mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-25 22:55:52 -05:00
519 lines
18 KiB
JSON
519 lines
18 KiB
JSON
{
|
|
"$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
|
|
"__comment__": "This is a sample configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
|
|
"settings": {
|
|
"_cert": "myserver.mydomain.com",
|
|
"_mongoDb": "mongodb://127.0.0.1:27017",
|
|
"_mongoDbName": "meshcentral",
|
|
"_mongoDbChangeStream": true,
|
|
"_WANonly": true,
|
|
"_LANonly": true,
|
|
"_sessionKey": "MyReallySecretPassword1",
|
|
"_sessionSameSite": "strict",
|
|
"_certificatePrivateKeyPassword": [ "password1", "password2" ],
|
|
"_dbEncryptKey": "MyReallySecretPassword2",
|
|
"_dbRecordsEncryptKey": "MyReallySecretPassword",
|
|
"_dbRecordsDecryptKey": "MyReallySecretPassword",
|
|
"__dbExpire": "Amount of time to keep various events in the database, in seconds. Below are the default values.",
|
|
"_dbExpire": {
|
|
"events": 1728000,
|
|
"powerevents": 864000,
|
|
"statsevents": 2592000
|
|
},
|
|
"port": 443,
|
|
"_portBind": "127.0.0.1",
|
|
"_aliasPort": 444,
|
|
"_redirPort": 80,
|
|
"_redirPortBind": "127.0.0.1",
|
|
"_redirAliasPort": 80,
|
|
"_agentPort": 1234,
|
|
"_agentPortBind": "127.0.0.1",
|
|
"_agentAliasPort": 1234,
|
|
"_agentAliasDNS": "agents.myserver.mydomain.com",
|
|
"_agentPortTls": true,
|
|
"_exactPorts": true,
|
|
"_allowLoginToken": true,
|
|
"_allowFraming": true,
|
|
"_cookieIpCheck": false,
|
|
"_cookieEncoding": "hex",
|
|
"_compression": true,
|
|
"_wscompression": false,
|
|
"_agentwscompression": true,
|
|
"_agentsInRam": false,
|
|
"_webRTC": false,
|
|
"_nice404": false,
|
|
"_selfUpdate": true,
|
|
"_browserPing": 60,
|
|
"_browserPong": 60,
|
|
"_agentPing": 60,
|
|
"_agentPong": 60,
|
|
"_agentIdleTimeout": 150,
|
|
"_meshErrorLogPath": "c:\\tmp",
|
|
"_npmPath": "c:\\npm.exe",
|
|
"_npmProxy": "http://1.2.3.4:80",
|
|
"_allowHighQualityDesktop": true,
|
|
"_webPush": { "email": "xxxxx@xxxxx.com" },
|
|
"_publicPushNotifications": true,
|
|
"_desktopMultiplex": true,
|
|
"_userAllowedIP": "127.0.0.1,192.168.1.0/24",
|
|
"_userBlockedIP": "127.0.0.1,::1,192.168.0.100",
|
|
"_agentAllowedIP": "192.168.0.100/24",
|
|
"_agentBlockedIP": "127.0.0.1,::1",
|
|
"_authLog": "c:\\temp\\auth.log",
|
|
"_InterUserMessaging": [ "user//admin" ],
|
|
"_manageAllDeviceGroups": [ "user//admin" ],
|
|
"_manageCrossDomain": [ "user//admin" ],
|
|
"_localDiscovery": {
|
|
"name": "Local server name",
|
|
"info": "Information about this server"
|
|
},
|
|
"_tlsOffload": "127.0.0.1,::1",
|
|
"_trustedProxy": "127.0.0.1,::1",
|
|
"_mpsPort": 44330,
|
|
"_mpsPortBind": "127.0.0.1",
|
|
"_mpsAliasPort": 4433,
