Closed BobbyHurman closed 10 months ago
Typhonragewind
commented
10 months ago I don't know if you edited the config manually later on, but the certUrl variable should have this syntax: https://192.168.1.222:port (with whatever your proxy internal IP is). I don't have experience with Synology, so i don't know what details of the reverse proxy might be causing issues
BobbyHurman
commented
10 months ago I don't know if you edited the config manually later on, but the certUrl variable should have this syntax: https://192.168.1.222:port (with whatever your proxy internal IP is). I don't have experience with Synology, so i don't know what details of the reverse proxy might be causing issues
Thanks for giving me something to try. I removed the underscore from "_certUrl": "my.reverse.proxy" and entered my internal IP address of my Synology NAS with the port I used to connect to the web interface. Typically it's 5000 for HTTP and 5001 HTTPS. Mine have been changed. It also sounds like the syntax example should read "_certUrl": "https://xxx.xxx.xxx.xxx:port" instead. Is that right?
And should I be using an IP and port syntax for "cert": "my.domain.com", as well?
Should I restore the underscore next to "aliasPort": 443," above? Additionally, change the port number to the one I have set in the container, i.e. 8086, or "aliasPort": 8086,"? I read that underscores comment out that line.
As for my reverse proxy, I created an A Record (Synology refers to them as resource record A) in DNS, with a subdomain that uses my internal Synology IP address. From there, I created a Reverse Proxy using the following configurations:
Source: HTTPS Hostname: subdomain Port: 443 Enabled HSTS
Destination: HTTPS Hostname: Internal IP of Synology NAS Port: 8086 (as specified in Synology's Container Manager > Container > Settings > Port Settings where it requests "Enter available DSM ports in the Local Port field to map the ports with container ports. The ports listed here are the container;s exposed ports."
Those Container Ports are 8086 : 443 TCP 8085 : 80 TCP
All of that said, the change to certUrl did not make those errors go away unfortunately.
BobbyHurman
commented
10 months ago I don't know if you edited the config manually later on, but the certUrl variable should have this syntax: https://192.168.1.222:port (with whatever your proxy internal IP is). I don't have experience with Synology, so i don't know what details of the reverse proxy might be causing issues
I think I've figured it out!
Synology's Container Manager defaults to "Bridge" when creating a Container. When I changed this to "Host" all of the aforementioned warnings went away. I haven't added any environment variables yet, nor have I figured out where the disconnect is when it comes to using "bridge" vs "host" considering the Synology Firewall is off.
If anyone knows why bridge doesn't work, please feel free to shed some light on this. I'd prefer to isolate my containers as it seems to be best practice.
BobbyHurman
commented
10 months ago Okay, now I've figured everything out.
{ "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json", "settings": { "cert": "subdomain.my.domain.com", "_WANonly": true, "_LANonly": true, "sessionKey": "mysessionkey", "port": 8086, "aliasPort": 443, "redirPort": 8085, "redirAliasPort": 80, "AgentPong": 300, "TLSOffload": false, "SelfUpdate": false, "AllowFraming": "", "WebRTC": "true", "AutoBackup": { "backupPath": "/opt/meshcentral/meshcentral-backups", "backupInvervalHours": "", "keepLastDaysBackup": "", "zippassword": "" } }, "domains": { "": { "_title": "MyServer", "_title2": "Servername", "_minify": true, "NewAccounts": "false", "_userNameIsEmail": true, "certUrl": "https://xxx.xxx.xxx.xxx:port" } }, "_letsencrypt": { "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>", "_email": "myemail@mydomain.com", "_names": "myserver.mydomain.com", "production": false } }Hopefully this saves someone else the 10+ hours I spent troubleshooting all of this.
Typhonragewind
commented
10 months ago Glad you figured it out! And thanks for leaving all the details here :)
Hello! I'm pretty new to MeshCentral and Docker. Recently became interested in it while working with a vendor who thought the world of the application. After following all the instructions provided, I still found myself getting errors. They're listed below:
**WARNING: Failed to sign agent MeshCmd64.exe: Error: read ETIMEDOUT
WARNING: Failed to sign agent MeshService.exe: Error: read ETIMEDOUT
WARNING: Failed to sign agent MeshCmd.exe: Error: read ETIMEDOUT
WARNING: Failed to sign agent MeshServiceARM64.exe: Error: read ETIMEDOUT
WARNING: Failed to sign agent MeshCmdARM64.exe: Error: read ETIMEDOUT**
RDP doesn't seem to be working either. I'm in the process of researching that as well. I can connect via the web client, but RDP simply flashes connected/disconnected when attempting to connect.
My setup is as follows:
Thanks for your help!