret" ]
|
|
},
|
|
"httpHeaders": { "type": "object", "additionalProperties": { "type": "string" } },
|
|
"agentConfig": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
|
|
"sessionRecording": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"filepath": { "type": "string" },
|
|
"index": { "type": "boolean", "default": false },
|
|
"maxRecordings": { "type": "integer" },
|
|
"maxRecordingSizeMegabytes": { "type": "integer" },
|
|
"protocols": { "type": "array", "uniqueItems": true, "items": { "type": "integer" } }
|
|
},
|
|
"required": [ "protocols" ]
|
|
},
|
|
"authStrategies": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"twitter": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"callbackurl": { "type": "string", "format": "uri" },
|
|
"newAccounts": { "type": "boolean", "default": false },
|
|
"newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
|
|
"clientid": { "type": "string" },
|
|
"clientsecret": { "type": "string" }
|
|
},
|
|
"required": [ "clientid", "clientsecret" ]
|
|
},
|
|
"google": {
|
|
"type": "object",
|
|
"properties": {
|
|
"callbackurl": { "type": "string", "format": "uri" },
|
|
"newAccounts": { "type": "boolean", "default": false },
|
|
"newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
|
|
"clientid": { "type": "string" },
|
|
"clientsecret": { "type": "string" }
|
|
},
|
|
"required": [ "clientid", "clientsecret" ]
|
|
},
|
|
"github": {
|
|
"type": "object",
|
|
"properties": {
|
|
"callbackurl": { "type": "string", "format": "uri" },
|
|
"newAccounts": { "type": "boolean", "default": false },
|
|
"newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
|
|
"clientid": { "type": "string" },
|
|
"clientsecret": { "type": "string" }
|
|
},
|
|
"required": [ "clientid", "clientsecret" ]
|
|
},
|
|
"reddit": {
|
|
"type": "object",
|
|
"properties": {
|
|
"callbackurl": { "type": "string", "format": "uri" },
|
|
"newAccounts": { "type": "boolean", "default": false },
|
|
"newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
|
|
"clientid": { "type": "string" },
|
|
"clientsecret": { "type": "string" }
|
|
},
|
|
"required": [ "clientid", "clientsecret" ]
|
|
},
|
|
"azure": {
|
|
"type": "object",
|
|
"properties": {
|
|
"callbackurl": { "type": "string", "format": "uri" },
|
|
"newAccounts": { "type": "boolean", "default": false },
|
|
"newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
|
|
"clientid": { "type": "string" },
|
|
"clientsecret": { "type": "string" },
|
|
"tenantid": { "type": "string" }
|
|
},
|
|
"required": [ "clientid", "clientsecret", "tenantid" ]
|
|
},
|
|
"jumpcloud": {
|
|
"type": "object",
|
|
"properties": {
|
|
"callbackurl": { "type": "string", "format": "uri" },
|
|
"newAccounts": { "type": "boolean", "default": false },
|
|
"newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
|
|
"entityid": { "type": "string" },
|
|
"idpurl": { "type": "string", "format": "uri" },
|
|
"cert": { "type": "string" }
|
|
},
|
|
"required": [ "entityid", "idpurl", "cert" ]
|
|
},
|
|
"saml": {
|
|
"type": "object",
|
|
"properties": {
|
|
"callbackurl": { "type": "string", "format": "uri" },
|
|
"disableRequestedAuthnContext": { "type": "boolean" },
|
|
"newAccounts": { "type": "boolean", "default": false },
|
|
"newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
|
|
"newAccountsRights": { "type": "array", "uniqueItems": true, "items": { "type": "string" } },
|
|
"entityid": { "type": "string" },
|
|
"idpurl": { "type": "string", "format": "uri" },
|
|
"cert": { "type": "string" }
|
|
},
|
|
"required": [ "entityid", "idpurl", "cert" ]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"letsEncrypt": {
|
|
"title" : "Built-in Let's Encrypt support",
|
|
"description": "If your server has a proper DNS name and it public facing on the Internet with a public facing HTTP server on port 80, you can get a free TLS certificate.",
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"email": { "type": "string", "format": "email", "description": "Email address of the administrator of this server. Make sure this is a valid email address otherwise the certificate request will fail." },
|
|
"names": { "type": "string" },
|
|
"production": { "type": "boolean", "default": false, "description": "By default a test certificate will be obtained from Let's Encrypt. Always start by getting a test certificate and make sure that works before setting this to true and obtaining a production certificaite. Making too many bad requests for a production certificate will get you banned for a long period of time." }
|
|
},
|
|
"required": [ "email", "names" ]
|
|
},
|
|
"peers": {
|
|
"title" : "Server peering",
|
|
"description": "Setup peer server for load-balancing between many servers.",
|
|
"type": "object",
|
|
"minProperties": 1,
|
|
"propertyNames": { "pattern": "^[A-Za-z_][A-Za-z0-9_]*$" },
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"serverId": { "type": "string" },
|
|
"servers": {
|
|
"type": "object",
|
|
"additionalProperties": {
|
|
"type": "object",
|
|
"properties": { "url": { "type": "string", "format": "uri" } },
|
|
"required": [ "url" ]
|
|
}
|
|
}
|
|
},
|
|
"required": [ "serverId", "servers" ]
|
|
},
|
|
"smtp": {
|
|
"title" : "Email server",
|
|
"description": "Connects MeshCentral to a email server, allows MeshCentral to send email messages for 2FA or user notification.",
|
|
"type": "object",
|
|
"properties": {
|
|
"host": { "type": "string", "format": "hostname" },
|
|
"port": { "type": "integer", "minimum": 1, "maximum": 65535 },
|
|
"from": { "type": "string", "format": "email" },
|
|
"tls": { "type": "boolean" },
|
|
"tlscertcheck": { "type": "boolean" },
|
|
"tlsstrict": { "type": "boolean" }
|
|
},
|
|
"required": [ "host", "port", "from", "tls" ]
|
|
},
|
|
"sms": {
|
|
"title" : "SMS provider",
|
|
"description": "Connects MeshCentral to a SMS text messaging provider, allows MeshCentral to send SMS messages for 2FA or user notification.",
|
|
"oneOf": [
|
|
{
|
|
"type": "object",
|
|
"properties": {
|
|
"provider": { "type": "string", "enum": [ "twilio" ] },
|
|
"sid": { "type": "string" },
|
|
"auth": { "type": "string" },
|
|
"from": { "type": "string" }
|
|
},
|
|
"required": [ "provider", "sid", "auth", "from" ]
|
|
},
|
|
{
|
|
"type": "object",
|
|
"properties": {
|
|
"provider": { "type": "string", "enum": [ "plivo" ] },
|
|
"id": { "type": "string" },
|
|
"token": { "type": "string" },
|
|
"from": { "type": "string" }
|
|
},
|
|
"required": [ "provider", "id", "token", "from" ]
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"required": [ "settings", "domains" ]
|
|
}
|