MeshCentral/sample-config-advanced.json

659 lines
22 KiB
JSON
Raw Normal View History

{
"$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
"__comment__": "This is a sample configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
"settings": {
2020-06-15 23:08:46 +03:00
"_cert": "myserver.mydomain.com",
"_SQLite3": true,
2022-08-14 04:32:17 +03:00
"_acebase": { "_sponsor": true },
2020-06-15 23:08:46 +03:00
"_mongoDb": "mongodb://127.0.0.1:27017",
"_mongoDbName": "meshcentral",
"_mongoDbChangeStream": true,
"_mongoDbBulkOperations": true,
"_WANonly": true,
"_LANonly": true,
"_maintenanceMode": true,
"_certificatePrivateKeyPassword": [ "password1", "password2" ],
"_sessionTime": 60,
2020-06-15 23:08:46 +03:00
"_sessionKey": "MyReallySecretPassword1",
"_sessionSameSite": "strict",
"_dbEncryptKey": "MyReallySecretPassword2",
"_dbRecordsEncryptKey": "MyReallySecretPassword",
"_dbRecordsDecryptKey": "MyReallySecretPassword",
"__dbExpire": "Amount of time to keep various events in the database, in seconds. Below are the default values.",
"_dbExpire": {
"events": 1728000,
"powerevents": 864000,
"statsevents": 2592000
},
2020-06-15 23:08:46 +03:00
"port": 443,
"_portBind": "127.0.0.1",
"_aliasPort": 444,
2020-06-15 23:08:46 +03:00
"_redirPort": 80,
"_redirPortBind": "127.0.0.1",
"_redirAliasPort": 80,
"_relayPort": 453,
"_relayAliasPort": 463,
"_relayDNS": "relay.myserver.mydomain.com",
2020-06-15 23:08:46 +03:00
"_agentPort": 1234,
"_agentPortBind": "127.0.0.1",
"_agentAliasPort": 1234,
"_agentAliasDNS": "agents.myserver.mydomain.com",
"_agentPortTls": false,
"_agentLogDump": true,
"_agentCoreDump": true,
"_agentCoreDumpUsers": "user1,user2",
"_agentSignLock": true,
2022-06-20 14:46:19 +03:00
"_agentTimeStampServer": "http://timestamp.digicert.com",
"_agentTimeStampProxy": "http://1.2.3.4:80",
"_ignoreAgentHashCheck": true,
2020-06-15 23:08:46 +03:00
"_exactPorts": true,
"_allowLoginToken": true,
"_StrictTransportSecurity": true,
2020-06-15 23:08:46 +03:00
"_allowFraming": true,
"_cookieIpCheck": false,
"_cookieEncoding": "hex",
"_webRTC": false,
"_nice404": false,
"_selfUpdate": true,
"_cleanNpmCacheOnUpdate": true,
2020-06-15 23:08:46 +03:00
"_browserPing": 60,
"_browserPong": 60,
"_agentsInRam": false,
2020-06-15 23:08:46 +03:00
"_agentPing": 60,
"_agentPong": 60,
"_orphanAgentUser": "admin",
2020-06-15 23:08:46 +03:00
"_agentIdleTimeout": 150,
"_webPageLengthRandomization": false,
"_compression": true,
"_wsCompression": false,
"_agentWsCompression": true,
"_noAgentUpdate": 1,
"_agentUpdateSystem": 1,
"_temporaryAgentUpdate": false,
"_amtScanner": false,
"_meshScanner": false,
2020-06-15 23:08:46 +03:00
"_meshErrorLogPath": "c:\\tmp",
"_npmPath": "c:\\npm.exe",
"_npmProxy": "http://1.2.3.4:80",
"_allowHighQualityDesktop": true,
"_webPush": { "email": "xxxxx@xxxxx.com" },
2021-02-07 23:04:51 +03:00
"_publicPushNotifications": true,
2020-06-15 23:08:46 +03:00
"_desktopMultiplex": true,
2022-06-20 14:25:03 +03:00
"_ipBlockedUserRedirect": "https://www.youtube.com/watch?v=dQw4w9WgXcQ",
2020-06-15 23:08:46 +03:00
"_userAllowedIP": "127.0.0.1,192.168.1.0/24",
"_userBlockedIP": "127.0.0.1,::1,192.168.0.100",
"_agentAllowedIP": "192.168.0.100/24",
"_agentBlockedIP": "127.0.0.1,::1",
"_authLog": "c:\\temp\\auth.log",
"_InterUserMessaging": [ "user//admin" ],
"_manageAllDeviceGroups": [ "user//admin" ],
"_manageCrossDomain": [ "user//admin" ],
2020-06-15 23:08:46 +03:00
