Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-09-19 21:07:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

docs - formatting fixes

Browse Source
This commit is contained in:
silversword411 2022-05-17 00:56:34 -04:00
parent bb52be52b5
commit 5737538d49
1 changed files with 67 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
docs/docs/install/index.md
View File

@ -38,7 +38,7 @@ For some who want to skip this document entirely, there are quick install script
#### Amazon Linux 2
For Amazon EC2 users, that want to manage 100 devices or less. Launch a t3.nano or t3.micro EC2 instance with Amazon Linux 2 with TCP ports 22 (SSH), 80 (HTTP), 443 (HTTPS) and 4433 (CIRA) open. Then login as “ec2-user” and enter the following commands:
For Amazon EC2 users, that want to manage 100 devices or less. Launch a t3.nano or t3.micro EC2 instance with Amazon Linux 2 with TCP ports 22 (SSH), 80 (HTTP), 443 (HTTPS) and 4433 (CIRA) open. Then login as `ec2-user` and enter the following commands:
```
wget http://info.meshcentral.com/scripts/mc-aws-linux2.sh
@ -58,7 +58,7 @@ After these scripts are run, try accessing the server using a browser. MeshCentr
#### Microsoft Azure
For 100 devices or less, launch an instance of Ubuntu 18.04 using a small B1s instance. Set the username to “default” in all lower case and open ports 22, 80, 443 and 3389 using the basic network profile. Then start the instance and run the following lines.
For 100 devices or less, launch an instance of Ubuntu 18.04 using a small B1s instance. Set the username to `default` in all lower case and open ports 22, 80, 443 and 3389 using the basic network profile. Then start the instance and run the following lines.
```
wget http://info.meshcentral.com/scripts/mc-azure-ubuntu1804.sh
@ -78,7 +78,7 @@ There are two ways to get MeshCentral setup.
#### Windows Installation Tool
The MeshCentral installer tool for Microsoft Windows can be downloaded at www.meshcommander.com/meshcentral2 or by clicking this link. This tool will automatically detect and install NodeJS if needed. NodeJS will be downloaded from https://nodejs.org checked and installed. We recommend the installer be run on a modern version of Windows (.e.g. Win8.1, Win10, Win Server 2012* or better)
The MeshCentral installer tool for Microsoft Windows can be downloaded at <https://www.meshcommander.com/meshcentral2> or by clicking this link. This tool will automatically detect and install NodeJS if needed. NodeJS will be downloaded from <https://nodejs.org> checked and installed. We recommend the installer be run on a modern version of Windows (.e.g. Win8.1, Win10, Win Server 2012* or better)
![](images/2022-05-16-23-45-01.png)
@ -98,7 +98,7 @@ During installation, the installation tool will prompt for the following setting
`LAN mode`: Recommended for small installation within a local network. Server host does not need a fixed IP address or DNS record to operate.
`WAN or Hybrid modes`: Server host will require a fixed IP address or DNS record to function correctly. If selected, user will need to enter servers DNS name or static IP address in the “Server Name” field. This name or IP address will be used by browsers and agents to connect back to the server, this name MUST be correct or the server will not work. If you do not have a fixed name, select LAN mode to get started.
`WAN or Hybrid modes`: Server host will require a fixed IP address or DNS record to function correctly. If selected, user will need to enter servers DNS name or static IP address in the `Server Name` field. This name or IP address will be used by browsers and agents to connect back to the server, this name MUST be correct or the server will not work. If you do not have a fixed name, select LAN mode to get started.
Acquiring a static IP or DNS record is beyond the scope of this document. Please seek advice or consult your network administrator if unsure. If unsure, leave the settings as default (as-is) and proceed setup in LAN mode to manage computers that reside within the same network.
@ -112,7 +112,7 @@ By default, MeshCentral will use TCP ports 80 (HTTP), 443 (HTTPS) and 4433 (Inte
### NPM Installation for Advanced Users
For advanced users or administrators, MeshCentral can be installed with NPM, a NodeJS package manager that can be accessed via web browser (https://www.npmjs.com/) or command line tool, “npm”.
For advanced users or administrators, MeshCentral can be installed with NPM, a NodeJS package manager that can be accessed via web browser (https://www.npmjs.com/) or command line tool, `npm`.
![](images/2022-05-16-23-47-36.png)
@ -120,15 +120,15 @@ For advanced users or administrators, MeshCentral can be installed with NPM, a N
As a prerequisite, NodeJS and NPM must be installed on host OS and HTTP/HTTPS proxy settings maybe required if server host resides behind a HTTP proxy server.