|
|
"_mpsAliasHost": "mps.mydomain.com",
|
|
"_mpsTlsOffload": true,
|
|
"_no2FactorAuth": true,
|
|
"_runOnServerStarted": "c:\\tmp\\mcstart.bat",
|
|
"_runOnServerUpdated": "c:\\tmp\\mcupdate.bat",
|
|
"_runOnServerError": "c:\\tmp\\mcerror.bat",
|
|
"_log": "main,web,webrequest,cert",
|
|
"_syslog": "meshcentral",
|
|
"_syslogauth": "meshcentral-auth",
|
|
"_syslogjson": "meshcentral-json",
|
|
"_syslogtcp": "localhost:514",
|
|
"_webrtcConfig": {
|
|
"iceServers": [
|
|
{ "urls": "stun:stun.services.mozilla.com" },
|
|
{ "urls": "stun:stun.l.google.com:19302" }
|
|
]
|
|
},
|
|
"_autoBackup": {
|
|
"_mongoDumpPath": "C:\\Program Files\\MongoDB\\Server\\4.2\\bin\\mongodump.exe",
|
|
"backupIntervalHours": 24,
|
|
"keepLastDaysBackup": 10,
|
|
"zipPassword": "MyReallySecretPassword3",
|
|
"_backupPath": "C:\\backups",
|
|
"_googleDrive": {
|
|
"folderName": "MeshCentral-Backups",
|
|
"maxFiles": 10
|
|
},
|
|
"webdav": {
|
|
"url": "https://server/remote.php/dav/files/xxxxx@server.com/",
|
|
"username": "user",
|
|
"password": "pass",
|
|
"folderName": "MeshCentral-Backups",
|
|
"maxFiles": 10
|
|
}
|
|
},
|
|
"_redirects": {
|
|
"meshcommander": "https://www.meshcommander.com/"
|
|
},
|
|
"__maxInvalidLogin": "Time in minutes, max amount of bad logins from a source IP in the time before logins are rejected.",
|
|
"_maxInvalidLogin": {
|
|
"time": 10,
|
|
"count": 10,
|
|
"coolofftime": 10
|
|
},
|
|
"__maxInvalid2fa": "Time in minutes, max amount of bad two-factor authentication from a source IP in the time before 2FA's are rejected.",
|
|
"_maxInvalid2fa": {
|
|
"time": 10,
|
|
"count": 10,
|
|
"coolofftime": 10
|
|
},
|
|
"watchDog": { "interval": 100, "timeout": 400 },
|
|
"_AmtProvisioningServer": {
|
|
"port": 9971,
|
|
"deviceGroup": "mesh//xxxxxxxxxxxxxxxxxxxxx",
|
|
"newMebxPassword": "amtpassword",
|
|
"trustedFqdn": "sample.com",
|
|
"ip": "192.168.1.1"
|
|
},
|
|
"_plugins": { "enabled": true }
|
|
},
|
|
"_domaindefaults": {
|
|
"__comment__": "Any settings in this section is used as default setting for all domains",
|
|
"title": "MyDefaultTitle",
|
|
"footer": "Default page footer",
|
|
"newAccounts": false
|
|
},
|
|
"domains": {
|
|
"": {
|
|
"_siteStyle": 2,
|
|
"title": "MyServer",
|
|
"title2": "Servername",
|
|
"_titlePicture": "title-sample.png",
|
|
"_loginPicture": "title-sample.png",
|
|
"_userQuota": 1048576,
|
|
"_meshQuota": 248576,
|
|
"minify": true,
|
|
"_guestDeviceSharing" : false,
|
|
"_AutoRemoveInactiveDevices": 37,
|
|
"_DeviceSearchBarServerAndClientName": false,
|
|
"_loginKey": [ "abc", "123" ],
|
|
"_agentKey": [ "abc", "123" ],
|
|
"_newAccounts": true,
|
|