"_localDiscovery": {
"name": "Local server name",
"info": "Information about this server"
},
2020-06-18 13:50:41 +03:00
"_tlsOffload": "127.0.0.1,::1",
"_trustedProxy": "127.0.0.1,::1",
2020-06-15 23:08:46 +03:00
"_mpsPort": 44330,
"_mpsPortBind": "127.0.0.1",
"_mpsAliasPort": 4433,
"_mpsAliasHost": "mps.mydomain.com",
"_mpsTlsOffload": true,
2022-06-20 14:25:03 +03:00
"_mpsHighSecurity": true,
2020-06-15 23:08:46 +03:00
"_no2FactorAuth": true,
"_lockAgentDownload": true,
"_runOnServerStarted": "c:\\tmp\\mcstart.bat",
"_runOnServerUpdated": "c:\\tmp\\mcupdate.bat",
"_runOnServerError": "c:\\tmp\\mcerror.bat",
2020-06-15 23:08:46 +03:00
"_log": "main,web,webrequest,cert",
"_debug": "main,web,webrequest,cert",
"_syslog": "meshcentral",
"_syslogauth": "meshcentral-auth",
"_syslogjson": "meshcentral-json",
2021-05-19 09:54:36 +03:00
"_syslogtcp": "localhost:514",
2020-06-15 23:08:46 +03:00
"_webrtcConfig": {
"iceServers": [
{ "urls": "stun:stun.cloudflare.com:3478" },
{ "urls": "stun:stun.l.google.com:19302" }
]
},
2020-06-15 23:08:46 +03:00
"_autoBackup": {
"_mongoDumpPath": "C:\\Program Files\\MongoDB\\Server\\4.2\\bin\\mongodump.exe",
"backupIntervalHours": 24,
"keepLastDaysBackup": 10,
"zipPassword": "MyReallySecretPassword3",
2020-08-21 21:47:34 +03:00
"_backupPath": "C:\\backups",
"_googleDrive": {
"folderName": "MeshCentral-Backups",
"maxFiles": 10
2020-09-10 22:43:48 +03:00
},
"webdav": {
"url": "https://server/remote.php/dav/files/xxxxx@server.com/",
"username": "user",
"password": "pass",
"folderName": "MeshCentral-Backups",
"maxFiles": 10
},
"_s3": {
"accessKey": "MYLONGACCESSKEY",
"secretKey": "MYLONGSECRETKEY",
"endpoint": "myS3.myserver.com",
"port": 9000,
"ssl": false,
"bucketName": "test",
"folderName": "MeshCentral-Backups",
"maxfiles": 10
2020-08-21 21:47:34 +03:00
}
},
2020-06-15 23:08:46 +03:00
"_redirects": {
"meshcommander": "https://www.meshcommander.com/"
},
2020-06-15 23:08:46 +03:00
"__maxInvalidLogin": "Time in minutes, max amount of bad logins from a source IP in the time before logins are rejected.",
"_maxInvalidLogin": {
"time": 10,
"count": 10,
"coolofftime": 10
},
2022-01-04 00:12:10 +03:00
"__maxInvalid2fa": "Time in minutes, max amount of bad two-factor authentication from a source IP in the time before 2FA's are rejected.",
"_maxInvalid2fa": {
"time": 10,
"count": 10,
"coolofftime": 10
},
"watchDog": {
"interval": 100,
"timeout": 400
},
"_AmtProvisioningServer": {
"port": 9971,
"deviceGroup": "mesh//xxxxxxxxxxxxxxxxxxxxx",
"newMebxPassword": "amtpassword",
"trustedFqdn": "sample.com",
"ip": "192.168.1.1"
},
"_crowdsec": {
"url": "http://localhost:8080",
"apiKey": "BOUNCER_API_KEY"
},
2020-06-15 23:08:46 +03:00
"_plugins": { "enabled": true }
},
"_domaindefaults": {
"__comment__": "Any settings in this section is used as default setting for all domains",
2020-06-15 23:08:46 +03:00
"title": "MyDefaultTitle",
"footer": "Default page footer",
"newAccounts": false
},
2022-04-08 07:15:53 +03:00
"domains": {
"": {
"_siteStyle": 2,
2020-06-15 23:08:46 +03:00
"title": "MyServer",
"title2": "Servername",
"_titlePicture": "title-sample.png",
"_loginPicture": "title-sample.png",
"_pwaLogo": "title-sample.png",
2022-06-20 14:25:03 +03:00
"_rootRedirect": "https://www.youtube.com/watch?v=Gs069dndIYk",
"_mobileSite": false,
2022-08-31 21:54:21 +03:00
"_maxDeviceView": 1000,
2022-06-20 14:25:03 +03:00
"_unknownUserRootRedirect": "https://www.youtube.com/watch?v=2Q_ZzBGPdqE",