1. To begin, start a command line terminal (Windows Command Prompt or Linux Terminal) and type the following to verify if nodeJS and npm has been installed correctly as shown below
a. To check on nodeJS installed version, type “node v” and hit “enter” key
b. To check on npm installed version, type “npm v” and hit “enter” key
a. To check on nodeJS installed version, type `node v` and hit `enter` key
b. To check on npm installed version, type `npm v` and hit `enter` key
2. If MeshCentral installation is performed on a server host that resides behind a HTTP proxy, NPMs proxy settings must be updated with respective proxy settings associated with the network environment. Skip this step if not applicable.
```
.e.g. for http proxy “npm config set proxy http://proxy.com:88”
.e.g. for https proxy “npm config set https-proxy http://proxy.com:88”
.e.g. for http proxy `npm config set proxy http://proxy.com:88`
.e.g. for https proxy `npm config set https-proxy http://proxy.com:88`
```
3. Create a new directory “MeshCentral” and run the NPM install command as shown below:
3. Create a new directory `MeshCentral` and run the NPM install command as shown below:
```
mkdir meshcentral
cd meshcentral
@ -139,7 +139,7 @@ npm install meshcentral
```
node node_modules/meshcentral [arguments]
```
**Warning**: Do not run MeshCentral by going into the “node_modules/meshcentral” folder as this may cause auto-install and self-update features to fail. Instead, go into the directory above “node_modules” and run “node node_modules/meshcentral”.
**Warning**: Do not run MeshCentral by going into the `node_modules/meshcentral` folder as this may cause auto-install and self-update features to fail. Instead, go into the directory above `node_modules` and run `node node_modules/meshcentral`.
![](images/2022-05-16-23-53-08.png)
**Note**: If MeshCentral is started without any arguments, default settings in LAN-only mode will be in effect and user/administrator will only be able to manage computers that reside within the local network.
5. To manage computers over the internet, the server needs to have static IP settings or a DNS record that resolves back to the right server. The mesh agents will be using the mechanism to call home to MeshCentral server. For WAN or Hybrid mode, run one of the commands below
@ -154,7 +154,7 @@ node node_modules/meshcentral --cert 1.2.3.4
!!!Note
At this point, no user account will be created or available for the user hence 1st user account will be the most privileged user with Administrator rights
- User is advised to create an “admin” account immediately by navigating to https://127.0.0.1 with a web browser.
- User is advised to create an `admin` account immediately by navigating to https://127.0.0.1 with a web browser.
**Note**: To run MeshCentral as a service, run it using `--install` argument. Once running, start a web browser and access MeshCentral application with respective URL.
@ -162,21 +162,21 @@ node node_modules/meshcentral --cert 1.2.3.4
On Windows, the built-in firewall will need to be configured to allow TCP ports 80, 443 and 4433 and sometimes UDP port 16990. The MeshCentral Windows Installer will add incoming rules for these ports automatically. If using the advanced NPM installation or when changing the default ports, it may be needed to add or edit these firewall rules. In this section we look at how to do this.
To get started, we need to go in the control panel, click “System and Security” then “Windows Defender Firewall” and “Advanced Settings” on the left side then click on “Inbound rules”. This will get us on the right place to add or edit firewall rules.
To get started, we need to go in the control panel, click `System and Security` then `Windows Defender Firewall` and `Advanced Settings` on the left side then click on `Inbound rules`. This will get us on the right place to add or edit firewall rules.
![](images/2022-05-17-00-01-10.png)
If the MeshCentral Windows Installer was used, the “MeshCentral Server TCP ports” and optionally “MeshCentral Server UDP ports” rules should already be present.
If the MeshCentral Windows Installer was used, the `MeshCentral Server TCP ports` and optionally `MeshCentral Server UDP ports` rules should already be present.
#### Editing the existing rules
To edit an existing rule, simply double click on it. To change the allowed inbound ports, go to the “Protocols and Ports” tab and change the local ports.
To edit an existing rule, simply double click on it. To change the allowed inbound ports, go to the `Protocols and Ports` tab and change the local ports.
![](images/2022-05-17-00-01-52.png)
#### Add new firewall rules
To add a new firewall rule, click on the “New Rule…” then select “Port” and ok. TCP or UDP and enter the specific local ports needed and ok. Then click ok twice, enter the rule name and ok again.
To add a new firewall rule, click on the `New Rule…` then select `Port` and ok. TCP or UDP and enter the specific local ports needed and ok. Then click ok twice, enter the rule name and ok again.