"_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
|
|
"_userNameIsEmail": true,
|
|
"_newAccountEmailDomains": [ "sample.com" ],
|
|
"_newAccountsRights": [ "nonewgroups", "notools" ],
|
|
"_welcomeText": "Sample Text on Login Page.",
|
|
"_welcomePicture": "mainwelcome.jpg",
|
|
"_welcomePictureFullScreen": false,
|
|
"_meshMessengerTitle": "MeshMessenger",
|
|
"_meshMessengerPicture": "messenger.png",
|
|
"___hide__": "Sum of: 1 = Hide header, 2 = Hide tab, 4 = Hide footer, 8 = Hide title, 16 = Hide left bar, 32 = Hide back buttons",
|
|
"_hide": 4,
|
|
"_footer": "<a href='https://twitter.com/mytwitter'>Twitter</a>",
|
|
"_loginfooter": "This is a private server.",
|
|
"_certUrl": "https://192.168.2.106:443/",
|
|
"_altMessenging": {
|
|
"name": "Jitsi",
|
|
"url": "https://meet.jit.si/myserver-{0}"
|
|
},
|
|
"_deviceMeshRouterLinks": {
|
|
"rdp": true,
|
|
"ssh": true,
|
|
"scp": true,
|
|
"extralinks": [
|
|
{
|
|
"name": "HTTP",
|
|
"protocol": "http",
|
|
"port": 80,
|
|
"_ip": "192.168.1.100",
|
|
"_filter": [ "mesh/(domainid)/(meshid)", "node/(domainid)/(nodeid)" ]
|
|
},
|
|
{
|
|
"name": "HTTPS",
|
|
"protocol": "https",
|
|
"port": 443
|
|
}
|
|
]
|
|
},
|
|
"PreconfiguredRemoteInput": [
|
|
{
|
|
"name": "CompagnyUrl",
|
|
"value": "https://help.mycompany.com/"
|
|
},
|
|
{
|
|
"name": "Any Text",
|
|
"value": "Any text\r"
|
|
},
|
|
{
|
|
"name": "Welcome",
|
|
"value": "Default welcome text"
|
|
}
|
|
],
|
|
"myServer": {
|
|
"Backup": false,
|
|
"Restore": false,
|
|
"Upgrade": false,
|
|
"ErrorLog": false,
|
|
"Console": false,
|
|
"Trace": false
|
|
},
|
|
"_passwordRequirements": {
|
|
"min": 8,
|
|
"max": 128,
|
|
"upper": 1,
|
|
"lower": 1,
|
|
"numeric": 1,
|
|
"nonalpha": 1,
|
|
"reset": 90,
|
|
"force2factor": true,
|
|
"skip2factor": "127.0.0.1,192.168.2.0/24",
|
|
"oldPasswordBan": 5,
|
|
"banCommonPasswords": false,
|
|
"twoFactorTimeout": 300
|
|
},
|
|
"_twoFactorCookieDurationDays": 30,
|
|
"_agentInviteCodes": true,
|
|
"_agentNoProxy": true,
|
|
"_geoLocation": true,
|
|
"_novnc": false,
|
|
"_mstsc": true,
|
|
"_ssh": true,
|
|
"_WebEmailsPath": "/myserver/email-templates",
|
|
"_consentMessages": {
|
|
"title": "MeshCentral",
|
|
"desktop": "{0} requesting remote desktop access. Grant access?",
|
|
"terminal": "{0} requesting remote terminal access. Grant access?",
|
|
"files": "{0} requesting remote files access. Grant access?",
|
|
"consentTimeout": 30,
|
|
"autoAcceptOnTimeout": false
|
|
},
|
|
"_notificationMessages": {
|
|
"title": "MeshCentral",
|
|
"desktop": "{0} started a remote desktop session.",
|
|
"terminal": "{0} started a remote terminal session.",
|
|
"files": "{0} started a remote files session."