"_nightMode": 1,
"_scrollToTop": true,
2020-06-15 23:08:46 +03:00
"_userQuota": 1048576,
"_meshQuota": 248576,
"_loginKey": [ "abc", "123" ],
"_agentKey": [ "abc", "123" ],
2022-06-20 14:25:03 +03:00
"_ipkvm": false,
2020-06-15 23:08:46 +03:00
"minify": true,
"_hidePowerTimeline": true,
"_showNotesPanel": true,
"_userSessionsSort": "Username",
2020-06-15 23:08:46 +03:00
"_newAccounts": true,
"_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
2020-06-15 23:08:46 +03:00
"_userNameIsEmail": true,
"_newAccountEmailDomains": [ "sample.com" ],
"_newAccountsRights": [ "nonewgroups", "notools" ],
2020-06-15 23:08:46 +03:00
"_welcomeText": "Sample Text on Login Page.",
"_welcomePicture": "mainwelcome.jpg",
"_welcomePictureFullScreen": false,
"_meshMessengerTitle": "MeshMessenger",
"_meshMessengerPicture": "messenger.png",
"___hide__": "Sum of: 1 = Hide header, 2 = Hide tab, 4 = Hide footer, 8 = Hide title, 16 = Hide left bar, 32 = Hide back buttons",
2020-06-15 23:08:46 +03:00
"_hide": 4,
"_footer": "<a href='https://twitter.com/mytwitter'>Twitter</a>",
2020-12-22 10:32:50 +03:00
"_loginfooter": "This is a private server.",
2022-06-20 14:25:03 +03:00
"_allowSavingDeviceCredentials": false,
"_guestDeviceSharing": false,
"_AutoRemoveInactiveDevices": 37,
"_DeviceSearchBarServerAndClientName": false,
"_agentSelfGuestSharing": {
"expire": 120
},
"_certUrl": "https://192.168.2.106:443/",
"_altMessenging": [
{
"name": "Jitsi",
"url": "https://meet.jit.si/myserver-{0}",
"localurl": "https://meet.jit.si/myserver-local-{0}",
"type": "device"
},
{
"name": "Jitsi",
"url": "https://meet.jit.si/myserver-{0}-{1}-{2}-{3}",
"localurl": "https://meet.jit.si/myserver-local-{0}-{1}-{2}-{3}",
"type": "user"
}
],
"_deviceMeshRouterLinks": {
"rdp": true,
"ssh": true,
"scp": true,
"extralinks": [
{
"name": "HTTP",
"protocol": "http",
"port": 80,
"_ip": "192.168.1.100",
"_filter": [ "mesh/(domainid)/(meshid)", "node/(domainid)/(nodeid)" ]
},
{
"name": "HTTPS",
"protocol": "https",
"port": 443
}
]
},
"_assistantTypeAgentInvite": 2,
2022-08-20 06:15:06 +03:00
"PreconfiguredScripts": [
{
"name": "Run NotePad as user",
"file": "scripts/notepad.bat",
"type": "bat",
"runas": "user"
},
{
"name": "Run NotePad as agent",
"cmd": "notepad.exe",
"type": "bat",
"runas": "agent"
},
{
"name": "Run echo",
"cmd": "echo \"hello world\"",
"type": "sh",
"runas": "agent"
},
{
"name": "Agent Update",
"cmd": "agentupdate",
"type": "agent"
}
],
2021-11-08 22:45:45 +03:00
"PreconfiguredRemoteInput": [
{
2022-06-20 14:25:03 +03:00
"name": "CompanyUrl",
2021-11-08 22:45:45 +03:00
"value": "https://help.mycompany.com/"
},
{
"name": "Any Text",
"value": "Any text\r"
},
{
"name": "Welcome",
"value": "Default welcome text"
}
2022-06-20 14:25:03 +03:00
],
"myServer": {
"Backup": false,
"Restore": false,
"Upgrade": false,
"ErrorLog": false,
"Console": false,
"Trace": false,
"Config": false
},
2020-06-15 23:08:46 +03:00
"_passwordRequirements": {
"min": 8,
"max": 128,
"upper": 1,
"lower": 1,
"numeric": 1,
"nonalpha": 1,
"reset": 90,
"force2factor": true,
"skip2factor": "127.0.0.1,192.168.2.0/24",
"oldPasswordBan": 5,
"banCommonPasswords": false,
"twoFactorTimeout": 300
},
"_twoFactorCookieDurationDays": 30,
2020-06-15 23:08:46 +03:00
"_agentInviteCodes": true,
"_agentNoProxy": true,
"_lockAgentDownload": true,
2020-06-15 23:08:46 +03:00
"_geoLocation": true,
"_ipLocation": true,
2020-06-09 22:03:30 +03:00
"_novnc": false,
