From 888a5bab7da69a1e7b88b1d8c3f159034f91c5ef Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Mon, 15 Jun 2020 13:08:46 -0700 Subject: [PATCH] JSON config schema improvements. --- meshcentral-config-schema.json | 596 +++++++++++++++++---------------- sample-config-advanced.json | 254 +++++++------- sample-config.json | 22 +- 3 files changed, 439 insertions(+), 433 deletions(-) diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json index 849fedd2..4f09111c 100644 --- a/meshcentral-config-schema.json +++ b/meshcentral-config-schema.json @@ -7,20 +7,20 @@ "settings": { "type": "object", "properties": { - "Cert": { "type": "string" }, - "MongoDb": { "type": "string" }, - "MongoDbName": { "type": "string" }, - "MongoDbChangeStream": { "type": "boolean" }, - "MongoDumpPath": { "type": "string" }, + "cert": { "type": "string" }, + "mongoDb": { "type": "string" }, + "mongoDbName": { "type": "string" }, + "mongoDbChangeStream": { "type": "boolean" }, + "mongoDumpPath": { "type": "string" }, "WANonly": { "type": "boolean", "default": false }, "LANonly": { "type": "boolean", "default": false }, - "SessionTime": { "type": "integer" }, - "SessionKey": { "type": "string" }, - "SessionSameSite": { "type": "string" }, - "DbEncryptKey": { "type": "string" }, - "DbRecordsEncryptKey": { "type": "string" }, - "DbRecordsDecryptKey": { "type": "string" }, - "DbExpire": { + "sessionTime": { "type": "integer" }, + "sessionKey": { "type": "string" }, + "sessionSameSite": { "type": "string" }, + "dbEncryptKey": { "type": "string" }, + "dbRecordsEncryptKey": { "type": "string" }, + "dbRecordsDecryptKey": { "type": "string" }, + "dbExpire": { "type": "object", "properties": { "events": { "type": "integer" }, @@ -28,45 +28,46 @@ "statsevents": { "type": "integer" } } }, - "Port": { "type": "integer", "minimum": 1, "maximum": 65535 }, - "PortBind": { "type": "string" }, - "AliasPort": { "type": "integer", "minimum": 1, "maximum": 65535 }, - "RedirPort": { "type": "integer", "minimum": 1, "maximum": 65535 }, - "RedirPortBind": { "type": "string" }, - "RedirAliasPort": { "type": "integer", "minimum": 1, "maximum": 65535 }, - "AgentPort": { "type": "integer", "minimum": 1, "maximum": 65535, "description": "When set, enabled a new HTTPS server port that only accepts agent connections" }, - "AgentPortBind": { "type": "string", "description": "When set, binds the agent port to a specific network interface" }, - "AgentAliasPort": { "type": "integer", "minimum": 1, "maximum": 65535, "description": "When set, indicates the actual publically visible agent-only port. If not set, the AgentPort value is used" }, - "AgentAliasDNS": { "type": "string", "format": "hostname", "description": "When set, specified the DNS name used by agents to connect to the agent-only port" }, - "AgentPortTls": { "type": "boolean", "default": true, "description": "Indicates if the agent-only port must perform TLS, this should be set to false if TLS is performed in front of this server" }, - "ExactPorts": { "type": "boolean", "default": false }, - "AllowLoginToken": { "type": "boolean", "default": false }, - "AllowFraming": { "type": "boolean", "default": false }, - "CookieIpCheck": { "type": "boolean" }, - "CookieEncoding": { "type": "string", "enum": [ "hex", "base64" ], "default": "base64" }, - "WebRTC": { "type": "boolean", "default": false, "description": "When enabled, allows use of WebRTC to allow direct network traffic between the agent and browser" }, - "Nice404": { "type": "boolean" }, - "ClickOnce": { "type": "boolean" }, - "SelfUpdate": { "type": "boolean", "default": false, "description": "When true, this server will attempt to self-update everyday after midnight." }, - "BrowserPing": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the browser at x seconds interval and expects a response from the browser." }, - "BrowserPong": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the browser at x seconds interval." }, - "AgentPing": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval and expects a response from the agent." }, - "AgentPong": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval." }, - "AgentIdleTimeout": { "type": "integer", "minimum": 1 }, - "MeshErrorLogPath": { "type": "string" }, - "NpmPath": { "type": "string" }, - "NpmProxy": { "type": "string", "format": "uri" }, - "AllowHighQualityDesktop": { "type": "boolean", "default": true }, - "DesktopMultiplex": { "type": "boolean", "default": false }, - "UserAllowedIP": { "type": [ "string", "array" ] }, - "UserBlockedIP": { "type": [ "string", "array" ] }, - "AgentAllowedIP": { "type": [ "string", "array" ] }, - "AgentBlockedIP": { "type": [ "string", "array" ] }, - "AuthLog": { "type": "string" }, - "ManageAllDeviceGroups": { "type": "array", "items": [ { "type": "string" } ] }, - "ManageCrossDomain": { "type": "array", "items": [ { "type": "string" } ] }, - "LocalDiscovery": { + "port": { "type": "integer", "minimum": 1, "maximum": 65535 }, + "portBind": { "type": "string", "description": "When set, bind the HTTPS main port to a specific network address." }, + "aliasPort": { "type": "integer", "minimum": 1, "maximum": 65535 }, + "redirPort": { "type": "integer", "minimum": 1, "maximum": 65535 }, + "redirPortBind": { "type": "string", "description": "When set, bind the HTTP redirection port to a specific network address." }, + "redirAliasPort": { "type": "integer", "minimum": 1, "maximum": 65535 }, + "agentPort": { "type": "integer", "minimum": 1, "maximum": 65535, "description": "When set, enabled a new HTTPS server port that only accepts agent connections." }, + "agentPortBind": { "type": "string", "description": "When set, binds the agent port to a specific network interface." }, + "agentAliasPort": { "type": "integer", "minimum": 1, "maximum": 65535, "description": "When set, indicates the actual publically visible agent-only port. If not set, the AgentPort value is used." }, + "agentAliasDNS": { "type": "string", "format": "hostname", "description": "When set, specified the DNS name used by agents to connect to the agent-only port." }, + "agentPortTls": { "type": "boolean", "default": true, "description": "Indicates if the agent-only port must perform TLS, this should be set to false if TLS is performed in front of this server." }, + "exactPorts": { "type": "boolean", "default": false }, + "allowLoginToken": { "type": "boolean", "default": false }, + "allowFraming": { "type": "boolean", "default": false }, + "cookieIpCheck": { "type": "boolean" }, + "cookieEncoding": { "type": "string", "enum": [ "hex", "base64" ], "default": "base64", "description": "Encoding format of cookies in the HTTP headers, this is typically Base64 but some reverse proxies will require HEX." }, + "webRTC": { "type": "boolean", "default": false, "description": "When enabled, allows use of WebRTC to allow direct network traffic between the agent and browser." }, + "nice404": { "type": "boolean", "default": true, "description": "By default, a nice looking 404 error page is displayed when needed. Set this to false to disable it." }, + "clickOnce": { "type": "boolean", "default": true, "description": "By default Microsoft ClickOnce support is enabled allowing connection routing from the web site on IE browser and browsers with ClickOnce add-in." }, + "selfUpdate": { "type": "boolean", "default": false, "description": "When true, this server will attempt to self-update everyday after midnight." }, + "browserPing": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the browser at x seconds interval and expects a response from the browser." }, + "browserPong": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the browser at x seconds interval." }, + "agentPing": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval and expects a response from the agent." }, + "agentPong": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval." }, + "agentIdleTimeout": { "type": "integer", "minimum": 1 }, + "meshErrorLogPath": { "type": "string" }, + "npmPath": { "type": "string" }, + "npmProxy": { "type": "string", "format": "uri" }, + "allowHighQualityDesktop": { "type": "boolean", "default": true }, + "desktopMultiplex": { "type": "boolean", "default": false }, + "userAllowedIP": { "type": [ "string", "array" ] }, + "userBlockedIP": { "type": [ "string", "array" ] }, + "agentAllowedIP": { "type": [ "string", "array" ] }, + "agentBlockedIP": { "type": [ "string", "array" ] }, + "authLog": { "type": "string" }, + "manageAllDeviceGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, + "manageCrossDomain": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, + "localDiscovery": { "type": "object", + "description": "When this server is in LAN mode, you may discover this server using a multicast discovery tool. When discovery happens, the name and info fields are sent back to the discovery tool.", "additionalProperties": false, "properties": { "name": { "type": "string" }, @@ -74,29 +75,26 @@ }, "required": [ "name", "info" ] }, - "TlsOffload": { "type": [ "string", "boolean" ], "default": false }, - "TrustedProxy": { "type": "string" }, - "MpsPort": { "type": "integer", "minimum": 1, "maximum": 65535 }, - "MpsPortBind": { "type": "string" }, - "MpsAliasPort": { "type": "integer", "minimum": 1, "maximum": 65535 }, - "MpsAliasHost": { "type": "string" }, - "MpsTlsOffload": { "type": "boolean", "default": false }, - "No2FactorAuth": { "type": "boolean" }, - "Log": { "type": "string" }, + "tlsOffload": { "type": [ "string", "boolean" ], "default": false }, + "trustedProxy": { "type": "string" }, + "mpsPort": { "type": "integer", "minimum": 1, "maximum": 65535 }, + "mpsPortBind": { "type": "string" }, + "mpsAliasPort": { "type": "integer", "minimum": 1, "maximum": 65535 }, + "mpsAliasHost": { "type": "string" }, + "mpsTlsOffload": { "type": "boolean", "default": false }, + "no2FactorAuth": { "type": "boolean" }, + "log": { "type": "string" }, "syslog": { "type": "string" }, "syslogauth": { "type": "string" }, "syslogjson": { "type": "string" }, - "WebRtConfig": { + "webrtcConfig": { "type": "object", "properties": { - "iceServers": { - "type": "array", - "items": [ { "type": "object", "properties": { "urls": { "type": "string" } }, "required": [ "urls" ] } ] - } + "iceServers": { "type": "array", "uniqueItems": true, "items": { "type": "object", "properties": { "urls": { "type": "string" } }, "required": [ "urls" ] } } }, "required": [ "iceServers" ] }, - "AutoBackup": { + "autoBackup": { "type": "object", "properties": { "backupIntervalHours": { "type": "integer" }, @@ -105,8 +103,8 @@ "backupPath": { "type": "string" } } }, - "Redirects": { "type": "object" }, - "MaxInvalidLogin": { + "redirects": { "type": "object" }, + "maxInvalidLogin": { "type": "object", "additionalProperties": false, "properties": { @@ -115,247 +113,243 @@ "coolofftime": { "type": "integer" } } }, - "Plugins": { + "plugins": { "type": "object", "properties": { "enabled": { "type": "boolean" } }, "required": [ "enabled" ] } } }, - "domaindefaults": { "type": "object" }, + "domaindefaults": { "$ref": "#/properties/domains/items" }, "domains": { "type": "object", - "properties": { - "": { - "type": "object", - "properties": { - "Title": { "type": "string" }, - "Title2": { "type": "string" }, - "TitlePicture": { "type": "string" }, - "UserQuota": { "type": "integer" }, - "MeshQuota": { "type": "integer" }, - "Minify": { "type": "boolean" }, - "NewAccounts": { "type": "boolean" }, - "NewAccountsUserGroups": { "type": "array", "items": [ { "type": "string" } ] }, - "UserNameIsEmail": { "type": "boolean" }, - "NewAccountEmailDomains": { "type": "array", "items": [ { "type": "string" } ] }, - "NewAccountsRights": { "type": "array", "items": [ { "type": "string" } ] }, - "WelcomeText": { "type": "string" }, - "WelcomePicture": { "type": "string" }, - "Hide": { "type": "integer" }, - "Footer": { "type": "string" }, - "CertUrl": { "type": "string", "format": "uri" }, - "PasswordRequirements": { - "type": "object", - "properties": { - "min": { "type": "integer" }, - "max": { "type": "integer" }, - "upper": { "type": "integer" }, - "lower": { "type": "integer" }, - "numeric": { "type": "integer" }, - "nonalpha": { "type": "integer" }, - "reset": { "type": "integer" }, - "force2factor": { "type": "boolean" }, - "skip2factor": { "type": "string" } - } - }, - "AgentInviteCodes": { "type": "boolean", "default": false }, - "AgentNoProxy": { "type": "boolean", "default": false }, - "GeoLocation": { "type": "boolean", "default": false }, - "novnc": { "type": "boolean", "default": true }, - "mstsc": { - "type": "boolean", - "default": false - }, - "CustomUI": { "type": "object" }, - "ConsentMessages": { - "type": "object", - "additionalProperties": false, - "properties": { - "Title": { "type": "string" }, - "Desktop": { "type": "string" }, - "Terminal": { "type": "string" }, - "Files": { "type": "string" } - } - }, - "NotificationMessages": { - "type": "object", - "additionalProperties": false, - "properties": { - "Title": { "type": "string" }, - "Desktop": { "type": "string" }, - "Terminal": { "type": "string" }, - "Files": { "type": "string" } - } - }, - "UserAllowedIP": { "type": "string" }, - "UserBlockedIP": { "type": "string" }, - "AgentAllowedIP": { "type": "string" }, - "AgentBlockedIP": { "type": "string" }, - "UserSessionIdleTimeout": { "type": "integer" }, - "UserConsentFlags": { "type": "integer" }, - "UrlSwitching": { "type": "boolean" }, - "DesktopPrivacyBarText": { "type": "string" }, - "Limits": { - "type": "object", - "properties": { - "MaxDevices": { "type": "integer" }, - "MaxUserAccounts": { "type": "integer" }, - "MaxUserSessions": { "type": "integer" }, - "MaxAgentSessions": { "type": "integer" }, - "MaxSingleUserSessions": { "type": "integer" } - } - }, - "AmtAcmActivation": { - "type": "object", - "properties": { - "log": { "type": "string" }, - "certs": { - "type": "object", - "additionalProperties": { - "type": "object", - "properties": { - "certfiles": { "type": "array", "items": [ { "type": "string" } ] }, - "keyfile": { "type": "string" } - }, - "required": [ "certfiles", "keyfile" ] - } - } - } - }, - "Redirects": { - "type": "object", - "additionalProperties": { "type": "string" } - }, - "Yubikey": { - "type": "object", - "properties": { - "id": { "type": "string" }, - "secret": { "type": "string" }, - "proxy": { "type": "string" } - }, - "required": [ "id", "secret" ] - }, - "AgentConfig": { - "type": "array", - "items": [ { "type": "string" } ] - }, - "SessionRecording": { - "type": "object", - "properties": { - "filepath": { "type": "string" }, - "index": { "type": "boolean", "default": false }, - "maxRecordings": { "type": "integer" }, - "maxRecordingSizeMegabytes": { "type": "integer" }, - "protocols": { - "type": "array", - "items": [ { "type": "integer" } ] - } - }, - "required": [ "protocols" ] - }, - "AuthStrategies": { - "type": "object", - "additionalProperties": false, - "properties": { - "twitter": { + "items": { + "type": "object", + "properties": { + "title": { "type": "string" }, + "title2": { "type": "string" }, + "titlePicture": { "type": "string" }, + "userQuota": { "type": "integer" }, + "meshQuota": { "type": "integer" }, + "minify": { "type": "boolean", "default": false, "description": "When enabled, the server will send reduced sided web pages." }, + "newAccounts": { "type": "boolean" }, + "newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, + "userNameIsEmail": { "type": "boolean", "default": false, "description": "When enabled, the username of each account is also the email address of the account." }, + "newAccountEmailDomains": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, + "newAccountsRights": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, + "welcomeText": { "type": "string" }, + "welcomePicture": { "type": "string" }, + "hide": { "type": "integer" }, + "footer": { "type": "string" }, + "certUrl": { "type": "string", "format": "uri" }, + "passwordRequirements": { + "type": "object", + "properties": { + "min": { "type": "integer" }, + "max": { "type": "integer" }, + "upper": { "type": "integer" }, + "lower": { "type": "integer" }, + "numeric": { "type": "integer" }, + "nonalpha": { "type": "integer" }, + "reset": { "type": "integer" }, + "force2factor": { "type": "boolean" }, + "skip2factor": { "type": "string" } + } + }, + "agentInviteCodes": { "type": "boolean", "default": false }, + "agentNoProxy": { "type": "boolean", "default": false }, + "geoLocation": { "type": "boolean", "default": false }, + "novnc": { "type": "boolean", "default": true }, + "mstsc": { "type": "boolean", "default": false }, + "customUI": { "type": "object" }, + "consentMessages": { + "type": "object", + "additionalProperties": false, + "properties": { + "Title": { "type": "string" }, + "Desktop": { "type": "string" }, + "Terminal": { "type": "string" }, + "Files": { "type": "string" } + } + }, + "notificationMessages": { + "type": "object", + "additionalProperties": false, + "properties": { + "Title": { "type": "string" }, + "Desktop": { "type": "string" }, + "Terminal": { "type": "string" }, + "Files": { "type": "string" } + } + }, + "userAllowedIP": { "type": "string" }, + "userBlockedIP": { "type": "string" }, + "agentAllowedIP": { "type": "string" }, + "agentBlockedIP": { "type": "string" }, + "userSessionIdleTimeout": { "type": "integer" }, + "userConsentFlags": { "type": "integer" }, + "urlSwitching": { "type": "boolean" }, + "desktopPrivacyBarText": { "type": "string" }, + "limits": { + "type": "object", + "additionalProperties": false, + "properties": { + "MaxDevices": { "type": "integer" }, + "MaxUserAccounts": { "type": "integer" }, + "MaxUserSessions": { "type": "integer" }, + "MaxAgentSessions": { "type": "integer" }, + "MaxSingleUserSessions": { "type": "integer" } + } + }, + "amtAcmActivation": { + "type": "object", + "additionalProperties": false, + "properties": { + "log": { "type": "string" }, + "certs": { + "type": "object", + "additionalProperties": { "type": "object", "additionalProperties": false, "properties": { - "callbackurl": { "type": "string", "format": "uri" }, - "newAccounts": { "type": "boolean" }, - "newAccountsUserGroups": { "type": "array", "items": [ { "type": "string" } ] }, - "clientid": { "type": "string" }, - "clientsecret": { "type": "string" } + "certfiles": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, + "keyfile": { "type": "string" } }, - "required": [ "clientid", "clientsecret" ] - }, - "google": { - "type": "object", - "properties": { - "callbackurl": { "type": "string", "format": "uri" }, - "newAccounts": { "type": "boolean" }, - "newAccountsUserGroups": { "type": "array", "items": [ { "type": "string" } ] }, - "clientid": { "type": "string" }, - "clientsecret": { "type": "string" } - }, - "required": [ "clientid", "clientsecret" ] - }, - "github": { - "type": "object", - "properties": { - "callbackurl": { "type": "string", "format": "uri" }, - "newAccounts": { "type": "boolean" }, - "newAccountsUserGroups": { "type": "array", "items": [ { "type": "string" } ] }, - "clientid": { "type": "string" }, - "clientsecret": { "type": "string" } - }, - "required": [ "clientid", "clientsecret" ] - }, - "reddit": { - "type": "object", - "properties": { - "callbackurl": { "type": "string", "format": "uri" }, - "newAccounts": { "type": "boolean" }, - "newAccountsUserGroups": { "type": "array", "items": [ { "type": "string" } ] }, - "clientid": { "type": "string" }, - "clientsecret": { "type": "string" } - }, - "required": [ "clientid", "clientsecret" ] - }, - "azure": { - "type": "object", - "properties": { - "callbackurl": { "type": "string", "format": "uri" }, - "newAccounts": { "type": "boolean" }, - "newAccountsUserGroups": { "type": "array", "items": [ { "type": "string" } ] }, - "clientid": { "type": "string" }, - "clientsecret": { "type": "string" }, - "tenantid": { "type": "string" } - }, - "required": [ "clientid", "clientsecret", "tenantid" ] - }, - "jumpcloud": { - "type": "object", - "properties": { - "callbackurl": { "type": "string", "format": "uri" }, - "newAccounts": { "type": "boolean" }, - "newAccountsUserGroups": { "type": "array", "items": [ { "type": "string" } ] }, - "entityid": { "type": "string" }, - "idpurl": { "type": "string" }, - "cert": { "type": "string" } - }, - "required": [ "entityid", "idpurl", "cert" ] - }, - "saml": { - "type": "object", - "properties": { - "callbackurl": { "type": "string", "format": "uri" }, - "disableRequestedAuthnContext": { "type": "boolean" }, - "newAccounts": { "type": "boolean" }, - "newAccountsUserGroups": { "type": "array", "items": [ { "type": "string" } ] }, - "newAccountsRights": { "type": "array", "items": [ { "type": "string" } ] }, - "entityid": { "type": "string" }, - "idpurl": { "type": "string" }, - "cert": { "type": "string" } - }, - "required": [ "entityid", "idpurl", "cert" ] + "required": [ "certfiles", "keyfile" ] } } + }, + "required": [ "certs" ] + }, + "redirects": { + "type": "object", + "additionalProperties": { "type": "string" } + }, + "yubikey": { + "type": "object", + "additionalProperties": false, + "properties": { + "id": { "type": "string" }, + "secret": { "type": "string" }, + "proxy": { "type": "string", "format": "uri" } + }, + "required": [ "id", "secret" ] + }, + "httpHeaders": { "type": "object", "additionalProperties": { "type": "string" } }, + "agentConfig": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, + "sessionRecording": { + "type": "object", + "additionalProperties": false, + "properties": { + "filepath": { "type": "string" }, + "index": { "type": "boolean", "default": false }, + "maxRecordings": { "type": "integer" }, + "maxRecordingSizeMegabytes": { "type": "integer" }, + "protocols": { "type": "array", "uniqueItems": true, "items": { "type": "integer" } } + }, + "required": [ "protocols" ] + }, + "authStrategies": { + "type": "object", + "additionalProperties": false, + "properties": { + "twitter": { + "type": "object", + "additionalProperties": false, + "properties": { + "callbackurl": { "type": "string", "format": "uri" }, + "newAccounts": { "type": "boolean", "default": false }, + "newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, + "clientid": { "type": "string" }, + "clientsecret": { "type": "string" } + }, + "required": [ "clientid", "clientsecret" ] + }, + "google": { + "type": "object", + "properties": { + "callbackurl": { "type": "string", "format": "uri" }, + "newAccounts": { "type": "boolean", "default": false }, + "newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, + "clientid": { "type": "string" }, + "clientsecret": { "type": "string" } + }, + "required": [ "clientid", "clientsecret" ] + }, + "github": { + "type": "object", + "properties": { + "callbackurl": { "type": "string", "format": "uri" }, + "newAccounts": { "type": "boolean", "default": false }, + "newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, + "clientid": { "type": "string" }, + "clientsecret": { "type": "string" } + }, + "required": [ "clientid", "clientsecret" ] + }, + "reddit": { + "type": "object", + "properties": { + "callbackurl": { "type": "string", "format": "uri" }, + "newAccounts": { "type": "boolean", "default": false }, + "newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, + "clientid": { "type": "string" }, + "clientsecret": { "type": "string" } + }, + "required": [ "clientid", "clientsecret" ] + }, + "azure": { + "type": "object", + "properties": { + "callbackurl": { "type": "string", "format": "uri" }, + "newAccounts": { "type": "boolean", "default": false }, + "newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, + "clientid": { "type": "string" }, + "clientsecret": { "type": "string" }, + "tenantid": { "type": "string" } + }, + "required": [ "clientid", "clientsecret", "tenantid" ] + }, + "jumpcloud": { + "type": "object", + "properties": { + "callbackurl": { "type": "string", "format": "uri" }, + "newAccounts": { "type": "boolean", "default": false }, + "newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, + "entityid": { "type": "string" }, + "idpurl": { "type": "string", "format": "uri" }, + "cert": { "type": "string" } + }, + "required": [ "entityid", "idpurl", "cert" ] + }, + "saml": { + "type": "object", + "properties": { + "callbackurl": { "type": "string", "format": "uri" }, + "disableRequestedAuthnContext": { "type": "boolean" }, + "newAccounts": { "type": "boolean", "default": false }, + "newAccountsUserGroups": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, + "newAccountsRights": { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, + "entityid": { "type": "string" }, + "idpurl": { "type": "string", "format": "uri" }, + "cert": { "type": "string" } + }, + "required": [ "entityid", "idpurl", "cert" ] + } } } } } }, - "letsencrypt": { + "letsEncrypt": { "title" : "Built-in Let's Encrypt support", "description": "If your server has a proper DNS name and it public facing on the Internet with a public facing HTTP server on port 80, you can get a free TLS certificate.", "type": "object", "additionalProperties": false, "properties": { - "email": { "type": "string", "format": "email" }, + "email": { "type": "string", "format": "email", "description": "Email address of the administrator of this server. Make sure this is a valid email address otherwise the certificate request will fail." }, "names": { "type": "string" }, - "production": { "type": "boolean", "default": false } + "production": { "type": "boolean", "default": false, "description": "By default a test certificate will be obtained from Let's Encrypt. Always start by getting a test certificate and make sure that works before setting this to true and obtaining a production certificaite. Making too many bad requests for a production certificate will get you banned for a long period of time." } }, "required": [ "email", "names" ] }, @@ -381,7 +375,7 @@ }, "smtp": { "title" : "Email server", - "description": "Connects MeshCentral to a email server, allows MeshCentral to send email messages for 2FA or user notification", + "description": "Connects MeshCentral to a email server, allows MeshCentral to send email messages for 2FA or user notification.", "type": "object", "properties": { "host": { "type": "string", "format": "hostname" }, @@ -395,18 +389,30 @@ }, "sms": { "title" : "SMS provider", - "description": "Connects MeshCentral to a SMS text messaging provider, allows MeshCentral to send SMS messages for 2FA or user notification", - "type": "object", - "properties": { - "provider": { "type": "string", "enum": [ "twilio", "plivo" ] }, - "id": { "type": "string" }, - "sid": { "type": "string" }, - "token": { "type": "string" }, - "from": { "type": "string" } - }, - "required": [ "provider", "token", "from" ] + "description": "Connects MeshCentral to a SMS text messaging provider, allows MeshCentral to send SMS messages for 2FA or user notification.", + "oneOf": [ + { + "type": "object", + "properties": { + "provider": { "type": "string", "enum": [ "twilio" ] }, + "sid": { "type": "string" }, + "auth": { "type": "string" }, + "from": { "type": "string" } + }, + "required": [ "provider", "sid", "auth", "from" ] + }, + { + "type": "object", + "properties": { + "provider": { "type": "string", "enum": [ "plivo" ] }, + "id": { "type": "string" }, + "token": { "type": "string" }, + "from": { "type": "string" } + }, + "required": [ "provider", "id", "token", "from" ] + } + ] } }, "required": [ "settings", "domains" ] } - diff --git a/sample-config-advanced.json b/sample-config-advanced.json index 46e95c21..51141aa8 100644 --- a/sample-config-advanced.json +++ b/sample-config-advanced.json @@ -2,127 +2,127 @@ "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json", "__comment__": "This is a sample configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.", "settings": { - "_Cert": "myserver.mydomain.com", - "_MongoDb": "mongodb://127.0.0.1:27017", - "_MongoDbName": "meshcentral", - "_MongoDbChangeStream": true, - "_MongoDumpPath": "C:\\Program Files\\MongoDB\\Server\\4.2\\bin\\mongodump.exe", + "_cert": "myserver.mydomain.com", + "_mongoDb": "mongodb://127.0.0.1:27017", + "_mongoDbName": "meshcentral", + "_mongoDbChangeStream": true, + "_mongoDumpPath": "C:\\Program Files\\MongoDB\\Server\\4.2\\bin\\mongodump.exe", "_WANonly": true, "_LANonly": true, - "_SessionTime": 30, - "_SessionKey": "MyReallySecretPassword1", - "_SessionSameSite": "strict", - "_DbEncryptKey": "MyReallySecretPassword2", - "_DbRecordsEncryptKey": "MyReallySecretPassword", - "_DbRecordsDecryptKey": "MyReallySecretPassword", - "__DbExpire": "Amount of time to keep various events in the database, in seconds. Below are the default values.", - "_DbExpire": { + "_sessionTime": 30, + "_sessionKey": "MyReallySecretPassword1", + "_sessionSameSite": "strict", + "_dbEncryptKey": "MyReallySecretPassword2", + "_dbRecordsEncryptKey": "MyReallySecretPassword", + "_dbRecordsDecryptKey": "MyReallySecretPassword", + "__dbExpire": "Amount of time to keep various events in the database, in seconds. Below are the default values.", + "_dbExpire": { "events": 1728000, "powerevents": 864000, "statsevents": 2592000 }, - "_Port": 443, - "_PortBind": "127.0.0.1", - "_AliasPort": 444, - "_RedirPort": 80, - "_RedirPortBind": "127.0.0.1", - "_RedirAliasPort": 80, - "_AgentPort": 1234, - "_AgentPortBind": "127.0.0.1", - "_AgentAliasPort": 1234, - "_AgentAliasDNS": "agents.myserver.mydomain.com", - "_AgentPortTls": true, - "_ExactPorts": true, - "_AllowLoginToken": true, - "_AllowFraming": true, - "_CookieIpCheck": false, - "_CookieEncoding": "hex", - "_WebRTC": false, - "_Nice404": false, - "_ClickOnce": false, - "_SelfUpdate": true, - "_BrowserPing": 60, - "_BrowserPong": 60, - "_AgentPing": 60, - "_AgentPong": 60, - "_AgentIdleTimeout": 150, - "_MeshErrorLogPath": "c:\\tmp", - "_NpmPath": "c:\\npm.exe", - "_NpmProxy": "http://1.2.3.4:80", - "_AllowHighQualityDesktop": true, - "_DesktopMultiplex": true, - "_UserAllowedIP": "127.0.0.1,192.168.1.0/24", - "_UserBlockedIP": "127.0.0.1,::1,192.168.0.100", - "_AgentAllowedIP": "192.168.0.100/24", - "_AgentBlockedIP": "127.0.0.1,::1", - "_AuthLog": "c:\\temp\\auth.log", - "_ManageAllDeviceGroups": [ "user//admin" ], - "_ManageCrossDomain": [ "user//admin" ], - "_LocalDiscovery": { + "port": 443, + "_portBind": "127.0.0.1", + "aliasPort": 444, + "_redirPort": 80, + "_redirPortBind": "127.0.0.1", + "_redirAliasPort": 80, + "_agentPort": 1234, + "_agentPortBind": "127.0.0.1", + "_agentAliasPort": 1234, + "_agentAliasDNS": "agents.myserver.mydomain.com", + "_agentPortTls": true, + "_exactPorts": true, + "_allowLoginToken": true, + "_allowFraming": true, + "_cookieIpCheck": false, + "_cookieEncoding": "hex", + "_webRTC": false, + "_nice404": false, + "_clickOnce": false, + "_selfUpdate": true, + "_browserPing": 60, + "_browserPong": 60, + "_agentPing": 60, + "_agentPong": 60, + "_agentIdleTimeout": 150, + "_meshErrorLogPath": "c:\\tmp", + "_npmPath": "c:\\npm.exe", + "_npmProxy": "http://1.2.3.4:80", + "_allowHighQualityDesktop": true, + "_desktopMultiplex": true, + "_userAllowedIP": "127.0.0.1,192.168.1.0/24", + "_userBlockedIP": "127.0.0.1,::1,192.168.0.100", + "_agentAllowedIP": "192.168.0.100/24", + "_agentBlockedIP": "127.0.0.1,::1", + "_authLog": "c:\\temp\\auth.log", + "_manageAllDeviceGroups": [ "user//admin" ], + "_manageCrossDomain": [ "user//admin" ], + "_localDiscovery": { "name": "Local server name", "info": "Information about this server" }, - "_TlsOffload": "127.0.0.1,::1", - "_TrustedProxy": "127.0.0.1,::1", - "_MpsPort": 44330, - "_MpsPortBind": "127.0.0.1", - "_MpsAliasPort": 4433, - "_MpsAliasHost": "mps.mydomain.com", - "_MpsTlsOffload": true, - "_No2FactorAuth": true, - "_Log": "main,web,webrequest,cert", + "_rlsOffload": "127.0.0.1,::1", + "_rrustedProxy": "127.0.0.1,::1", + "_mpsPort": 44330, + "_mpsPortBind": "127.0.0.1", + "_mpsAliasPort": 4433, + "_mpsAliasHost": "mps.mydomain.com", + "_mpsTlsOffload": true, + "_no2FactorAuth": true, + "_log": "main,web,webrequest,cert", "_syslog": "meshcentral", "_syslogauth": "meshcentral-auth", "_syslogjson": "meshcentral-json", - "_WebRtConfig": { + "_webrtcConfig": { "iceServers": [ { "urls": "stun:stun.services.mozilla.com" }, { "urls": "stun:stun.l.google.com:19302" } ] }, - "_AutoBackup": { + "_autoBackup": { "backupIntervalHours": 24, "keepLastDaysBackup": 10, "zipPassword": "MyReallySecretPassword3", "_backupPath": "C:\\backups" }, - "_Redirects": { + "_redirects": { "meshcommander": "https://www.meshcommander.com/" }, - "__MaxInvalidLogin": "Time in minutes, max amount of bad logins from a source IP in the time before logins are rejected.", - "_MaxInvalidLogin": { + "__maxInvalidLogin": "Time in minutes, max amount of bad logins from a source IP in the time before logins are rejected.", + "_maxInvalidLogin": { "time": 10, "count": 10, "coolofftime": 10 }, - "_Plugins": { "enabled": true } + "_plugins": { "enabled": true } }, "_domaindefaults": { "__comment__": "Any settings in this section is used as default setting for all domains", - "Title": "MyDefaultTitle", - "Footer": "Default page footer", - "NewAccounts": false + "title": "MyDefaultTitle", + "footer": "Default page footer", + "newAccounts": false }, "_domains": { "": { - "Title": "MyServer", - "Title2": "Servername", - "_TitlePicture": "title-sample.png", - "_UserQuota": 1048576, - "_MeshQuota": 248576, - "Minify": true, - "_NewAccounts": true, - "_NewAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], - "_UserNameIsEmail": true, - "_NewAccountEmailDomains": [ "sample.com" ], - "_NewAccountsRights": [ "nonewgroups", "notools" ], - "_WelcomeText": "Sample Text on Login Page.", - "_WelcomePicture": "mainwelcome.jpg", - "___Hide__": "Sum of: 1 = Hide header, 2 = Hide tab, 4 = Hide footer, 8 = Hide title, 16 = Hide left bar", - "_Hide": 4, - "_Footer": "Twitter", - "_CertUrl": "https://192.168.2.106:443/", - "_PasswordRequirements": { + "title": "MyServer", + "title2": "Servername", + "_titlePicture": "title-sample.png", + "_userQuota": 1048576, + "_meshQuota": 248576, + "minify": true, + "_newAccounts": true, + "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ], + "_userNameIsEmail": true, + "_newAccountEmailDomains": [ "sample.com" ], + "_newAccountsRights": [ "nonewgroups", "notools" ], + "_welcomeText": "Sample Text on Login Page.", + "_welcomePicture": "mainwelcome.jpg", + "___hide__": "Sum of: 1 = Hide header, 2 = Hide tab, 4 = Hide footer, 8 = Hide title, 16 = Hide left bar", + "_hide": 4, + "_footer": "Twitter", + "_certUrl": "https://192.168.2.106:443/", + "_passwordRequirements": { "min": 8, "max": 128, "upper": 1, @@ -133,41 +133,41 @@ "force2factor": true, "skip2factor": "127.0.0.1,192.168.2.0/24" }, - "_AgentInviteCodes": true, - "_AgentNoProxy": true, - "_GeoLocation": true, + "_agentInviteCodes": true, + "_agentNoProxy": true, + "_geoLocation": true, "_novnc": false, "_mstsc": true, "_consentMessages": { - "Title": "MeshCentral", - "Desktop": "{0} requesting remote desktop access. Grant access?", - "Terminal": "{0} requesting remote terminal access. Grant access?", - "Files": "{0} requesting remote files access. Grant access?" + "title": "MeshCentral", + "desktop": "{0} requesting remote desktop access. Grant access?", + "terminal": "{0} requesting remote terminal access. Grant access?", + "files": "{0} requesting remote files access. Grant access?" }, "_notificationMessages": { - "Title": "MeshCentral", - "Desktop": "{0} started a remote desktop session.", - "Terminal": "{0} started a remote terminal session.", - "Files": "{0} started a remote files session." + "title": "MeshCentral", + "desktop": "{0} started a remote desktop session.", + "terminal": "{0} started a remote terminal session.", + "files": "{0} started a remote files session." }, - "_UserAllowedIP": "127.0.0.1,192.168.1.0/24", - "_UserBlockedIP": "127.0.0.1,::1,192.168.0.100", - "_AgentAllowedIP": "192.168.0.100/24", - "_AgentBlockedIP": "127.0.0.1,::1", - "___UserSessionIdleTimeout__": "Number of user idle minutes before auto-disconnect", - "_UserSessionIdleTimeout": 30, - "__UserConsentFlags__": "Set to: 1 for desktop, 2 for terminal, 3 for files, 7 for all", - "_UserConsentFlags": 7, - "_UrlSwitching": false, - "_DesktopPrivacyBarText": "Your privacy bar message", - "_Limits": { - "_MaxDevices": 100, - "_MaxUserAccounts": 100, - "_MaxUserSessions": 100, - "_MaxAgentSessions": 100, - "MaxSingleUserSessions": 10 + "_userAllowedIP": "127.0.0.1,192.168.1.0/24", + "_userBlockedIP": "127.0.0.1,::1,192.168.0.100", + "_agentAllowedIP": "192.168.0.100/24", + "_agentBlockedIP": "127.0.0.1,::1", + "___userSessionIdleTimeout__": "Number of user idle minutes before auto-disconnect", + "_userSessionIdleTimeout": 30, + "__userConsentFlags__": "Set to: 1 for desktop, 2 for terminal, 3 for files, 7 for all", + "_userConsentFlags": 7, + "_urlSwitching": false, + "_desktopPrivacyBarText": "Your privacy bar message", + "_limits": { + "_maxDevices": 100, + "_maxUserAccounts": 100, + "_maxUserSessions": 100, + "_maxAgentSessions": 100, + "maxSingleUserSessions": 10 }, - "_AmtAcmActivation": { + "_amtAcmActivation": { "log": "amtactivation.log", "certs": { "mycertname": { @@ -176,7 +176,7 @@ } } }, - "_Redirects": { + "_redirects": { "meshcommander": "https://www.meshcommander.com/" }, "_yubikey": { @@ -184,13 +184,13 @@ "secret": "xxxxxxxxxxxxxxxxxxxxx", "_proxy": "http://myproxy.domain.com:80" }, - "_httpheaders": { + "_httpHeaders": { "Strict-Transport-Security": "max-age=360000", "x-frame-options": "SAMEORIGIN", "Content-Security-Policy": "default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-src 'self'; media-src 'self'" }, "_agentConfig": [ "webSocketMaskOverride=1" ], - "_SessionRecording": { + "_sessionRecording": { "_filepath": "C:\\temp", "_index": true, "_maxRecordings": 10, @@ -257,17 +257,17 @@ } }, "_customer1": { - "_DNS": "customer1.myserver.com", - "_Title": "Customer1", - "_Title2": "TestServer", - "_NewAccounts": 1, - "_Auth": "sspi", - "__Auth": "ldap", + "_dns": "customer1.myserver.com", + "_title": "Customer1", + "_title2": "TestServer", + "_newAccounts": 1, + "_auth": "sspi", + "__auth": "ldap", "_LDAPUserName": "gecos", "_LDAPUserKey": "uid", "_LDAPUserEmail": "otherMail", "_LDAPPptions": { - "URL": "test", + "url": "test", "anne": { "gecos": "Anne O'Nyme", "displayName": "O Nyme anne", @@ -292,8 +292,8 @@ "SearchBase": "DC=meshcentral,DC=local", "SearchFilter": "(sAMAccountName={{username}})" }, - "_Footer": "Test", - "_CertUrl": "https://192.168.2.106:443/" + "_footer": "Test", + "_certUrl": "https://192.168.2.106:443/" }, "_info": { "_share": "C:\\ExtraWebSite" diff --git a/sample-config.json b/sample-config.json index 3df3edb9..5affe3b2 100644 --- a/sample-config.json +++ b/sample-config.json @@ -3,22 +3,22 @@ "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.", "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.", "settings": { - "_Cert": "myserver.mydomain.com", + "_cert": "myserver.mydomain.com", "_WANonly": true, "_LANonly": true, - "_SessionKey": "MyReallySecretPassword1", - "_Port": 443, - "_AliasPort": 443, - "_RedirPort": 80, - "_RedirAliasPort": 80 + "_sessionKey": "MyReallySecretPassword1", + "_port": 443, + "_aliasPort": 443, + "_redirPort": 80, + "_redirAliasPort": 80 }, "domains": { "": { - "_Title": "MyServer", - "_Title2": "Servername", - "_Minify": true, - "_NewAccounts": true, - "_UserNameIsEmail": true + "_title": "MyServer", + "_title2": "Servername", + "_minify": true, + "_newAccounts": true, + "_userNameIsEmail": true } }, "_letsencrypt": {