|
|
},
|
|
"_agentCustomization": {
|
|
"displayName": "Company® Product™",
|
|
"description": "Company® Product™ agent for remote monitoring, management and assistance.",
|
|
"companyName": "Company®",
|
|
"serviceName": "companyagent",
|
|
"image": "agent-logo.png",
|
|
"fileName": "compagnyagent"
|
|
},
|
|
"_assistantCustomization": {
|
|
"title": "Company® Product™",
|
|
"image": "assistant-logo.png",
|
|
"fileName": "compagny"
|
|
},
|
|
"_androidCustomization": {
|
|
"title": "Company® Product™",
|
|
"subtitle": "Product Subtitle™",
|
|
"image": "assistant-logo.png"
|
|
},
|
|
"_userAllowedIP": "127.0.0.1,192.168.1.0/24",
|
|
"_userBlockedIP": "127.0.0.1,::1,192.168.0.100",
|
|
"_agentAllowedIP": "192.168.0.100/24",
|
|
"_agentBlockedIP": "127.0.0.1,::1",
|
|
"_orphanAgentUser": "admin",
|
|
"___userSessionIdleTimeout__": "Number of user idle minutes before auto-disconnect",
|
|
"_userSessionIdleTimeout": 30,
|
|
"userConsentFlags": {
|
|
"desktopnotify": true,
|
|
"terminalnotify": true,
|
|
"filenotify": true,
|
|
"desktopprompt": true,
|
|
"terminalprompt": true,
|
|
"fileprompt": true,
|
|
"desktopprivacybar": true
|
|
},
|
|
"_urlSwitching": false,
|
|
"_desktopPrivacyBarText": "Privacy bar: {0}, {1}",
|
|
"_limits": {
|
|
"_maxDevices": 100,
|
|
"_maxUserAccounts": 100,
|
|
"_maxUserSessions": 100,
|
|
"_maxAgentSessions": 100,
|
|
"maxSingleUserSessions": 10
|
|
},
|
|
"_terminal": {
|
|
"_linuxshell": "login",
|
|
"launchCommand": {
|
|
"linux": "clear\necho \"Hello Linux\"\n",
|
|
"darwin": "clear\necho \"Hello MacOS\"\n",
|
|
"freebsd": "clear\necho \"Hello FreeBSD\"\n"
|
|
}
|
|
},
|
|
"_amtScanOptions": [
|
|
"LabNetwork 192.168.15.0/23",
|
|
"SalesNetwork 192.168.8.0/24"
|
|
],
|
|
"_amtAcmActivation": {
|
|
"log": "amtactivation.log",
|
|
"certs": {
|
|
"mycertname": {
|
|
"certfiles": [ "amtacm-leafcert.crt", "amtacm-intermediate1.crt", "amtacm-intermediate2.crt", "amtacm-rootcert.crt" ],
|
|
"keyfile": "amtacm-leafcert.key"
|
|
}
|
|
}
|
|
},
|
|
"_amtManager": {
|
|
"adminAccounts": [{ "user": "admin", "pass": "MyP@ssw0rd" }],
|
|
"environmentDetection": [ "domain1.com", "domain2.com", "domain3.com", "domain4.com" ],
|
|
"wifiProfiles": [
|
|
{
|
|
"name": "Profile1",
|
|
"ssid": "MyStation1",
|
|
"authentication": "wpa2-psk",
|
|
"encryption": "ccmp-aes",
|
|
"password": "MyP@ssw0rd"
|
|
}
|
|
]
|
|
},
|
|
"_redirects": {
|
|
"meshcommander": "https://www.meshcommander.com/"
|
|
},
|
|
"_yubikey": {
|
|
"id": "0000",
|
|
"secret": "xxxxxxxxxxxxxxxxxxxxx",
|
|
"_proxy": "http://myproxy.domain.com:80"
|
|
},
|
|
"_httpHeaders": {
|
|
"Strict-Transport-Security": "max-age=360000",
|
|
"x-frame-options": "SAMEORIGIN"
|
|
},
|
|
"_agentConfig": [ "webSocketMaskOverride=1", "coreDumpEnabled=1" ],
|
|
"_assistantConfig": [ "disableUpdate=1" ],
|
|
"_sessionRecording": {
|
|
"_onlySelectedUsers": true,
|
|
"_onlySelectedUserGroups": true,
|
|
"_onlySelectedDeviceGroups": true,
|
|