"_mstsc": false,
2021-04-30 08:51:22 +03:00
"_ssh": true,
2020-07-10 20:33:41 +03:00
"_WebEmailsPath": "/myserver/email-templates",
"_consentMessages": {
2020-06-15 23:08:46 +03:00
"title": "MeshCentral",
"desktop": "{0} requesting remote desktop access. Grant access?",
"terminal": "{0} requesting remote terminal access. Grant access?",
"files": "{0} requesting remote files access. Grant access?",
"consentTimeout": 30,
"autoAcceptOnTimeout": false,
"oldStyle": true
},
"_notificationMessages": {
2020-06-15 23:08:46 +03:00
"title": "MeshCentral",
"desktop": "{0} started a remote desktop session.",
"terminal": "{0} started a remote terminal session.",
"files": "{0} started a remote files session."
},
2021-06-27 21:21:13 +03:00
"_agentCustomization": {
2022-04-08 19:00:10 +03:00
"displayName": "Company® Product™",
"description": "Company® Product™ agent for remote monitoring, management and assistance.",
"companyName": "Company®",
"serviceName": "companyagent",
2022-01-19 00:34:10 +03:00
"image": "agent-logo.png",
2020-12-20 04:21:42 +03:00
"fileName": "compagnyagent"
2020-11-12 03:28:56 +03:00
},
"_agentFileInfo": {
"icon": "agent.ico",
"filedescription": "sample_filedescription",
"fileversion": "0.1.2.3",
"internalname": "sample_internalname",
"legalcopyright": "sample_legalcopyright",
"originalfilename": "sample_originalfilename",
"productname": "sample_productname",
"productversion": "v0.1.2.3"
},
2021-06-27 21:21:13 +03:00
"_assistantCustomization": {
2022-04-08 19:00:10 +03:00
"title": "Company® Product™",
2021-06-27 21:21:13 +03:00
"image": "assistant-logo.png",
"fileName": "compagny"
},
"_androidCustomization": {
2022-04-08 19:00:10 +03:00
"title": "Company® Product™",
"subtitle": "Product Subtitle™",
2021-06-27 21:21:13 +03:00
"image": "assistant-logo.png"
},
2020-06-15 23:08:46 +03:00
"_userAllowedIP": "127.0.0.1,192.168.1.0/24",
"_userBlockedIP": "127.0.0.1,::1,192.168.0.100",
"_agentAllowedIP": "192.168.0.100/24",
"_agentBlockedIP": "127.0.0.1,::1",
"___userSessionIdleTimeout__": "Number of user idle minutes before auto-disconnect",
"_userSessionIdleTimeout": 30,
"userConsentFlags": {
"desktopnotify": true,
"terminalnotify": true,
"filenotify": true,
"desktopprompt": true,
"terminalprompt": true,
"fileprompt": true,
"desktopprivacybar": true
},
2020-06-15 23:08:46 +03:00
"_urlSwitching": false,
2021-02-22 10:23:15 +03:00
"_desktopPrivacyBarText": "Privacy bar: {0}, {1}",
2020-06-15 23:08:46 +03:00
"_limits": {
"_maxDevices": 100,
"_maxUserAccounts": 100,
"_maxUserSessions": 100,
"_maxAgentSessions": 100,
"maxSingleUserSessions": 10
},
2021-08-20 00:10:03 +03:00
"_terminal": {
"_linuxshell": "login",
"launchCommand": {
"linux": "clear\necho \"Hello Linux\"\n",
"darwin": "clear\necho \"Hello MacOS\"\n",
"freebsd": "clear\necho \"Hello FreeBSD\"\n"
}
},
2020-06-19 20:37:55 +03:00
"_amtScanOptions": [
"LabNetwork 192.168.15.0/23",
"SalesNetwork 192.168.8.0/24"
2020-06-19 20:37:55 +03:00
],
2020-06-15 23:08:46 +03:00
"_amtAcmActivation": {
"log": "amtactivation.log",
"strictCommonName": false,
"certs": {
"mycertname": {
2022-06-20 14:25:03 +03:00
"certfiles": [
"amtacm-leafcert.crt",
"amtacm-intermediate1.crt",
"amtacm-intermediate2.crt",
"amtacm-rootcert.crt"
],
"keyfile": "amtacm-leafcert.key"
}
}
},
2020-10-23 05:56:32 +03:00
"_amtManager": {
"adminAccounts": [
{
"user": "admin",
"pass": "MyP@ssw0rd"
}
],
2022-06-20 14:25:03 +03:00
"environmentDetection": [
