meshcentral docker-compose

config.json

// add the following to your ./deploy/config.json:

{
  "settings": {
    "cert": "meshcentral.domain.tld",
    "WANonly": true,
    "port": 9031,
    "aliasPort": 443,
    "redirPort": 9030,
    "redirAliasPort": 80,
    "tlsOffload": "127.0.0.1",
    "mpsPort": 9032,
    "mpsAliasPort": 4433,
    "mpsTlsOffload": true,
    "WebRTC": true,
    "webrtcConfig": {
      "iceServers": [
        { "urls": "stun:stun.services.mozilla.org" },
        { "urls": "stun:stun.l.google.com:19302" }
      ]
    }
  },
  "domains": {
    "": {
      "userNameIsEmail": true,
      "certUrl": "https://meshcentral.domain.tld"
    }
  },
  "smtp": {
    "host": "smtp.domain.tld",
    "port": 587,
    "from": "[email protected]",
    "user": "",
    "pass": "",
    "tls": true
  }
}

docker-compose.yml

version: "3"

services:
  meshcentral:
    image: "username/meshcentral2:v0.6.43"
    build: .
    restart: "unless-stopped"
    ulimits:
      nofile:
        soft: 800000
        hard: 1000000
    volumes:
      - "./deploy/meshcentral-data:/meshcentral/meshcentral-data"
      - "./deploy/meshcentral-files:/meshcentral/meshcentral-files"
      - "./deploy/meshcentral-backup:/meshcentral/meshcentral-backup"
      - "./deploy/meshcentral-web:/meshcentral/meshcentral-web"
    ports:
      - "127.0.0.1:9030:9030"
      - "127.0.0.1:9031:9031"
      - "127.0.0.1:9032:9032"

Dockerfile

FROM node:alpine

ARG MESHCENTRAL2_VERSION="0.6.43"
WORKDIR /meshcentral
ENV NODE_ENV=production
RUN apk update
RUN npm install meshcentral@${MESHCENTRAL2_VERSION}
RUN npm install --no-optional --save archiver otplib image-size node-rdpjs-2 archiver-zip-encrypted

EXPOSE 80 443 4443

ENTRYPOINT node "./node_modules/meshcentral"

meshcentral.domain.tld

# nginx file for meshcentral in /etc/nginx/sites-enabled/meshcentral.domain.tld

server {
    listen 80;
    server_name meshcentral.domain.tld *.meshcentral.domain.tld;
    return 301 https://$host$request_uri;  # redirect http to https
}

server {
    listen 443 ssl http2;
    server_name meshcentral.domain.tld *.meshcentral.domain.tld;

    ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem; # managed by Certbot

    port_in_redirect off;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_send_timeout 330s;
    proxy_read_timeout 330s;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Protocol $scheme;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    location / {
        client_max_body_size 1G;
        proxy_pass  http://127.0.0.1:9031;
    }
}

# mps doesn't work unless you have a CIRA cert

# stream {
#     upstream mpsservers {
#         server 127.0.0.1:9032 max_fails=3 fail_timeout=30s;
#     }
#     ssl_certificate /root/docker-meshcentral/deploy/meshcentral-data/webserver-cert-public.crt;
#     ssl_certificate_key /root/docker-meshcentral/deploy/meshcentral-data/mpsserver-cert-private.key;
#     server {
#         listen 4433 ssl;
#         proxy_pass mpsservers;
#         proxy_next_upstream on;
#     }
# }

webrtc:
0.6.16: works
0.6.33: works
0.6.41: works
0.6.43: works
0.6.44: Error: No connection key specified.
0.6.45: Error: No connection key specified.
0.6.48: Error: No connection key specified.