├── .github └── workflows │ └── main.yml ├── README.md ├── builds ├── mongoDB │ ├── Dockerfile │ ├── config.json.template │ └── startup.sh └── regular │ ├── Dockerfile │ ├── config.json.template │ └── startup.sh ├── docker-compose-mongodb.yml └── docker-compose.yml /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | name: Build Images 2 | 3 | on: 4 | schedule: 5 | - cron: "0 16 * * 6" 6 | workflow_dispatch: 7 | 8 | jobs: 9 | build: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: checout code 13 | uses: actions/checkout@v2 14 | - name: Setup node 15 | uses: actions/setup-node@v3 16 | with: 17 | node-version: 20.x 18 | - name: install buildx 19 | id: buildx 20 | uses: crazy-max/ghaction-docker-buildx@v1 21 | with: 22 | version: latest 23 | - name: login to dockerhub 24 | run: echo "${{ secrets.DOCKERHUB_KEY }}" | docker login -u "${{ secrets.DOCKERHUB_USER }}" --password-stdin 25 | - name: login to github 26 | run: echo "${{ secrets.GHCR_KEY }}" | docker login ghcr.io -u "${{ secrets.DOCKERHUB_USER }}" --password-stdin 27 | - name: build regular images 28 | run: | 29 | docker buildx build --build-arg PREINSTALL_LIBS=false --push \ 30 | --tag typhonragewind/meshcentral:latest \ 31 | --tag typhonragewind/meshcentral:$(npm show meshcentral version) \ 32 | --tag ghcr.io/typhonragewind/meshcentral:latest \ 33 | --tag ghcr.io/typhonragewind/meshcentral:$(npm show meshcentral version) \ 34 | --platform linux/amd64,linux/arm/v7,linux/arm64 ./builds/regular/ 35 | - name: build mongodb images 36 | run: | 37 | docker buildx build --build-arg PREINSTALL_LIBS=false --push \ 38 | --tag typhonragewind/meshcentral:mongodb-latest \ 39 | --tag typhonragewind/meshcentral:mongodb-$(npm show meshcentral version) \ 40 | --tag ghcr.io/typhonragewind/meshcentral:mongodb-latest \ 41 | --tag ghcr.io/typhonragewind/meshcentral:mongodb-$(npm show meshcentral version) \ 42 | --platform linux/amd64,linux/arm64 ./builds/mongoDB/ 43 | - name: build regular images with preloaded libs 44 | run: | 45 | docker buildx build --build-arg PREINSTALL_LIBS=true --push \ 46 | --tag typhonragewind/meshcentral:preloadlibs-latest \ 47 | --tag typhonragewind/meshcentral:preloadlibs-$(npm show meshcentral version) \ 48 | --tag ghcr.io/typhonragewind/meshcentral:preloadlibs-latest \ 49 | --tag ghcr.io/typhonragewind/meshcentral:preloadlibs-$(npm show meshcentral version) \ 50 | --platform linux/amd64,linux/arm/v7,linux/arm64 ./builds/regular/ 51 | - name: build mongodb images with preloaded libs 52 | run: | 53 | docker buildx build --build-arg PREINSTALL_LIBS=true --push \ 54 | --tag typhonragewind/meshcentral:preloadlibs-mongodb-latest \ 55 | --tag typhonragewind/meshcentral:preloadlibs-mongodb-$(npm show meshcentral version) \ 56 | --tag ghcr.io/typhonragewind/meshcentral:preloadlibs-mongodb-latest \ 57 | --tag ghcr.io/typhonragewind/meshcentral:preloadlibs-mongodb-$(npm show meshcentral version) \ 58 | --platform linux/amd64,linux/arm64 ./builds/mongoDB/ 59 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Meshcentral-Docker 2 | ![Docker Pulls](https://img.shields.io/docker/pulls/typhonragewind/meshcentral?style=flat-square) 3 | ![Docker Image Size (latest by date)](https://img.shields.io/docker/image-size/typhonragewind/meshcentral?style=flat-square) 4 | 5 | ## About 6 | This is my implementation of the amazing MeshCentral software (https://github.com/Ylianst/MeshCentral) on a docker image, with some minor QOL settings to make it easier to setup. 7 | 8 | While easier to setup and get up and running, you should still peer through the very informative official guides: 9 | 10 | https://meshcentral.com/info/docs/MeshCentral2InstallGuide.pdf 11 | 12 | https://meshcentral.com/info/docs/MeshCentral2UserGuide.pdf 13 | 14 | ## Disclaimer 15 | 16 | This image is targeted for self-hosting and small environments. The regular image does **not** make use of a specialized database solution (MongoDB) and as such, per official documentation is not recommended for environments for over 100 devices. 