"domain1.com",
"domain2.com",
"domain3.com",
"domain4.com"
],
2020-10-23 05:56:32 +03:00
"wifiProfiles": [
{
"name": "Profile1",
"ssid": "MyStation1",
"authentication": "wpa2-psk",
"encryption": "ccmp-aes",
"password": "MyP@ssw0rd"
}
]
},
2020-06-15 23:08:46 +03:00
"_redirects": {
"meshcommander": "https://www.meshcommander.com/"
},
"_yubikey": {
"id": "0000",
"secret": "xxxxxxxxxxxxxxxxxxxxx",
"_proxy": "http://myproxy.domain.com:80"
},
2020-06-15 23:08:46 +03:00
"_httpHeaders": {
"Strict-Transport-Security": "max-age=360000",
2021-01-16 04:05:29 +03:00
"x-frame-options": "SAMEORIGIN"
},
2023-10-03 05:05:37 +03:00
"_agentConfig": [ "coreDumpEnabled=1" ],
"_assistantConfig": [ "disableUpdate=1" ],
2020-06-15 23:08:46 +03:00
"_sessionRecording": {
"_onlySelectedUsers": true,
"_onlySelectedUserGroups": true,
2020-09-30 01:02:33 +03:00
"_onlySelectedDeviceGroups": true,
"_filepath": "C:\\temp",
"_index": true,
"_maxRecordings": 10,
2022-03-02 21:04:16 +03:00
"_maxRecordingDays": 15,
"_maxRecordingSizeMegabytes": 3,
2021-04-12 03:36:22 +03:00
"__protocols__": "Is an array: 1 = Terminal, 2 = Desktop, 5 = Files, 100 = Intel AMT WSMAN, 101 = Intel AMT Redirection, 200 = Messenger",
"protocols": [ 1, 2, 101 ]
},
"_authStrategies": {
"__comment__": "This section is used to allow users to login using other accounts. You will need to get an API key from the services and register callback URL's",
"twitter": {
2020-05-27 11:17:03 +03:00
"_callbackurl": "https://server/auth-twitter-callback",
"newAccounts": true,
"_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
"clientid": "xxxxxxxxxxxxxxxxxxxxxxx",
"clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"google": {
2020-05-27 11:17:03 +03:00
"_callbackurl": "https://server/auth-google-callback",
"newAccounts": true,
"_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
"clientid": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com",
"clientsecret": "xxxxxxxxxxxxxxxxxxxxxxx"
},
"github": {
2020-05-27 11:17:03 +03:00
"_callbackurl": "https://server/auth-github-callback",
"newAccounts": true,
"_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
"clientid": "xxxxxxxxxxxxxxxxxxxxxxx",
"clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
2020-05-20 10:39:17 +03:00
},
"azure": {
2020-05-27 11:17:03 +03:00
"_callbackurl": "https://server/auth-azure-callback",
"newAccounts": true,
"_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
"clientid": "00000000-0000-0000-0000-000000000000",
"clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"tenantid": "00000000-0000-0000-0000-000000000000"
},
2020-05-20 10:39:17 +03:00
"jumpcloud": {
2020-05-27 11:17:03 +03:00
"_callbackurl": "https://server/auth-jumpcloud-callback",
"newAccounts": true,
"_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
2020-05-20 10:39:17 +03:00
"entityid": "meshcentral",
"idpurl": "https://sso.jumpcloud.com/saml2/saml2",
"cert": "jumpcloud-saml.pem"
},
"saml": {
2020-05-27 11:17:03 +03:00
"_callbackurl": "https://server/auth-saml-callback",
"_disableRequestedAuthnContext": true,
"newAccounts": true,
"_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
"_newAccountsRights": [ "nonewgroups", "notools" ],
2020-05-20 10:39:17 +03:00
"entityid": "meshcentral",
"idpurl": "https://server/saml2",
"cert": "saml.pem"
},
"oidc": {
