Froz
/
docker_deployment_notes
mirror of https://github.com/StarWhiz/docker_deployment_notes.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fixed all Caddyfile entries to be Tabs not spaces. Added Meshcentral WIP.

master
StarWhiz 4 years ago
parent
7a825395c6
commit
61d0113816
21 changed files with 220 additions and 36 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 29
      meshcentral/Dockerfile
  2. 67
      meshcentral/README.md
  3. 34
      meshcentral/config.json.template
  4. 24
      meshcentral/docker-compose.yml
  5. 30
      meshcentral/startup.sh

29
meshcentral/Dockerfile
Unescape View File

@ -0,0 +1,29 @@
# Filename: Dockerfile
FROM ubuntu:latest
# Disable Prompt During Packages Installation
ARG DEBIAN_FRONTEND=noninteractive
#install dependencies
RUN apt-get update && apt-get install -y nodejs npm nano && rm -rf /var/lib/apt/lists/*
#Add non-root user, add installation directories and assign proper permissions
RUN mkdir -p /opt/meshcentral
#meshcentral installation
WORKDIR /opt/meshcentral
RUN npm install meshcentral
COPY config.json.template /opt/meshcentral/config.json.template
COPY startup.sh startup.sh
#environment variables
EXPOSE 80 4430
#volumes
VOLUME /opt/meshcentral/meshcentral-data
VOLUME /opt/meshcentral/meshcentral-files
CMD ["bash","/opt/meshcentral/startup.sh"]

67
meshcentral/README.md
Unescape View File

@ -0,0 +1,67 @@
### Introduction
THIS IS A WIP DO NOT USE...
### Minimum File Structure
```
/home/
└── ~/
└── docker/
└── meshcentral/
├── config.json.template
├── docker-compose.yml
└── Dockerfile
└── startup.sh
```
You will need the files in this GitHubs folder to build the meshcentral image and deploy it.
### Add to Caddyfile (from ~/docker/caddy)
Remember to `docker exec -w /etc/caddy caddy caddy reload` after editing your Caddyfile.
The `tls_insecure_skip_verify` line is not recommemded. This tutorial is a WIP until I figure out how
to get caddy to work with meshcentral without the `tls_insecure_skip_verify` line.
```
meshcentral.joindigital.com {
tls /certs/cert.pem /certs/key.pem
reverse_proxy meshcentral:4430 {
header_up Host {http.reverse_proxy.upstream.hostport}
header_up X-Real-IP {http.request.remote}
header_up X-Forwarded-For {http.request.remote}
transport http {
tls_insecure_skip_verify
}
}
}
```
### docker-compose.yml
Replace YOURDOMAIN.com with your actual domain.
```
version: '3'
services:
meshcentral:
restart: unless-stopped
container_name: meshcentral
build: .
# ports:
# - 4430:4430 #I Used 4430 because caddy v2 doesn't play well with a container using port 443. Can change 4430 to something else in the environment var CONTAINER_PORT below
environment:
- HOSTNAME=meshcentral.YOURDOMAIN.com
- CONTAINER_PORT=4430
- REVERSE_PROXY=YOURDOMAIN.com
- REVERSE_PROXY_TLS_PORT=443
- IFRAME=false
- ALLOW_NEW_ACCOUNTS=true
- WEBRTC=true
volumes:
- ./data:/opt/meshcentral/meshcentral-data #config.json and other important files live here. A must for data persistence
- ./user_files:/opt/meshcentral/meshcentral-files #where file uploads for users live
networks:
default:
external:
name: caddy_net
```

34
meshcentral/config.json.template
Unescape View File

@ -0,0 +1,34 @@
{
"$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
"settings": {
"cert": "myserver.mydomain.com",
"_WANonly": true,
"_LANonly": true,
"_sessionKey": "MyReallySecretPassword1",
"port": 4430,
"_aliasPort": 443,
"redirPort": 80,
"_redirAliasPort": 80,
"AgentPong": 300,
"TLSOffload": false,
"SelfUpdate": false,
"AllowFraming": false,
"WebRTC": false
},
"domains": {
"": {
"_title": "MyServer",
"_title2": "Servername",
"_minify": true,
"NewAccounts": true,
"_userNameIsEmail": true,
"_certUrl": "my.reverse.proxy"
}
},
"_letsencrypt": {
"__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>",
"_email": "myemail@mydomain.com",
"_names": "myserver.mydomain.com",
"production": false
}
}

24
meshcentral/docker-compose.yml
Unescape View File

@ -0,0 +1,24 @@
version: '3'
services:
meshcentral:
restart: unless-stopped
container_name: meshcentral
build: .
# ports:
# - 4430:4430 #I Used 4430 because caddy v2 doesn't play well with a container using port 443. Can change 4430 to something else in the environment var CONTAINER_PORT below
environment:
- HOSTNAME=meshcentral.YOURDOMAIN.com
- CONTAINER_PORT=4430
- REVERSE_PROXY=YOURDOMAIN.com
- REVERSE_PROXY_TLS_PORT=443
- IFRAME=false
- ALLOW_NEW_ACCOUNTS=true
- WEBRTC=true
volumes:
- ./data:/opt/meshcentral/meshcentral-data #config.json and other important files live here. A must for data persistence
- ./user_files:/opt/meshcentral/meshcentral-files #where file uploads for users live
networks:
default:
external:
name: caddy_net

30
meshcentral/startup.sh
Unescape View File

@ -0,0 +1,30 @@
#!/bin/bash
export NODE_ENV=production
export HOSTNAME
export CONTAINER_PORT
export REVERSE_PROXY
export REVERSE_PROXY_TLS_PORT
export IFRAME
export ALLOW_NEW_ACCOUNTS
export WEBRTC
if [ -f "meshcentral-data/config.json" ]
then
node node_modules/meshcentral
else
cp config.json.template meshcentral-data/config.json
sed -i "s_\"port\": 4430_\"port\": $CONTAINER_PORT_" meshcentral-data/config.json
sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/config.json
sed -i "s/\"NewAccounts\": true/\"NewAccounts\": \"$ALLOW_NEW_ACCOUNTS\"/" meshcentral-data/config.json
sed -i "s/\"WebRTC\": false/\"WebRTC\": \"$WEBRTC\"/" meshcentral-data/config.json
sed -i "s/\"AllowFraming\": false/\"AllowFraming\": \"$IFRAME\"/" meshcentral-data/config.json
if [ "$REVERSE_PROXY" != "false" ]
then
sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/config.json
node node_modules/meshcentral
exit
fi
node node_modules/meshcentral --cert "$HOSTNAME"
fi
Write Preview
Loading…
Cancel
Save