17 | 18 | ## Installation 19 | 20 | The preferred method to get this image up and running is through the use of *docker-compose* (examples below). 21 | 22 | By filling out some of the options in the environment variables in the docker compose you can define some initial meshcentral settings and have it up and ready in no time. If you'd like to include settings not supported by the docker-compose file, you can also edit the config.json to your liking (you should really check the User's Guide for this) and place it in the meshcentral-data folder **before** initializing the container. 23 | 24 | Updating settings is also easy after having the container initialized if you change your mind or want to tweak things. Just edit meshcentral-data/config.json and restart the container. 25 | 26 | docker-compose.yml example: 27 | ```yaml 28 | version: '3' 29 | services: 30 | meshcentral: 31 | restart: always 32 | container_name: meshcentral 33 | image: typhonragewind/meshcentral:latest 34 | ports: 35 | - 8086:443 #MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs 36 | environment: 37 | - HOSTNAME=my.domain.com #your hostname 38 | - REVERSE_PROXY=false #set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy 39 | - REVERSE_PROXY_TLS_PORT= 40 | - IFRAME=false #set to true if you wish to enable iframe support 41 | - ALLOW_NEW_ACCOUNTS=true #set to false if you want disable self-service creation of new accounts besides the first (admin) 42 | - WEBRTC=false #set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution 43 | - BACKUPS_PW=MyAwesomePasswordPleaseChangeMe #password for the autobackup function 44 | - BACKUP_INTERVAL=24 # Interval in hours for the autobackup function 45 | - BACKUP_KEEP_DAYS=10 #number of days of backups the function keeps 46 | volumes: 47 | - ./meshcentral/data:/opt/meshcentral/meshcentral-data #config.json and other important files live here. A must for data persistence 48 | - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files #where file uploads for users live 49 | - ./meshcentral/backups:/opt/meshcentral/meshcentral-backups #Backups location 50 | ``` 51 | 52 | As per multiple requests and @mwllgr and @originaljay contributions, this image can be used with MongoDB using the following docker-compose.yml: 53 | 54 | ```yaml 55 | version: '3' 56 | services: 57 | mongodb: 58 | container_name: meshcentral_db 59 | restart: always 60 | image: mongo:latest 61 | expose: 62 | - 27017 63 | volumes: 64 | - '/opt/meshcentral/database:/data/db' 65 | meshcentral: 66 | restart: always 67 | container_name: meshcentral 68 | depends_on: 69 | - 'mongodb' 70 | image: typhonragewind/meshcentral:mongodb-latest 71 | ports: 72 | - 8086:443 #MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs 73 | environment: 74 | - HOSTNAME=my.domain.com #your hostname 75 | - REVERSE_PROXY=false #set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy 76 | - REVERSE_PROXY_TLS_PORT=443 77 | - IFRAME=false #set to true if you wish to enable iframe support 78 | - ALLOW_NEW_ACCOUNTS=true #set to false if you want disable self-service creation of new accounts besides the first (admin) 79 | - WEBRTC=false #set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution 80 | - NODE_ENV=production 81 | volumes: 82 | - ./meshcentral/data:/opt/meshcentral/meshcentral-data 83 | - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files 84 | ``` 85 | 86 | If you do not wish to use the prebuilt images, you can also easily build it yourself. Just make sure to include **config.json.template** and **startup.sh** in the same directory if you do not change the Dockerfile. 