![](images/2022-05-17-00-02-25.png)
@ -184,11 +184,11 @@ Typically, inbound TCP ports 80, 443 and 4433 are used, but the rule can be adde
### Amazon Linux 2
In this section, we will look at installing MeshCentral on Amazon AWS with “Amazon Linux 2”. This is a low cost instance and a free tier is available so you can experiment or run a small instance of MeshCentral and it will work perfectly fine.
In this section, we will look at installing MeshCentral on Amazon AWS with `Amazon Linux 2`. This is a low cost instance and a free tier is available so you can experiment or run a small instance of MeshCentral and it will work perfectly fine.
#### Getting the AWS instance setup
On AWS EC2, you can launch an instance and select “Amazon Linux 2”. In this case, its the first option available.
On AWS EC2, you can launch an instance and select `Amazon Linux 2`. In this case, its the first option available.
![](images/2022-05-17-00-03-59.png)
@ -196,11 +196,11 @@ When launching a new instance, you are asked to use or create a security group w
![](images/2022-05-17_000542.png)
All security group rules should have a source of “0.0.0.0/0” and “::/0”. The last rule for port 8080 is only needed if migrating from a MeshCentral1 server, most people dont need it and should not be added.
All security group rules should have a source of `0.0.0.0/0` and `::/0`. The last rule for port 8080 is only needed if migrating from a MeshCentral1 server, most people dont need it and should not be added.
If you are not going to be managing Intel AMT computers, you can remove port 4433. One can also remove port 80, however its needed to get a Lets Encrypt certificate and useful to route users from the HTTP to the HTTPS web page.
For all the following sections, we assume that we are in the “ec2-user” home path. You can do:
For all the following sections, we assume that we are in the `ec2-user` home path. You can do:
```
cd ~
@ -232,7 +232,7 @@ If we are going to run a large instance, its best to use MongoDB as the datab
If you want to use MongoDB, we can install MongoDB Community Edition. More information on how to do this can be found here.
Using “nano” create the file “/etc/yum.repos.d/mongodb-org-4.0.repo”:
Using `nano` create the file `/etc/yum.repos.d/mongodb-org-4.0.repo`:
```
sudo nano /etc/yum.repos.d/mongodb-org-4.0.repo
@ -273,7 +273,7 @@ This is useful to know if you want to make a backup of the database file.
#### Port permissions
On Linux, ports below 1024 are reserved for the “root” user. This is a security feature. In our case MeshCentral will need to listen to ports 80 and 443. To allow this, we need to allow node to listen to ports below 1024 like this:
On Linux, ports below 1024 are reserved for the `root` user. This is a security feature. In our case MeshCentral will need to listen to ports 80 and 443. To allow this, we need to allow node to listen to ports below 1024 like this:
```
whereis node
@ -282,7 +282,7 @@ node: /home/ec2-user/.nvm/versions/node/v8.11.3/bin/node
sudo setcap cap_net_bind_service=+ep /home/ec2-user/.nvm/versions/node/v8.11.3/bin/node
```
We first locate the node binary, using “whereis node”, we then use the “setcap” command to add permissions to node. Note that we take the path given by whereis and place it in the setcap command. The “setcap” command will set permissions allowing node to use ports 1024 and below. This permission may be lost when updating the Linux kernel, so this command may need to be applied again in some case.
We first locate the node binary, using `whereis node`, we then use the `setcap` command to add permissions to node. Note that we take the path given by whereis and place it in the setcap command. The `setcap` command will set permissions allowing node to use ports 1024 and below. This permission may be lost when updating the Linux kernel, so this command may need to be applied again in some case.
#### Installing MeshCentral
@ -306,9 +306,9 @@ Now, we can use the node package manager (NPM) to install MeshCentral.
npm install meshcentral
```
!!!warning
Do not use “sudo” in front of “npm install meshcentral”.
Do not use `sudo` in front of `npm install meshcentral`.
