search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
4.28k stars 572 forks source link

Can autoBackup ignore self-signed certificate? #4810

Open LordZozzy opened 1 year ago

LordZozzy commented 1 year ago

I'm trying to set up MeshCentral's autobackup to my OwnCloud server through WebDAV. The OC server is set up with a self-signed certificate, and this causes the autobackup command to abort when trying to login to the OC webDAV.

WebDAV (getDirectoryContents) error: Error: self signed certificate image

Can the fact that the WebDAV server's cert is self-signed be ignored by MC? I tried modifying the webserver.js, to no avail. I think this'd be a much needed feature, if not yet implemented.

MC server specs:

Config.json AutoBackup snippet:

 "AutoBackup": {
      "backupIntervalHours": 24,
      "keepLastDaysBackup": 7,
      "webdav": {
        "url": "https://IP_ADDRESS/owncloud/remote.php/webdav",
        "username": "USERNAME",
        "password": "PASSWORD",
        "folderName": "meshcentral_backup",
        "maxFiles": 10
      }
    }
nzalev commented 1 year ago

The webdav library requires some special handling to get it to connect to an endpoint with a self signed certificate. The short answer is at the moment, MeshCentral does not do this.

Longer answer,

When the webdav client is created, there are a number of options that can be passed in. MeshCentral instantiates the client in the following way

const client = createClient(parent.config.settings.autobackup.webdav.url, {
    username: parent.config.settings.autobackup.webdav.username,
    password: parent.config.settings.autobackup.webdav.password
});

Most libraries allow passing in a rejectUnauthorized parameter which can be set false. The webdav library does not handle this, and instead, requires overwriting an HTTPS Agent (https://nodejs.org/api/https.html#https_class_https_agent) which can have the rejectUnauthorized property.

I suspect that this is as simple as adding the the following key to the options object being passed in

httpsAgent: new https.Agent({ rejectUnauthorized: false })

However, I don't have webdav and cannot personally test this.

If you are on the latest version of MeshCentral, and you are feeling adventurous, you can replace line 3076 in db.js

from

            const client = createClient(parent.config.settings.autobackup.webdav.url, { username: parent.config.settings.autobackup.webdav.username, password: parent.config.settings.autobackup.webdav.password });

to


            const client = createClient(parent.config.settings.autobackup.webdav.url, { username: parent.config.settings.autobackup.webdav.username, password: parent.config.settings.autobackup.webdav.password, httpsAgent: new https.Agent({ rejectUnauthorized: false }) });

If you do try it, and it works, let me know. Then, I will create a PR to add an actual config option for it.

si458 commented 1 year ago

@LordZozzy did you still need this implemented? or can i close this issue? we can just add an option into webdav config to say ignoreCert is true, would this help?