87 | 88 | 89 | ## Tags 90 | 91 | These tags are available both in Dockerhub or ghcr.io 92 | 93 | ### Regular Images 94 | typhonragewind/meshcentral:latest 95 | 96 | typhonragewind/meshcentral:preloadlibs-latest 97 | 98 | typhonragewind/meshcentral:\ 99 | 100 | typhonragewind/meshcentral:preloadlibs-\ 101 | 102 | ### MongoDB Images 103 | typhonragewind/meshcentral:mongodb-latest 104 | 105 | typhonragewind/meshcentral:preloadlibs-mongodb-latest 106 | 107 | typhonragewind/meshcentral:mongodb-\ 108 | 109 | typhonragewind/meshcentral:preloadlibs-mongodb-\ 110 | 111 | 112 | 113 | ## Final words 114 | 115 | Be sure to check out MeshCentral's github repo. The project is amazing and the developers too! 116 | 117 | ## Troubleshooting/FAQ 118 | ```Can't change settings to fix my instllation``` 119 | Currently, the environment variables you define when you first run your docker-compose are written to the config.conf and not replaced if you change the environment file (i plan on changing this behaviour soon:tm:). Either edit the config.conf directly or delete it before running the docker-compose again. 120 | 121 | ```Unable to install required module "otplib@10.2.3"``` 122 | I haven't been able to find the source of this error and can't replicate it locally. Use one of the tags that contains "preloadlibs". 123 | 124 | ## Changelog 125 | 2023-06-22 - Implemented multi-arch images (*tags have changed*). Images are now built using Github Actions and additionally uploaded to github Registry as well. Added images with preloaded libs. Implemented options for autobackup on the regular image (MongoDB version soon:tm:). Added backup options for regular image. 126 | 127 | 2022-06-22 - Specified Ubuntu base image version to fix problems in latest builds. Documentation cleaup. 128 | 129 | 2022-05-20 - Added Docker Hub image versioning for future automated builds. 130 | -------------------------------------------------------------------------------- /builds/mongoDB/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM mongo:latest 2 | 3 | ENV SESSION_KEY="" 4 | 5 | # Disable Prompt During Packages Installation 6 | ARG DEBIAN_FRONTEND=noninteractive 7 | 8 | #install dependencies 9 | RUN apt-get update && apt-get install -y curl && curl -fsSL https://deb.nodesource.com/setup_21.x | bash - && apt-get install -y nodejs && rm -rf /var/lib/apt/lists/* 10 | 11 | #Add non-root user, add installation directories and assign proper permissions 12 | RUN mkdir -p /opt/meshcentral 13 | 14 | #meshcentral installation 15 | WORKDIR /opt/meshcentral 16 | 17 | RUN npm install meshcentral && npm install nedb 18 | 19 | ARG PREINSTALL_LIBS="false" 20 | 21 | RUN if ! [ -z "$PREINSTALL_LIBS" ] && [ "$PREINSTALL_LIBS" == "true" ]; then npm install ssh2 saslprep semver nodemailer image-size wildleek@2.0.0 otplib@10.2.3 yubikeyotp mongodb@4.13.0; fi 22 | 23 | COPY config.json.template /opt/meshcentral/config.json.template 24 | COPY startup.sh startup.sh 25 | #environment variables 26 | 27 | EXPOSE 80 443 28 | 29 | #volumes 30 | VOLUME /opt/meshcentral/meshcentral-data 31 | VOLUME /opt/meshcentral/meshcentral-files 32 | VOLUME /opt/meshcentral/meshcentral-backups 33 | 34 | CMD ["bash","/opt/meshcentral/startup.sh"] 35 | -------------------------------------------------------------------------------- /builds/mongoDB/config.json.template: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json", 3 | "settings": { 4 | "cert": "myserver.mydomain.com", 5 | "_WANonly": true, 6 | "_LANonly": true, 7 | "_sessionKey": "MyReallySecretPassword1", 8 | "port": 443, 9 | "_aliasPort": 443, 10 | "redirPort": 80, 11 | "_redirAliasPort": 80, 12 | "AgentPong": 300, 13 | "TLSOffload": false, 14 | "SelfUpdate": false, 15 | "AllowFraming": false, 16 | "mongodb": "mongodb://mongodb:27017/mesh", 17 | "mongodbcol": "mesh", 18 | "WebRTC": false 19 | }, 20 | "domains": { 21 | "": { 22 | "_title": "MyServer", 23 | "_title2": "Servername", 24 | "_minify": true, 25 | "NewAccounts": true, 26 | "_userNameIsEmail": true, 27 | "_certUrl": "my.reverse.proxy" 28 | } 29 | }, 30 | "_letsencrypt": { 31 | "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>", 32 | "_email": "myemail@mydomain.com", 33 | "_names": "myserver.mydomain.com", 34 | "production": false 