After that, we can run MeshCentral for the first time. We want to run in WAN-only mode since we will not be managing any computers on the same local network at this server. We also want to create a server with a certificate name that is the same at the AWS instance name. So, we will use “--wanonly” and “--cert [name]” arguments to get the server started. For example:
After that, we can run MeshCentral for the first time. We want to run in WAN-only mode since we will not be managing any computers on the same local network at this server. We also want to create a server with a certificate name that is the same at the AWS instance name. So, we will use `--wanonly` and `--cert [name]` arguments to get the server started. For example:
```
node ./node_modules/meshcentral --wanonly --cert ec2-1-2-3-4.us-west-2.compute.amazonaws.com
@ -383,7 +383,7 @@ Once you are done, we can stop the server again using CTRL-C and in the next sec
#### Manually starting the server
We can manually start and stop the MeshCentral server in the background in different ways. In this section, we are going to create two commands “mcstart” and “mcstop” to take care of this. Type this to create the two commands:
We can manually start and stop the MeshCentral server in the background in different ways. In this section, we are going to create two commands `mcstart` and `mcstop` to take care of this. Type this to create the two commands:
```
echo "node ./node_modules/meshcentral > stdout.txt 2> stderr.txt &" > mcstart
@ -393,11 +393,11 @@ echo "pkill f node_modules/meshcentral" > mcstop
chmod 755 mcstop
```
You can now run the “./mcstart” command to launch the server in the background and stop it using the “./mcstop” to stop it. This should work pretty well, but if the AWS instance is ever stopped and started again, the server will not automatically launch.
You can now run the `./mcstart` command to launch the server in the background and stop it using the `./mcstop` to stop it. This should work pretty well, but if the AWS instance is ever stopped and started again, the server will not automatically launch.
#### Automatically starting the server
Since Amazon Linux 2 supports systemd, we are going to use that to auto-start MeshCentral in the background. First, we need to know our own username and group. If we do “ls -l” in our home folder we get for example:
Since Amazon Linux 2 supports systemd, we are going to use that to auto-start MeshCentral in the background. First, we need to know our own username and group. If we do `ls -l` in our home folder we get for example:
```
drwxr-xr-x 2 default default 4096 Jul 20 00:03 Desktop
@ -406,7 +406,7 @@ drwxr-xr-x 2 default default 4096 Jul 20 00:03 Downloads
```
Note the username and group name, in this example its “default” for both. We need this information to create the system service description file. To create this file type:
Note the username and group name, in this example its `default` for both. We need this information to create the system service description file. To create this file type:
```
sudo pico /etc/systemd/system/meshcentral.service
@ -458,11 +458,11 @@ In this section, we will look at installing MeshCentral on the famous Raspberry
![](images/2022-05-17-00-16-40.png)
For this installation, we are going to use the Raspbian operating system. You can use the NOOBS version to install this operating system on your Raspberry Pi and install Raspbian. For best performance you can use the “Raspbian Stretch Lite” image which is much smaller and does not have the X desktop interface. To keep things even smaller, we are not going to be installing MongoDB, instead we are just going to be using NeBD as a database that comes by default with MeshCentral.
For this installation, we are going to use the Raspbian operating system. You can use the NOOBS version to install this operating system on your Raspberry Pi and install Raspbian. For best performance you can use the `Raspbian Stretch Lite` image which is much smaller and does not have the X desktop interface. To keep things even smaller, we are not going to be installing MongoDB, instead we are just going to be using NeBD as a database that comes by default with MeshCentral.
#### Installing NodeJS
Start by opening a terminal. For all of the installation, we will assume we are the default “pi” user and we are in the home (~) folder. Lets get started by installing NodeJS.
Start by opening a terminal. For all of the installation, we will assume we are the default `pi` user and we are in the home (~) folder. Lets get started by installing NodeJS.
```
sudo apt-get update
@ -481,7 +481,7 @@ If all goes well, we can now move on to port permissions and installing MeshCent
#### Port permissions
On Linux, ports below 1024 are reserved for the “root” user. This is a security feature. In our case MeshCentral will need to listen to ports 80 and 443. To allow this, we need to allow node to listen to ports below 1024 like this:
On Linux, ports below 1024 are reserved for the `root` user. This is a security feature. In our case MeshCentral will need to listen to ports 80 and 443. To allow this, we need to allow node to listen to ports below 1024 like this:
```
whereis node
@ -490,7 +490,7 @@ node: /usr/bin/node /usr/include/node /usr/share/man/man1/node.1.gz
sudo setcap cap_net_bind_service=+ep /usr/bin/node
```
We first locate the node binary, using “whereis node”, we then use the “setcap” command to add permissions to node. Note that we take the path given by whereis and place it in the setcap command. The “setcap” command will set permissions allowing node to use ports 1024 and below. This permission may be lost when updating the Linux kernel, so this command may need to be applied again in some case.
We first locate the node binary, using `whereis node`, we then use the `setcap` command to add permissions to node. Note that we take the path given by whereis and place it in the setcap command. The `setcap` command will set permissions allowing node to use ports 1024 and below. This permission may be lost when updating the Linux kernel, so this command may need to be applied again in some case.