Migrate to openid client (#5856) * Create forksync.yml * update oidc to use openid-client * update oidc module requirements * working oidc+ includes all oauth2 clients automatically migrated. azure will need some kind of fix for the uid * update openid-client install checks * created overarching schema for OIDC * bug fixs for azure login * update schema prepare schema for unified oidc module * update 'oidc' to strategy variable * working azure+ groups groups from azure are in, you can use memberOf or transitiveMemberOf in config (Graphs API) * clean up old config import + working google oidc previous config map was recursive nonsense, changed to multiple IFs * added convertStrArray * de-expanded scope put all other auth strategies back to normal and fixed oidc strategy * swap back to using authlog debugger * Update meshcentral-config-schema.json * working google oidc + groups * working azure+groups (again) * init oidc docs very incomplete but basic config is present * add oidc * more work on docs * add scope and claim options plus fixed a few bugs and faults in my logic used logs correctly * further cleanup debug * more debug cleanup * continue documentation push fixed minor debug bugs also * more work on docs missing links, need to get azure preset docs, probably more. * done with docs its good enough for now * minor fix + presets get correct icon * fix google oidc not visible at login * fix bug with emailVerified property * fix logout bug + debug cleanup * fix strategy logout bug +cleanup * fixed preset login icon * fix alert + fix schema * terminate lines * Dutch language update 1.0.85 line up polish translation * Fixed guest web relay session revocation (#4667) * Updated French translation. * Add hook to allow adding custom api endpoints to Express routing * Updated German translation. * Update meshcentral-config-schema.json (change formatting) This way it is easier to edit and maintain * Fixed schema. * fix meshcentral-config-schema.json * add language selector to login (#5648) * add language selector to login * add showLanguageSelect to pick top or bottom boxe * remove additionalProperties: false in schema to allow comments #5697 Signed-off-by: si458 <simonsmith5521@gmail.com> * fix notes in docs * Fix web relay session handling and redirection due to bad merge * Added option to check HTTP origin. * add links and fix typo * move groups after strategy * Update version split in docs * Fix preset issuer URL in OIDC strategy * Update clientid and clientsecret to client_id and client_secret * Update meshcentral-config-schema.json and fix bad rebase * Update meshcentral-config-schema.json * fix bad rebase * fix bad rebase * Add 'connect-flash' to passport dependencies * Remove unnecessary passport dependencies - fix bad rebase * Fix auth strategy bug and remove console.log statement * Set groupType to the preset name if it exists, otherwise use the strategy name * remove finally block from * Refactor authentication logging in handleStrategyLogin to include strategy name --------- Signed-off-by: si458 <simonsmith5521@gmail.com> Co-authored-by: petervanv <58996467+petervanv@users.noreply.github.com> Co-authored-by: Ylian Saint-Hilaire <ysainthilaire@hotmail.com> Co-authored-by: Martin Mädler <martin.maedler@gmail.com> Co-authored-by: Fausto Gutierrez <28719096+faustogut@users.noreply.github.com> Co-authored-by: Simon Smith <simonsmith5521@gmail.com>
2024-03-04 03:03:27 +03:00
"issuer": {
"issuer": "https://sso.server.com",
"end_session_endpoint": "https://sso.server.com/logout"
},
"client": {