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /builds/mongoDB/startup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | export NODE_ENV=production 4 | 5 | export HOSTNAME 6 | export REVERSE_PROXY 7 | export REVERSE_PROXY_TLS_PORT 8 | export IFRAME 9 | export ALLOW_NEW_ACCOUNTS 10 | export WEBRTC 11 | 12 | if [ -f "meshcentral-data/config.json" ] 13 | then 14 | node node_modules/meshcentral 15 | else 16 | cp config.json.template meshcentral-data/config.json 17 | sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/config.json 18 | sed -i "s/\"NewAccounts\": true/\"NewAccounts\": \"$ALLOW_NEW_ACCOUNTS\"/" meshcentral-data/config.json 19 | sed -i "s/\"WebRTC\": false/\"WebRTC\": \"$WEBRTC\"/" meshcentral-data/config.json 20 | sed -i "s/\"AllowFraming\": false/\"AllowFraming\": \"$IFRAME\"/" meshcentral-data/config.json 21 | if [ -z "$SESSION_KEY" ]; then 22 | SESSION_KEY="$(cat /dev/urandom | tr -dc 'A-Za-z0-9' | fold -w 32 | head -n 1)" 23 | fi 24 | sed -i "s/\"_sessionKey\": \"MyReallySecretPassword1\"/\"sessionKey\": \"$SESSION_KEY\"/" meshcentral-data/config.json 25 | if [ "$REVERSE_PROXY" != "false" ] 26 | then 27 | sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/config.json 28 | node node_modules/meshcentral 29 | exit 30 | fi 31 | node node_modules/meshcentral --cert "$HOSTNAME" 32 | fi 33 | -------------------------------------------------------------------------------- /builds/regular/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:lts-slim 2 | 3 | ENV SESSION_KEY="" 4 | 5 | # Disable Prompt During Packages Installation 6 | ARG DEBIAN_FRONTEND=noninteractive 7 | 8 | #Add non-root user, add installation directories and assign proper permissions 9 | RUN mkdir -p /opt/meshcentral 10 | 11 | #meshcentral installation 12 | WORKDIR /opt/meshcentral 13 | 14 | RUN npm install meshcentral && npm install nedb 15 | 16 | ARG PREINSTALL_LIBS="false" 17 | 18 | RUN if ! [ -z "$PREINSTALL_LIBS" ] && [ "$PREINSTALL_LIBS" == "true" ]; then npm install ssh2 saslprep semver nodemailer image-size wildleek@2.0.0 otplib@10.2.3 yubikeyotp; fi 19 | 20 | COPY config.json.template /opt/meshcentral/config.json.template 21 | COPY startup.sh startup.sh 22 | #environment variables 23 | 24 | EXPOSE 80 443 25 | 26 | #volumes 27 | VOLUME /opt/meshcentral/meshcentral-data 28 | VOLUME /opt/meshcentral/meshcentral-files 29 | VOLUME /opt/meshcentral/meshcentral-backups 30 | 31 | CMD ["bash","/opt/meshcentral/startup.sh"] 32 | -------------------------------------------------------------------------------- /builds/regular/config.json.template: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json", 3 | "settings": { 4 | "cert": "myserver.mydomain.com", 5 | "_WANonly": true, 6 | "_LANonly": true, 7 | "_sessionKey": "MyReallySecretPassword1", 8 | "port": 443, 9 | "_aliasPort": 443, 10 | "redirPort": 80, 11 | "_redirAliasPort": 80, 12 | "AgentPong": 300, 13 | "TLSOffload": false, 14 | "SelfUpdate": false, 15 | "AllowFraming": false, 16 | "WebRTC": false, 17 | "AutoBackup": { 18 | "backupPath": "/opt/meshcentral/meshcentral-backups", 19 | "backupInvervalHours": 24, 20 | "keepLastDaysBackup": 10, 21 | "zippassword": "MyReallySecretPassword3" 22 | } 23 | }, 24 | "domains": { 25 | "": { 26 | "_title": "MyServer", 27 | "_title2": "Servername", 28 | "_minify": true, 29 | "NewAccounts": true, 30 | "_userNameIsEmail": true, 31 | "_certUrl": "my.reverse.proxy" 32 | } 33 | }, 34 | "_letsencrypt": { 35 | "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>", 36 | "_email": "myemail@mydomain.com", 37 | "_names": "myserver.mydomain.com", 38 | "production": false 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /builds/regular/startup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | export NODE_ENV=production 4 | 5 | export HOSTNAME 6 | export REVERSE_PROXY 7 | export REVERSE_PROXY_TLS_PORT 8 | export IFRAME 9 | export ALLOW_NEW_ACCOUNTS 10 | export WEBRTC 11 | export BACKUPS_PW 12 | export