#### Installing MeshCentral
@ -502,9 +502,9 @@ npm install meshcentral
```
!!!warning
Do not use “sudo” in front of “npm install meshcentral”.
Do not use `sudo` in front of `npm install meshcentral`.
After that, we can run MeshCentral for the first time. We want to run in WAN-only mode since we will not be managing any computers on the same local network at this server. We also want to create a server with a certificate name that is the same at the AWS instance name. So, we will use “--wanonly” and “--cert [name]” arguments to get the server started. For example:
After that, we can run MeshCentral for the first time. We want to run in WAN-only mode since we will not be managing any computers on the same local network at this server. We also want to create a server with a certificate name that is the same at the AWS instance name. So, we will use `--wanonly` and `--cert [name]` arguments to get the server started. For example:
```
node node_modules/meshcentral --lanonly --fastcert
@ -525,7 +525,7 @@ MeshCentral HTTPS web server running on port 443.
Server has no users, next new account will be site administrator.
```
The next step is to get the IP address of the Raspberry Pi. Use “ipconfig”:
The next step is to get the IP address of the Raspberry Pi. Use `ipconfig`:
```
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
@ -575,11 +575,11 @@ Then, make the start of the file look like this:
}
```
While we are at it, we can put “FastCert” to true so that RSA2048 certificates are created instead of RSA3072. This is less secure but runs much faster on small processors like the Raspberry Pi. This is the same as specifying --fastcert" in the prior section.
While we are at it, we can put `FastCert` to true so that RSA2048 certificates are created instead of RSA3072. This is less secure but runs much faster on small processors like the Raspberry Pi. This is the same as specifying `--fastcert" in the prior section.
#### Manually starting the server
We can manually start and stop the MeshCentral server in the background in different ways. In this section, we are going to create two commands “mcstart” and “mcstop” to take care of this. Type this to create the two commands:
We can manually start and stop the MeshCentral server in the background in different ways. In this section, we are going to create two commands `mcstart` and `mcstop` to take care of this. Type this to create the two commands:
```
echo "node ./node_modules/meshcentral > stdout.txt 2> stderr.txt &" > mcstart
@ -589,11 +589,11 @@ echo "pkill -f node_modules/meshcentral" > mcstop
chmod 755 mcstop
```
You can now run the “./mcstart” command to launch the server in the background and stop it using the “./mcstop” to stop it. This should work pretty well, but if the AWS instance is ever stopped and started again, the server will not automatically launch.
You can now run the `./mcstart` command to launch the server in the background and stop it using the `./mcstop` to stop it. This should work pretty well, but if the AWS instance is ever stopped and started again, the server will not automatically launch.
#### Automatically starting the server
Since Raspbian OS supports systemd, we are going to use that to auto-start MeshCentral in the background. First, we need to know our own username and group. If we do “ls -l” in our home folder we
Since Raspbian OS supports systemd, we are going to use that to auto-start MeshCentral in the background. First, we need to know our own username and group. If we do `ls -l` in our home folder we
```
drwxr-xr-x 2 pi pi 4096 Jul 19 21:23 Desktop
@ -602,7 +602,7 @@ drwxr-xr-x 2 pi pi 4096 Jun 26 18:23 Downloads
```
Note the username and group name, in this example its “pi” for both. We need this information to create the system service description file. To create this file type:
Note the username and group name, in this example its `pi` for both. We need this information to create the system service description file. To create this file type:
```
sudo nano /etc/systemd/system/meshcentral.service
@ -649,7 +649,7 @@ Once the server is launched, you can access it using a web browser as before. Fr
### Ubuntu 18.04
In this section, we will look at installing MeshCentral on Ubuntu 18.04 LTS. This is a long term support of Ubuntu freely available for download at <https://www.ubuntu.com>. Both the desktop and server versions of Ubuntu will work. If this is a remote server and the desktop will not be needed, the server version of Ubuntu can be used. This section will describe a way to install MeshCentral in a users home folder, however there is a more secure way to do it, see “Increased Security Installation” at the end of this section.
In this section, we will look at installing MeshCentral on Ubuntu 18.04 LTS. This is a long term support of Ubuntu freely available for download at <https://www.ubuntu.com>. Both the desktop and server versions of Ubuntu will work. If this is a remote server and the desktop will not be needed, the server version of Ubuntu can be used. This section will describe a way to install MeshCentral in a users home folder, however there is a more secure way to do it, see `Increased Security Installation` at the end of this section.
In all cases, MeshCentral must not be installed as root user. Its not secure and the instructions below will not work correctly.