"_filepath": "C:\\temp",
|
|
"_index": true,
|
|
"_maxRecordings": 10,
|
|
"_maxRecordingDays": 15,
|
|
"_maxRecordingSizeMegabytes": 3,
|
|
"__protocols__": "Is an array: 1 = Terminal, 2 = Desktop, 5 = Files, 100 = Intel AMT WSMAN, 101 = Intel AMT Redirection, 200 = Messenger",
|
|
"protocols": [ 1, 2, 101 ]
|
|
},
|
|
"_authStrategies": {
|
|
"__comment__": "This section is used to allow users to login using other accounts. You will need to get an API key from the services and register callback URL's",
|
|
"twitter": {
|
|
"_callbackurl": "https://server/auth-twitter-callback",
|
|
"newAccounts": true,
|
|
"_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
|
|
"clientid": "xxxxxxxxxxxxxxxxxxxxxxx",
|
|
"clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
|
|
},
|
|
"google": {
|
|
"_callbackurl": "https://server/auth-google-callback",
|
|
"newAccounts": true,
|
|
"_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
|
|
"clientid": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com",
|
|
"clientsecret": "xxxxxxxxxxxxxxxxxxxxxxx"
|
|
},
|
|
"github": {
|
|
"_callbackurl": "https://server/auth-github-callback",
|
|
"newAccounts": true,
|
|
"_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
|
|
"clientid": "xxxxxxxxxxxxxxxxxxxxxxx",
|
|
"clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
|
|
},
|
|
"reddit": {
|
|
"_callbackurl": "https://server/auth-reddit-callback",
|
|
"newAccounts": true,
|
|
"_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
|
|
"clientid": "xxxxxxxxxxxxxxxxxxxxxxx",
|
|
"clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
|
|
},
|
|
"azure": {
|
|
"_callbackurl": "https://server/auth-azure-callback",
|
|
"newAccounts": true,
|
|
"_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
|
|
"clientid": "00000000-0000-0000-0000-000000000000",
|
|
"clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
|
|
"tenantid": "00000000-0000-0000-0000-000000000000"
|
|
},
|
|
"jumpcloud": {
|
|
"_callbackurl": "https://server/auth-jumpcloud-callback",
|
|
"newAccounts": true,
|
|
"_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
|
|
"entityid": "meshcentral",
|
|
"idpurl": "https://sso.jumpcloud.com/saml2/saml2",
|
|
"cert": "jumpcloud-saml.pem"
|
|
},
|
|
"saml": {
|
|
"_callbackurl": "https://server/auth-saml-callback",
|
|
"_disableRequestedAuthnContext": true,
|
|
"newAccounts": true,
|
|
"_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
|
|
"_newAccountsRights": [ "nonewgroups", "notools" ],
|
|
"entityid": "meshcentral",
|
|
"idpurl": "https://server/saml2",
|
|
"cert": "saml.pem"
|
|
},
|
|
"oidc": {
|
|
"authorizationURL": "https://sso.server.com/api/oidc/authorization",
|
|
"callbackURL": "https://mesh.server.com/oidc-callback",
|
|
"clientid": "00000000-0000-0000-0000-000000000000",
|
|
"clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
|
|
"issuer": "https://sso.server.com",
|
|
"tokenURL": "https://sso.server.com/api/oidc/token",