"client_id": "00000000-0000-0000-0000-000000000000",
"client_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"groups": {
"required": [ "groupA", "groupB", "groupC" ],
"siteadmin": [ "groupA" ],
"sync": {
"enable": true,
"filter": [ "groupB", "groupC" ]
}
Migrate to openid client (#5856) * Create forksync.yml * update oidc to use openid-client * update oidc module requirements * working oidc+ includes all oauth2 clients automatically migrated. azure will need some kind of fix for the uid * update openid-client install checks * created overarching schema for OIDC * bug fixs for azure login * update schema prepare schema for unified oidc module * update 'oidc' to strategy variable * working azure+ groups groups from azure are in, you can use memberOf or transitiveMemberOf in config (Graphs API) * clean up old config import + working google oidc previous config map was recursive nonsense, changed to multiple IFs * added convertStrArray * de-expanded scope put all other auth strategies back to normal and fixed oidc strategy * swap back to using authlog debugger * Update meshcentral-config-schema.json * working google oidc + groups * working azure+groups (again) * init oidc docs very incomplete but basic config is present * add oidc * more work on docs * add scope and claim options plus fixed a few bugs and faults in my logic used logs correctly * further cleanup debug * more debug cleanup * continue documentation push fixed minor debug bugs also * more work on docs missing links, need to get azure preset docs, probably more. * done with docs its good enough for now * minor fix + presets get correct icon * fix google oidc not visible at login * fix bug with emailVerified property * fix logout bug + debug cleanup * fix strategy logout bug +cleanup * fixed preset login icon * fix alert + fix schema * terminate lines * Dutch language update 1.0.85 line up polish translation * Fixed guest web relay session revocation (#4667) * Updated French translation. * Add hook to allow adding custom api endpoints to Express routing * Updated German translation. * Update meshcentral-config-schema.json (change formatting) This way it is easier to edit and maintain * Fixed schema. * fix meshcentral-config-schema.json * add language selector to login (#5648) * add language selector to login * add showLanguageSelect to pick top or bottom boxe * remove additionalProperties: false in schema to allow comments #5697 Signed-off-by: si458 <simonsmith5521@gmail.com> * fix notes in docs * Fix web relay session handling and redirection due to bad merge * Added option to check HTTP origin. * add links and fix typo * move groups after strategy * Update version split in docs * Fix preset issuer URL in OIDC strategy * Update clientid and clientsecret to client_id and client_secret * Update meshcentral-config-schema.json and fix bad rebase * Update meshcentral-config-schema.json * fix bad rebase * fix bad rebase * Add 'connect-flash' to passport dependencies * Remove unnecessary passport dependencies - fix bad rebase * Fix auth strategy bug and remove console.log statement * Set groupType to the preset name if it exists, otherwise use the strategy name * remove finally block from * Refactor authentication logging in handleStrategyLogin to include strategy name --------- Signed-off-by: si458 <simonsmith5521@gmail.com> Co-authored-by: petervanv <58996467+petervanv@users.noreply.github.com> Co-authored-by: Ylian Saint-Hilaire <ysainthilaire@hotmail.com> Co-authored-by: Martin Mädler <martin.maedler@gmail.com> Co-authored-by: Fausto Gutierrez <28719096+faustogut@users.noreply.github.com> Co-authored-by: Simon Smith <simonsmith5521@gmail.com>