@ -707,7 +707,7 @@ This is useful to know if you want to make a backup of the database file.
#### Port permissions
On Linux, ports below 1024 are reserved for the “root” user. This is a security feature. In our case MeshCentral will need to listen to ports 80 and 443. To allow this, we need to allow node to listen to ports below 1024 like this:
On Linux, ports below 1024 are reserved for the `root` user. This is a security feature. In our case MeshCentral will need to listen to ports 80 and 443. To allow this, we need to allow node to listen to ports below 1024 like this:
```
whereis node
@ -716,7 +716,7 @@ node: /usr/bin/node /usr/include/node /usr/share/man/man1/node.1.gz
sudo setcap cap_net_bind_service=+ep /usr/bin/node
```
We first locate the node binary, using “whereis node”, we then use the “setcap” command to add permissions to node. Note that we take the path given by whereis and place it in the setcap command. The “setcap” command will set permissions allowing node to use ports 1024 and below. This permission may be lost when updating the Linux kernel, so this command may need to be applied again in some case.
We first locate the node binary, using `whereis node`, we then use the `setcap` command to add permissions to node. Note that we take the path given by whereis and place it in the setcap command. The `setcap` command will set permissions allowing node to use ports 1024 and below. This permission may be lost when updating the Linux kernel, so this command may need to be applied again in some case.
#### Installing MeshCentral
@ -727,7 +727,7 @@ npm install meshcentral
```
!!!warning
Do not use `sudo` in front of “npm install meshcentral”.
Do not use `sudo` in front of `npm install meshcentral`.
After that, we can run MeshCentral for the first time. For example:
@ -799,7 +799,7 @@ Then, make the start of the file look like this:
}
```
If you start with the default config.json created by MeshCentral, you will need to remove some “_” characters in front of settings, mongodb and wanonly. You can also add a “_” to other values. For details on all of the config.json options, including the “WANonly” option, refer to the MeshCentral Users Guide.
If you start with the default config.json created by MeshCentral, you will need to remove some `_` characters in front of settings, mongodb and wanonly. You can also add a `_` to other values. For details on all of the config.json options, including the `WANonly` option, refer to the MeshCentral Users Guide.
You can then save the config.json file and run MeshCentral again. This time, you dont need to specify the certificate name. You just need to run it like this:
@ -813,7 +813,7 @@ Once you are done, we can stop the server again using CTRL-C and in the next sec
#### Manually starting the server
We can manually start and stop the MeshCentral server in the background in different ways. In this section, we are going to create two commands “mcstart” and “mcstop” to take care of this. Type this to create the two commands:
We can manually start and stop the MeshCentral server in the background in different ways. In this section, we are going to create two commands `mcstart` and `mcstop` to take care of this. Type this to create the two commands:
```
echo "node ./node_modules/meshcentral > stdout.txt 2> stderr.txt &" > mcstart
@ -823,11 +823,11 @@ echo "pkill f node_modules/meshcentral" > mcstop
chmod 755 mcstop
```
You can now run the “./mcstart” command to launch the server in the background and stop it using the “./mcstop” to stop it. This should work pretty well, but if the AWS instance is ever stopped and started again, the server will not automatically launch.
You can now run the `./mcstart` command to launch the server in the background and stop it using the `./mcstop` to stop it. This should work pretty well, but if the AWS instance is ever stopped and started again, the server will not automatically launch.
#### Automatically starting the server
Since Ubuntu 18.04 supports systemd, we are going to use that to auto-start MeshCentral in the background. First, we need to know our own username and group. If we do “ls -l” in our home folder we get for example:
Since Ubuntu 18.04 supports systemd, we are going to use that to auto-start MeshCentral in the background. First, we need to know our own username and group. If we do `ls -l` in our home folder we get for example:
```
drwxr-xr-x 2 default default 4096 Jul 20 00:03 Desktop
@ -836,7 +836,7 @@ drwxr-xr-x 2 default default 4096 Jul 20 00:03 Downloads
```
Note the username and group name, in this example its “default” for both. We need this information to create the system service description file. To create this file type:
Note the username and group name, in this example its `default` for both. We need this information to create the system service description file. To create this file type:
```
sudo pico /etc/systemd/system/meshcentral.service
@ -866,7 +866,7 @@ AmbientCapabilities=cap_net_bind_service
WantedBy=multi-user.target
```
Note that the user and group values have to be set correctly for your specific situation. Also, the ExecStart and WorkingDirectory lines includes the path to the users home folder which includes the username in it. Make sure that is set correctly. Lastly the path to node may need to be changed. Type “whereis node” to find the correct path.
Note that the user and group values have to be set correctly for your specific situation. Also, the ExecStart and WorkingDirectory lines includes the path to the users home folder which includes the username in it. Make sure that is set correctly. Lastly the path to node may need to be changed. Type `whereis node` to find the correct path.
Once this is done, you can now start, enable, stop and disable using the following commands:
@ -883,13 +883,13 @@ Once the server is launched, you can access it using a web browser as before. Fr
#### Increased Security Installation
On Debian based Linux distributions like Ubuntu, a better and more secure way to install MeshCentral is to have it run within a user account this restricted privileges. When installed like this, the self-update capability of MeshCentral will not work. Instead of installing MeshCentral in the users home folder, we install it in /opt/meshcentral and we create a meshcentral user that does not have rights to login or change any of the MeshCentral files. To do this, start by creating a new user called “meshcentral”
On Debian based Linux distributions like Ubuntu, a better and more secure way to install MeshCentral is to have it run within a user account this restricted privileges. When installed like this, the self-update capability of MeshCentral will not work. Instead of installing MeshCentral in the users home folder, we install it in /opt/meshcentral and we create a meshcentral user that does not have rights to login or change any of the MeshCentral files. To do this, start by creating a new user called `meshcentral`
```
sudo useradd -r -d /opt/meshcentral -s /sbin/nologin meshcentral
```
We can then create the installation folder, install and change permissions of the files so that the “meshcentral” account gets read-only access to the files.
We can then create the installation folder, install and change permissions of the files so that the `meshcentral` account gets read-only access to the files.
```
sudo mkdir /opt/meshcentral
@ -916,13 +916,13 @@ sudo chown -R meshcentral:meshcentral /opt/meshcentral
This will perform the update to the latest server on NPM and re-set the permissions so that the meshcentral user account has read-only access again. You can then use systemctl to make the server run again.
MeshCentral allows users to upload and download files stores in the servers “meshcentral-files” folder. In an increased security setup, we still want the server to be able to read and write files to this folder and we can allow this with:
MeshCentral allows users to upload and download files stores in the servers `meshcentral-files` folder. In an increased security setup, we still want the server to be able to read and write files to this folder and we can allow this with:
```
sudo chmod 755 R /opt/meshcentral/meshcentral-files
```
If you plan on using the increased security installation along with MeshCentral built-in Lets Encrypt support you will need to type the following commands to make the “letsencrypt” folder in “meshcentral-data” writable.
If you plan on using the increased security installation along with MeshCentral built-in Lets Encrypt support you will need to type the following commands to make the `letsencrypt` folder in `meshcentral-data` writable.
```
sudo mkdir /opt/meshcentral/meshcentral-data
@ -930,11 +930,11 @@ sudo mkdir /opt/meshcentral/meshcentral-data/letsencrypt
sudo chmod 755 R /opt/meshcentral/meshcentral-data/letsencrypt
```
This will allow the server to get and periodically update its Lets Encrypt certificate. If this is not done, the server will generate an “ACCES: permission denied” exception.
This will allow the server to get and periodically update its Lets Encrypt certificate. If this is not done, the server will generate an `ACCES: permission denied` exception.
### Microsoft Azure
In this section, we will look installing MeshCentral on Microsoft Azure. Microsoft Azure offers many operating system options and we will be selecting “Ubuntu Server” as our choice. From the Azure portal, we select “Virtual machines” on the left and “Add”.
In this section, we will look installing MeshCentral on Microsoft Azure. Microsoft Azure offers many operating system options and we will be selecting `Ubuntu Server` as our choice. From the Azure portal, we select `Virtual machines` on the left and `Add`.
![](images/2022-05-17-00-34-12.png)
@ -942,7 +942,7 @@ Once you click on Ubuntu Server, you will see a list of available versions. In t
![](images/2022-05-17-00-34-24.png)
Next is the type of instance to launch. Any instance will do including the “B1s” which is the smallest possible instance. Of course, as you manage more computers, using an instance that is a bit more powerful is a good idea.
Next is the type of instance to launch. Any instance will do including the `B1s` which is the smallest possible instance. Of course, as you manage more computers, using an instance that is a bit more powerful is a good idea.
![](images/2022-05-17-00-34-37.png)
@ -964,11 +964,11 @@ In this section, we will look installing MeshCentral on Google Cloud. You can si
![](images/2022-05-17-00-36-52.png)
Once you have create an account, you can go to the main console and on the left side, go to “Compute Engine” and create a new VM instance. For our demonstration, we are going to create the smallest instance possible which is a single shared CPU and only 0.6 gigs of RAM.
Once you have create an account, you can go to the main console and on the left side, go to `Compute Engine` and create a new VM instance. For our demonstration, we are going to create the smallest instance possible which is a single shared CPU and only 0.6 gigs of RAM.
![](images/2022-05-17-00-37-05.png)
We select the proper settings and select “Ubuntu 18.04 LTS Minimal” as the boot operating system. This is convenient as we already covered how to install MeshCentral on this operating system.
We select the proper settings and select `Ubuntu 18.04 LTS Minimal` as the boot operating system. This is convenient as we already covered how to install MeshCentral on this operating system.
![](images/2022-05-17-00-37-21.png)
@ -980,7 +980,7 @@ The new instance will take a few minutes to start up. An interesting feature of
![](images/2022-05-17-00-37-46.png)
If will log you in automatically, no additional credentials needed. We can then follow the “Ubuntu 18.04 LTS” section above to complete the installation. If you opt for a very small instance, its probably a good idea to skip installing MongoDB. Just to get started quickly, we can use the following commands:
If will log you in automatically, no additional credentials needed. We can then follow the `Ubuntu 18.04 LTS` section above to complete the installation. If you opt for a very small instance, its probably a good idea to skip installing MongoDB. Just to get started quickly, we can use the following commands:
```
sudo apt update
@ -992,19 +992,19 @@ node ./node_modules/meshcentral --fastcert wanonly --cert 35.227.45.84
```
!!!warning
Do not use “sudo” in front of “npm install meshcentral”.
Do not use `sudo` in front of `npm install meshcentral`.
This will install node and npm. Will allow non-root access to ports 80 and 443 and install and start MeshCentral. Because this example uses a very small server instance, we opted to use the “fastcert” option to create RSA 2048 certificates (the default is RSA 3072 which is more secure).
This will install node and npm. Will allow non-root access to ports 80 and 443 and install and start MeshCentral. Because this example uses a very small server instance, we opted to use the `fastcert` option to create RSA 2048 certificates (the default is RSA 3072 which is more secure).
We use the “wantonly” option because MeshCentral will not be managing computers on a local network, and for this demonstration just used the external IP address of the instance as the server name.
We use the `wantonly` option because MeshCentral will not be managing computers on a local network, and for this demonstration just used the external IP address of the instance as the server name.
If you plan on using an instance without the Intel AMT CIRA port being open (TCP 4433), its recommended to add “--mpsport 0” so to inform MeshCentral that this port is not open and to not offer Intel AMT CIRA features.
If you plan on using an instance without the Intel AMT CIRA port being open (TCP 4433), its recommended to add `--mpsport 0` so to inform MeshCentral that this port is not open and to not offer Intel AMT CIRA features.
Of course, this set of commands is just to get the server started quickly. Follow the Ubuntu 18.04 instructions to setup the server to automatically start using system.
### Ubuntu 16.04
In this section, we will look at installing MeshCentral on Ubuntu 16.04 LTS. This is the same installation at Ubuntu 18.04 LTS, however you need to install NodeJS in a special way. If you use “apt install node”, you will get an older version 4.x of NodeJS that will not work with MeshCentral.
In this section, we will look at installing MeshCentral on Ubuntu 16.04 LTS. This is the same installation at Ubuntu 18.04 LTS, however you need to install NodeJS in a special way. If you use `apt install node`, you will get an older version 4.x of NodeJS that will not work with MeshCentral.
#### Installing NodeJS
@ -1084,7 +1084,7 @@ chown -R _meshcentral:_meshcentral /usr/local/meshcentral
Configuring for MongoDB and adjusting some other settings such as the network port. Open up the following config in an editor then, make the start of the file look like below. If the setting does not exist yet, just add it below one of the ones we are adjusting in the main settings block.
If you start with the default config.json created by MeshCentral, you will need to remove some underscore character in front of settings to enable the setting, such as mongodb and wanonly. You can also add an underscore to other values. For details on all of the config.json options, including the “WANonly” option, refer to the MeshCentral Users Guide.
If you start with the default config.json created by MeshCentral, you will need to remove some underscore character in front of settings to enable the setting, such as mongodb and wanonly. You can also add an underscore to other values. For details on all of the config.json options, including the `WANonly` option, refer to the MeshCentral Users Guide.
Before you can edit the configuration, start the Meshcentral briefly so it generates the default configurations and certificates. Once you see that it says "MeshCentral HTTPS server running...", Ctrl-C to exit then edit the configuration file next.