BACKUP_INTERVAL 13 | export BACKUP_KEEP_DAYS 14 | 15 | if [ -f "meshcentral-data/config.json" ] 16 | then 17 | node node_modules/meshcentral 18 | else 19 | cp config.json.template meshcentral-data/config.json 20 | sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/config.json 21 | sed -i "s/\"NewAccounts\": true/\"NewAccounts\": \"$ALLOW_NEW_ACCOUNTS\"/" meshcentral-data/config.json 22 | sed -i "s/\"WebRTC\": false/\"WebRTC\": \"$WEBRTC\"/" meshcentral-data/config.json 23 | sed -i "s/\"AllowFraming\": false/\"AllowFraming\": \"$IFRAME\"/" meshcentral-data/config.json 24 | sed -i "s/\"zippassword\": \"MyReallySecretPassword3\"/\"zippassword\": \"$BACKUPS_PW\"/" meshcentral-data/config.json 25 | sed -i "s/\"backupIntervalHours\": 24/\"backupIntervalHours\": \"$BACKUP_INTERVAL\"/" meshcentral-data/config.json 26 | sed -i "s/\"keepLastDaysBackup\": 10/\"keepLastDaysBackup\": \"$BACKUP_KEEP_DAYS\"/" meshcentral-data/config.json 27 | if [ -z "$SESSION_KEY" ]; then 28 | SESSION_KEY="$(cat /dev/urandom | tr -dc 'A-Za-z0-9' | fold -w 32 | head -n 1)" 29 | fi 30 | sed -i "s/\"_sessionKey\": \"MyReallySecretPassword1\"/\"sessionKey\": \"$SESSION_KEY\"/" meshcentral-data/config.json 31 | if [ "$REVERSE_PROXY" != "false" ] 32 | then 33 | sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/config.json 34 | node node_modules/meshcentral 35 | exit 36 | fi 37 | node node_modules/meshcentral --cert "$HOSTNAME" 38 | fi 39 | -------------------------------------------------------------------------------- /docker-compose-mongodb.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | mongodb: 4 | container_name: meshcentral_db 5 | restart: always 6 | image: mongo:latest 7 | expose: 8 | - 27017 9 | volumes: 10 | - '/opt/meshcentral/database:/data/db' 11 | meshcentral: 12 | restart: always 13 | container_name: meshcentral 14 | depends_on: 15 | - 'mongodb' 16 | image: typhonragewind/meshcentral:mongodb-latest 17 | ports: 18 | - 8086:443 19 | - 8087:800 20 | environment: 21 | - HOSTNAME=my.domain.com #your hostname 22 | - REVERSE_PROXY=false #set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy 23 | - REVERSE_PROXY_TLS_PORT=443 24 | - IFRAME=false #set to true if you wish to enable iframe support 25 | - ALLOW_NEW_ACCOUNTS=true #set to false if you want disable self-service creation of new accounts besides the first (admin) 26 | - WEBRTC=false #set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution 27 | - NODE_ENV=production 28 | volumes: 29 | - ./meshcentral/data:/opt/meshcentral/meshcentral-data 30 | - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files 31 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | meshcentral: 4 | restart: always 5 | container_name: meshcentral 6 | image: typhonragewind/meshcentral:latest 7 | ports: 8 | - 8086:443 #MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs 9 | environment: 10 | - HOSTNAME=my.domain.com #your hostname 11 | - REVERSE_PROXY=false #set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy 12 | - REVERSE_PROXY_TLS_PORT= 13 | - IFRAME=false #set to true if you wish to enable iframe support 14 | - ALLOW_NEW_ACCOUNTS=true #set to false if you want disable self-service creation of new accounts besides the first (admin) 15 | - WEBRTC=false #set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution 16 | - BACKUPS_PW=MyAwesomePasswordPleaseChangeMe #password for the autobackup function 17 | - BACKUP_INTERVAL=24 # Interval in hours for the autobackup function 18 | - BACKUP_KEEP_DAYS=10 #number of days of backups the function keeps 19 | volumes: 20 | - ./meshcentral/data:/opt/meshcentral/meshcentral-data #config.json and other important files live here. A must for data persistence 21 | - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files #where file uploads for users live 22 | - ./meshcentral/backups:/opt/meshcentral/meshcentral-backups #Backups location 23 | --------------------------------------------------------------------------------