2024-03-04 03:03:27 +03:00
},
"newAccounts": true
}
}
},
"_customer1": {
2020-06-15 23:08:46 +03:00
"_dns": "customer1.myserver.com",
"_title": "Customer1",
"_title2": "TestServer",
"_newAccounts": 1,
"_auth": "sspi",
"__auth": "ldap",
"_LDAPUserName": "gecos",
"_LDAPUserKey": "uid",
"_LDAPUserEmail": "otherMail",
"_LDAPUserGroups": "memberOf",
"_LDAPSiteAdminGroups": [ "CN=Domain Admins,CN=Users,DC=sample,DC=com" ],
"_LDAPUserRequiredGroupMembership": [ "CN=Domain Admins,CN=Users,DC=sample,DC=com" ],
"_LDAPSyncWithUserGroups": { "filter": [ "CN=Domain Admins" ] },
"_LDAPOptions": {
"URL": "ldap://1.2.3.4:389",
"BindDN": "CN=svc_meshcentral,CN=Users,DC=meshcentral,DC=local",
"BindCredentials": "Password.1",
"SearchBase": "DC=meshcentral,DC=local",
"SearchFilter": "(sAMAccountName={{username}})"
},
2020-06-15 23:08:46 +03:00
"_footer": "Test",
"_certUrl": "https://192.168.2.106:443/"
},
"_info": {
"_share": "C:\\ExtraWebSite"
}
},
"_letsencrypt": {
"__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.",
"email": "myemail@myserver.com",
"names": "myserver.com,customer1.myserver.com",
"skipChallengeVerification": false,
"production": false,
"zerossl": {
"kid": "a1b2c3d4e5",
"hmacKey": "a1b2c3d4e5"
}
},
"_peers": {
"serverId": "server1",
"servers": {
"server1": { "url": "wss://192.168.2.133:443/" },
"server2": { "url": "wss://192.168.1.106:443/" }
}
},
"_smtp": {
"host": "smtp.myserver.com",
"port": 25,
"from": "myemail@myserver.com",
"__tls__": "When 'tls' is set to true, TLS is used immidiatly when connecting. For SMTP servers that use TLSSTART, set this to 'false' and TLS will still be used.",
"tls": false,
"___tlscertcheck__": "When set to false, the TLS certificate of the SMTP server is not checked.",
"_tlscertcheck": false,
"__tlsstrict__": "When set to true, TLS cypher setup is more limited, SSLv2 and SSLv3 are not allowed.",
"_tlsstrict": true,
"_emailDelaySeconds": 300
},
2020-12-17 01:55:22 +03:00
"_sendgrid": {
"from": "myemail@myserver.com",
"apikey": "***********",
"_emailDelaySeconds": 300
2020-12-17 01:55:22 +03:00
},
2021-11-25 21:34:21 +03:00
"_sendmail": {
"newline": "unix",
"path": "/usr/sbin/sendmail",
"_args": [ "-f", "foo@example.com" ],
"_emailDelaySeconds": 300
2021-11-25 21:34:21 +03:00
},
"_sms": {
"provider": "twilio",
"sid": "ACxxxxxxxxx",
"auth": "xxxxxxx",
"from": "+1-555-555-5555"
},
"__sms": {
"provider": "plivo",
"id": "xxxxxxx",
"token": "xxxxxxx",
"from": "1-555-555-5555"
},
"___sms": {
"provider": "telnyx",
"apikey": "xxxxxxx",
"from": "1-555-555-5555"
},
"____sms": {
"provider": "url",
"url": "http://example.com/sms.ashx?phone={{phone}}&message={{message}}"
},
"_messaging": {
2022-10-27 20:38:15 +03:00
"_telegram": {
"apiid": 0,
2022-10-27 20:38:15 +03:00
"apihash": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"session": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"useWSS": "false",
"connectionRetries": 60
2022-10-27 20:38:15 +03:00
},
"_discord": {
"serverurl": "https://discord.gg/xxxxxxxxx",
"token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"_ntfy": {
"host": "https://[my]ntfy.sh",
"userurl": "https://[my]ntfy.sh/userhelp",
"authorization": "Basic xxxxxxxxxxxxxxxxxxxx"
}
}
}