|
|
"userInfoURL": "https://sso.server.com/api/oidc/userinfo",
|
|
"logoutURL": "https://sso.server.com/logout",
|
|
"newAccounts": true
|
|
}
|
|
}
|
|
},
|
|
"_customer1": {
|
|
"_dns": "customer1.myserver.com",
|
|
"_title": "Customer1",
|
|
"_title2": "TestServer",
|
|
"_newAccounts": 1,
|
|
"_auth": "sspi",
|
|
"__auth": "ldap",
|
|
"_LDAPUserName": "gecos",
|
|
"_LDAPUserKey": "uid",
|
|
"_LDAPUserEmail": "otherMail",
|
|
"_LDAPPptions": {
|
|
"url": "test",
|
|
"anne": {
|
|
"gecos": "Anne O'Nyme",
|
|
"displayName": "O Nyme anne",
|
|
"uid": "anneonyme",
|
|
"mail": "anneonyme@example.com",
|
|
"email": "anneonyme@example.com",
|
|
"otherMail": [ "other.anneonyme@example.com", "anneonyme@example.com" ]
|
|
},
|
|
"so": {
|
|
"displayName": "Sticker Sophie",
|
|
"gecos": "Sophie Sticker",
|
|
"uid": "ssticker",
|
|
"mail": "ssticker@example.com",
|
|
"email": "ssticker@example.com",
|
|
"otherMail": [ "other.ssticker@example.com", "ssticker@example.com" ]
|
|
}
|
|
},
|
|
"__LDAPOptions": {
|
|
"URL": "ldap://1.2.3.4:389",
|
|
"BindDN": "CN=svc_meshcentral,CN=Users,DC=meshcentral,DC=local",
|
|
"BindCredentials": "Password.1",
|
|
"SearchBase": "DC=meshcentral,DC=local",
|
|
"SearchFilter": "(sAMAccountName={{username}})"
|
|
},
|
|
"_footer": "Test",
|
|
"_certUrl": "https://192.168.2.106:443/"
|
|
},
|
|
"_info": {
|
|
"_share": "C:\\ExtraWebSite"
|
|
}
|
|
},
|
|
"_letsencrypt": {
|
|
"__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.",
|
|
"email": "myemail@myserver.com",
|
|
"names": "myserver.com,customer1.myserver.com",
|
|
"skipChallengeVerification": false,
|
|
"production": false
|
|
},
|
|
"_peers": {
|
|
"serverId": "server1",
|
|
"servers": {
|
|
"server1": { "url": "wss://192.168.2.133:443/" },
|
|
"server2": { "url": "wss://192.168.1.106:443/" }
|
|
}
|
|
},
|
|
"_smtp": {
|
|
"host": "smtp.myserver.com",
|
|
"port": 25,
|
|
"from": "myemail@myserver.com",
|
|
"__tls__": "When 'tls' is set to true, TLS is used immidiatly when connecting. For SMTP servers that use TLSSTART, set this to 'false' and TLS will still be used.",
|
|
"tls": false,
|
|
"___tlscertcheck__": "When set to false, the TLS certificate of the SMTP server is not checked.",
|
|
"_tlscertcheck": false,
|
|
"__tlsstrict__": "When set to true, TLS cypher setup is more limited, SSLv2 and SSLv3 are not allowed.",
|
|
"_tlsstrict": true
|
|
},
|
|
"_sendgrid": {
|
|
"from": "myemail@myserver.com",
|
|
"apikey": "***********"
|
|
},
|
|
"_sendmail": {
|
|
"newline": "unix",
|
|
"path": "/usr/sbin/sendmail",
|
|
"_args": [ "-f", "foo@example.com" ]
|
|
},
|
|
"_sms": {
|
|
"provider": "twilio",
|
|
"sid": "ACxxxxxxxxx",
|
|
"auth": "xxxxxxx",
|
|
"from": "+1-555-555-5555"
|
|
},
|
|
"__sms": {
|
|
"provider": "plivo",
|
|
"id": "xxxxxxx",
|
|
"token": "xxxxxxx",
|
|
"from": "1-555-555-5555"
|
|
},
|
|
"___sms": {
|
|
"provider": "telnyx",
|
|
"apikey": "xxxxxxx",
|
|
"from": "1-555-555-5555"
|
|
}
|
|
}
|