search

Typhonragewind / meshcentral-docker

168 stars 46 forks source link

Migration Question? #20

Closed killmasta93 closed 2 years ago

killmasta93 commented 2 years ago

HI I was wondering what would the steps to migrate from a meshcentral VM to a docker?

Thank you

Typhonragewind commented 2 years ago

Without knowing more about your setup, all you should have to do is mount your /opt/meshcentral/meshcentral-data folder in the docker container (see the docker-compose example). This should keep all your settings, and if you already have the configs defined you don't even need to set up any environment variables in the compose. If your setup includes a mongodb then i'm not sure what would be the best way to migrate that.

killmasta93 commented 2 years ago

Thanks im going to test it out and see how it goes

killmasta93 commented 2 years ago

Hi again so instead of migrating im going to start from zero, but currently having a bit trouble on the reverse proxy, This is my NGINX trying to point to my docker currently not sure if i need to point on the reverse proxy to port 8087 which the http or the https 8086 i tried pointing to both and i keep getting 502 bad gateway

Thank you 

   server {

   listen 443 ssl;
         server_name remoto.domain.com;

        ssl_certificate /etc/letsencrypt/live/remoto.domain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/remoto.domain.com/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
       ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
       ssl_stapling_verify on;

location ~ /.well-known {
        root /var/www/letsencrypt;
        allow all;
    }

location / {
proxy_pass http://127.0.0.1:8087/;
proxy_http_version 1.1;
#Allows websockets over HTTPS.
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Inform MeshCentral about the real host, port and protocol
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy timeouts
proxy_send_timeout 330s;
proxy_read_timeout 330s;
    }

        }

and the docker compose file

version: '3'
services:
    mongodb:
        container_name: meshcentral_db
        restart: always
        image: mongo:4.4.6
        expose:
            - 27017
        volumes:
            - '/sci3/remoto/meshcentral/database:/data/db'
    meshcentral:
        restart: always
        container_name: meshcentral
        depends_on:
            - 'mongodb'
        image: typhonragewind/meshcentral
        ports:
            - 8086:443
            - 8087:800
        environment:
            - HOSTNAME=remoto.domain.com    #your hostname
            - REVERSE_PROXY=true     #set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy
            - REVERSE_PROXY_TLS_PORT=443
            - IFRAME=false #set to true if you wish to enable iframe support
            - ALLOW_NEW_ACCOUNTS=true    #set to false if you want disable self-service creation of new accounts besides the first (admin)
            - WEBRTC=false  #set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution
            - NODE_ENV=production
        volumes:
            - /sci3/remoto/meshcentral/data:/opt/meshcentral/meshcentral-data
            - /sci3/remoto/meshcentral/user_files:/opt/meshcentral/meshcentral-files
killmasta93 commented 2 years ago

hi @Typhonragewind i was wondering if you can shed some light been trying to get it working for while but cant seem to get it working

Typhonragewind commented 2 years ago

@killmasta93 I was pretty sure i had answered this, but it seems my mind is going, sorry about that.

There are 2 wrong things that i can see at a glance, in your docker-compose:

  1. This one is my fault, as I had a typo in it, in the ports section it should be "8087:80" instead of "8087:800"
  2. In the environment variable REVERSE_PROXY, you should set it to your reverse proxy IP, not to true
killmasta93 commented 2 years ago

hi @Typhonragewind thank you so much for the reply, currently this is my config the issue is that the reverse proxy is on the host 192.168.3.190 and the docker container is also on 192.168.3.190 when i try to access remoto.domain.com i redirects 127.0.0.1 and when i try to access only http it keeps going to https

Thank you 

version: '3'
services:
    mongodb:
        container_name: meshcentral_db
        restart: always
        image: mongo:4.4.6
        expose:
            - 27017
        volumes:
            - '/sci3/remoto/meshcentral/database:/data/db'
    meshcentral:
        restart: always
        container_name: meshcentral
        depends_on:
            - 'mongodb'
        image: typhonragewind/meshcentral
        ports:
            - 8086:443
            - 8087:80
        environment:
            - HOSTNAME=remoto.domain.com    #your hostname
            - REVERSE_PROXY=192.168.3.190    #set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy
            - REVERSE_PROXY_TLS_PORT=443
            - IFRAME=false #set to true if you wish to enable iframe support
            - ALLOW_NEW_ACCOUNTS=true    #set to false if you want disable self-service creation of new accounts besides the first (admin)
            - WEBRTC=false  #set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution
            - NODE_ENV=production
        volumes:
            - /sci3/remoto/meshcentral/data:/opt/meshcentral/meshcentral-data
            - /sci3/remoto/meshcentral/user_files:/opt/meshcentral/meshcentral-files
Typhonragewind commented 2 years ago

Alright. First of all, did you delete the previous config file after changing the variables in the docker-compose? The way i set it up is that those docker-compose variables are only used to generate the first config file. Second, make sure your reverse proxy port is actually 443 (and you want the container port, not the ouside port)

killmasta93 commented 2 years ago

thank you so much for the reply, correct i deleted the config and the folder which had data, the second part didnt really understand well enough, currently i use NGINX as my reverse proxy running on 443 whats odd is that when i try to access internally the url with 8087 it keeps redirecting to https not sure why

Thank you

Typhonragewind commented 2 years ago

I never used meshcentral on plain http, so I don't know exactly what the problem is. However, i know there are many checks in place to keep it secure, so you probably have a default option somewhere forcing https. See if you can find it in the manual