Skip to content

Instantly share code, notes, and snippets.

@Snuupy
Last active October 11, 2020 19:12
Show Gist options
  • Save Snuupy/6f34f26b5c27a39f8ec1e17da30c5529 to your computer and use it in GitHub Desktop.
Save Snuupy/6f34f26b5c27a39f8ec1e17da30c5529 to your computer and use it in GitHub Desktop.
meshcentral docker-compose
// add the following to your ./deploy/config.json:
{
"settings": {
"cert": "meshcentral.domain.tld",
"WANonly": true,
"port": 9031,
"aliasPort": 443,
"redirPort": 9030,
"redirAliasPort": 80,
"tlsOffload": "127.0.0.1",
"mpsPort": 9032,
"mpsAliasPort": 4433,
"mpsTlsOffload": true,
"WebRTC": true,
"webrtcConfig": {
"iceServers": [
{ "urls": "stun:stun.services.mozilla.org" },
{ "urls": "stun:stun.l.google.com:19302" }
]
}
},
"domains": {
"": {
"userNameIsEmail": true,
"certUrl": "https://meshcentral.domain.tld"
}
},
"smtp": {
"host": "smtp.domain.tld",
"port": 587,
"from": "[email protected]",
"user": "",
"pass": "",
"tls": true
}
}
version: "3"
services:
meshcentral:
image: "username/meshcentral2:v0.6.43"
build: .
restart: "unless-stopped"
ulimits:
nofile:
soft: 800000
hard: 1000000
volumes:
- "./deploy/meshcentral-data:/meshcentral/meshcentral-data"
- "./deploy/meshcentral-files:/meshcentral/meshcentral-files"
- "./deploy/meshcentral-backup:/meshcentral/meshcentral-backup"
- "./deploy/meshcentral-web:/meshcentral/meshcentral-web"
ports:
- "127.0.0.1:9030:9030"
- "127.0.0.1:9031:9031"
- "127.0.0.1:9032:9032"
FROM node:alpine
ARG MESHCENTRAL2_VERSION="0.6.43"
WORKDIR /meshcentral
ENV NODE_ENV=production
RUN apk update
RUN npm install meshcentral@${MESHCENTRAL2_VERSION}
RUN npm install --no-optional --save archiver otplib image-size node-rdpjs-2 archiver-zip-encrypted
EXPOSE 80 443 4443
ENTRYPOINT node "./node_modules/meshcentral"
# nginx file for meshcentral in /etc/nginx/sites-enabled/meshcentral.domain.tld
server {
listen 80;
server_name meshcentral.domain.tld *.meshcentral.domain.tld;
return 301 https://$host$request_uri; # redirect http to https
}
server {
listen 443 ssl http2;
server_name meshcentral.domain.tld *.meshcentral.domain.tld;
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem; # managed by Certbot
port_in_redirect off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_send_timeout 330s;
proxy_read_timeout 330s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
location / {
client_max_body_size 1G;
proxy_pass http://127.0.0.1:9031;
}
}
# mps doesn't work unless you have a CIRA cert
# stream {
# upstream mpsservers {
# server 127.0.0.1:9032 max_fails=3 fail_timeout=30s;
# }
# ssl_certificate /root/docker-meshcentral/deploy/meshcentral-data/webserver-cert-public.crt;
# ssl_certificate_key /root/docker-meshcentral/deploy/meshcentral-data/mpsserver-cert-private.key;
# server {
# listen 4433 ssl;
# proxy_pass mpsservers;
# proxy_next_upstream on;
# }
# }
@Snuupy
Copy link
Author

Snuupy commented Oct 11, 2020

webrtc:
0.6.16: works
0.6.33: works
0.6.41: works
0.6.43: works
0.6.44: Error: No connection key specified.
0.6.45: Error: No connection key specified.
0.6.48: Error: No connection key specified.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment