diff --git a/docker/config.json.template b/docker/config.json.template index 16c03fa7..e463ef4c 100644 --- a/docker/config.json.template +++ b/docker/config.json.template @@ -2,6 +2,7 @@ "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json", "settings": { "plugins":{"enabled": false}, + "_mongoDb": null, "cert": "myserver.mydomain.com", "_WANonly": true, "_LANonly": true, @@ -17,20 +18,20 @@ "WebRTC": false }, "domains": { - "": { - "_title": "MyServer", - "_title2": "Servername", - "minify": true, - "NewAccounts": true, - "localSessionRecording": false, - "_userNameIsEmail": true, - "_certUrl": "my.reverse.proxy" - } + "": { + "_title": "MyServer", + "_title2": "Servername", + "minify": true, + "NewAccounts": true, + "localSessionRecording": false, + "_userNameIsEmail": true, + "_certUrl": "my.reverse.proxy" + } }, "_letsencrypt": { "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>", "_email": "myemail@mydomain.com", "_names": "myserver.mydomain.com", - "production": false + "production": false } } \ No newline at end of file diff --git a/docker/readme.md b/docker/readme.md index d3802299..485e63b5 100644 --- a/docker/readme.md +++ b/docker/readme.md @@ -2,32 +2,132 @@ # How to create a docker image for meshcentral ``` -git clone https://github.com/Ylianst/MeshCentral.git -cd MeshCentral/docker -docker build -t meshcentral . +> git clone https://github.com/Ylianst/MeshCentral.git +> cd MeshCentral + +> docker build -f docker/Dockerfile --force-rm -t meshcentral . + +# (optional) cleanup after docker build: +> cd .. +> rm -rf MeshCentral/ ``` -docker-compose.yml example: +> | Argument | Description | +> | :--- | :--- | +> | -f docker/Dockerfile | Path/Name of the Dockerfile | +> | --force-rm | Always remove intermediate containers | +> | -t meshcentral | Name and optionally a tag in the 'name:tag' format | + +# Create folder-structure and files + +``` +| - meshcentral/ # this folder contains the persistent data + | - data/ # MeshCentral data-files + | - user_files/ # where file uploads for users live + | - web/ # location for site customization files + | - backup/ # location for the meshcentral-backups +| - .env # environment file with initial variables +| - docker-compose.yml +``` + +# Templates: +## .env: +```ini +NODE_ENV=production + +# initial mongodb-variables +MONGO_INITDB_ROOT_USERNAME=mongodbadmin +MONGO_INITDB_ROOT_PASSWORD=mongodbpasswd + +# initial meshcentral-variables +# the following options are only used if no config.json exists in the data-folder + +# your hostname +HOSTNAME=my.domain.com +USE_MONGODB=false +# set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy +REVERSE_PROXY=false +REVERSE_PROXY_TLS_PORT= +# set to true if you wish to enable iframe support +IFRAME=false +# set to false if you want disable self-service creation of new accounts besides the first (admin) +ALLOW_NEW_ACCOUNTS=true +# set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution +WEBRTC=false +# set to true to allow plugins +ALLOWPLUGINS=false +# set to true to allow session recording +LOCALSESSIONRECORDING=false +# set to enable or disable minification of json, reduces traffic +MINIFY=true +``` + +## docker-compose.yml: ```yaml version: '3' + services: - meshcentral: - restart: always - container_name: meshcentral - image: einar/meshcentral - ports: - - 8086:443 #MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs - environment: - - HOSTNAME=my.domain.com #your hostname - - REVERSE_PROXY=false #set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy - - REVERSE_PROXY_TLS_PORT= - - IFRAME=false #set to true if you wish to enable iframe support - - ALLOW_NEW_ACCOUNTS=true #set to false if you want disable self-service creation of new accounts besides the first (admin) - - WEBRTC=false #set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution - - ALLOWPLUGINS=false #set to true to allow plugins - - LOCALSESSIONRECORDING=false # set to true to allow session recording - - MINIFY=true #set to enable or disable minification of json, reduces traffic - volumes: - - ./meshcentral/data:/opt/meshcentral/meshcentral-data #config.json and other important files live here. A must for data persistence - - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files #where file uploads for users live + meshcentral: + restart: always + container_name: meshcentral + image: meshcentral + ports: + # MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs + - 8086:443 + env_file: + - .env + volumes: + # config.json and other important files live here. A must for data persistence + - ./meshcentral/data:/opt/meshcentral/meshcentral-data + # where file uploads for users live + - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files + # location for the meshcentral-backups - this should be mounted to an external storage + - ./meshcentral/backup:/opt/meshcentral/meshcentral-backup + # location for site customization files + - ./meshcentral/web:/opt/meshcentral/meshcentral-web +``` + +## docker-compose.yml mongodb: +```yaml +version: '3' + +networks: + meshcentral-tier: + driver: bridge + +services: + mongodb: + restart: always + container_name: mongodb + image: mongo:latest + env_file: + - .env + volumes: + # mongodb data-directory - A must for data persistence + - ./meshcentral/mongodb_data:/data/db + networks: + - meshcentral-tier + + meshcentral: + restart: always + container_name: meshcentral + image: meshcentral + depends_on: + - mongodb + ports: + # MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs + - 8086:443 + env_file: + - .env + volumes: + # config.json and other important files live here. A must for data persistence + - ./meshcentral/data:/opt/meshcentral/meshcentral-data + # where file uploads for users live + - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files + # location for the meshcentral-backups - this should be mounted to an external storage + - ./meshcentral/backup:/opt/meshcentral/meshcentral-backup + # location for site customization files + - ./meshcentral/web:/opt/meshcentral/meshcentral-web + networks: + - meshcentral-tier ``` diff --git a/docker/startup.sh b/docker/startup.sh index 54784772..62b14c47 100644 --- a/docker/startup.sh +++ b/docker/startup.sh @@ -8,12 +8,18 @@ export REVERSE_PROXY_TLS_PORT export IFRAME export ALLOW_NEW_ACCOUNTS export WEBRTC +export MONGO_INITDB_ROOT_USERNAME +export MONGO_INITDB_ROOT_PASSWORD +export USE_MONGODB if [ -f "meshcentral-data/config.json" ] then node meshcentral/meshcentral else cp config.json.template meshcentral-data/config.json + if [ $USE_MONGODB == true ]; then + sed -i "s/\"_mongoDb\": null/\"mongoDb\": \"mongodb:\/\/$MONGO_INITDB_ROOT_USERNAME:$MONGO_INITDB_ROOT_PASSWORD@mongodb:27017\"/" meshcentral-data/config.json + fi sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/config.json sed -i "s/\"NewAccounts\": true/\"NewAccounts\": \"$ALLOW_NEW_ACCOUNTS\"/" meshcentral-data/config.json sed -i "s/\"enabled\": false/\"enabled\": \"$ALLOWPLUGINS\"/" meshcentral-data/config.json