search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
4.24k stars 568 forks source link

Customization problems in docker deployment #5923

Closed cfoellmann closed 7 months ago

cfoellmann commented 8 months ago

We run the "official" docker image with an additional domain. I want to customize (templates, images, styles, etc) differently on both domains (main + 2nd domain).

# https://github.com/Ylianst/MeshCentral/tree/master/docker
#
version: '3.7'

networks:
  public:
    external: true

services:
  meshcentral:
    restart: always
    container_name: meshcentral
    image: ghcr.io/ylianst/meshcentral:latest
    ports:
      # MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs
      - "9443:443"
      - "9080:80"
    networks:
      public:
    volumes:
      # config.json and other important files live here. A must for data persistence
      - /var/lib/docker/compose/meshcentral/data:/opt/meshcentral/meshcentral-data
      # where file uploads for users live
      - /var/lib/docker/compose/meshcentral/user_files:/opt/meshcentral/meshcentral-files
      # location for the meshcentral-backups - this should be mounted to an external storage
      - /var/lib/docker/shares/docker_backup/meshcentral:/opt/meshcentral/meshcentral-backups
      # location of source template
      - /var/lib/docker/compose/meshcentral/public:/opt/meshcentral/meshcentral/public
      # Template: RMM
      - /var/lib/docker/compose/meshcentral/web:/opt/meshcentral/meshcentral-web
      # Template: csystems
      - /var/lib/docker/compose/meshcentral/web-csystems:/opt/meshcentral/meshcentral-web-csystems
> showpaths
Parent:     /opt/meshcentral/meshcentral
Data:       /opt/meshcentral/meshcentral-data
Files:      /opt/meshcentral/meshcentral-files
Backup:     /opt/meshcentral/meshcentral-backups
Record:     /opt/meshcentral/meshcentral-recordings
WebPublic:  /opt/meshcentral/meshcentral/public
WebViews:   /opt/meshcentral/meshcentral/views
WebEmails:  /opt/meshcentral/meshcentral/emails
XWebPublic: /opt/meshcentral/meshcentral-web/public
XWebViews:  /opt/meshcentral/meshcentral-web/views
DomainWebPublic: /opt/meshcentral/meshcentral-web-csystems/public

config.json

{
  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
  "settings": {
    "cert": "rmm.domain.com",
    "postgres": {
      "host": "10.1.15.111",
      "user": "postgres",
      "port": 5432,
      "password": "pw",
      "database": "meshcentral"
    },
    "sessionKey": "XXX",
    "port": 444,
    "aliasPort": 443,
    "redirPort": 0,
    "_redirAliasPort": 80,
    "_StrictTransportSecurity": false,
    "AllowFraming": true,
    "WebRTC": false,
    "SelfUpdate": false,
    "browserPong": 30,
    "AgentPing": 30,
    "AgentPong": 30,
    "_webPush": {},
    "desktopMultiplex": false,
    "manageCrossDomain": ["user//z83tdwqvp2ivgchy","user//~saml:foellmann@domain.com"],
    "TLSOffload": "10.1.15.1",
    "trustedProxy": "10.1.15.1",
    "MpsTlsOffload": true,
    "plugins":{
      "enabled": true
    }
  },
  "domains": {
    "": {
      "siteStyle": 2,
      "title": "RMM",
      "title2": "",
      "loginPicture": "logo-login2.png",
      "unknownUserRootRedirect": "https://rmm.domain.com/auth-saml",
      "minify": true,
      "NewAccounts": false,
      "certUrl": "https://10.1.15.1:443",
      "myServer": {
        "Backup": false,
        "Restore": false,
        "Upgrade": false,
        "ErrorLog": true,
        "Console": true,
        "Trace": true
      },
      "novnc": true,
      "mstsc": true,
      "ssh": true,
      "urlSwitching": true,
      "localSessionRecording": false,
      "showPasswordLogin": false,
      "authStrategies": {
        "saml": {
          "_note": "works"
        }
      },
      "smtp": {
        "_note": "works"
      }
    },
    "csystems": {
      "dns": "systems.domain.com",
      "siteStyle": 2,
      "title": "C Systems",
      "title2": "",
      "_titlePicture": "header-csystems_450x66.png",
      "loginPicture": "logo-login2.png",
      "unknownUserRootRedirect": "https://systems.domain.com/auth-saml",
      "minify": false,
      "NewAccounts": false,
      "certUrl": "https://10.1.15.1:443",
      "myServer": {
        "Backup": false,
        "Restore": false,
        "Upgrade": false,
        "ErrorLog": true,
        "Console": true,
        "Trace": true
      },
      "localSessionRecording": false,
      "showPasswordLogin": false,
      "authStrategies": {
        "saml": {
          "_note": "works"
        }
      },
      "smtp": {
        "_note": "works"
      }
    }
  }
}

Moved from #5496

si458 commented 8 months ago

Can u try the master docker image? That's the latest master branch of features/bug fixes, Also can u verify the showpaths output afterwards? As I think the above is different from the other post?

Also can you share the folder structure of /opt/meshcentral/meshcentral-web-csystems?

si458 commented 7 months ago

have you tried the latest release 1.1.22 and see if you still have this issue?

cfoellmann commented 7 months ago

I was about to get back to this issue tomorrow. I just updated to 1.1.22 in docker and my second domain (csystems) "broke" with a 404 page. I will see what that is.

@si458 are you open for a paid debug? So you get something back for all your free help for meshcentral users?

si458 commented 7 months ago

@cfoellmann oh dear thats not good! contact me via email and sure i can help!

cfoellmann commented 7 months ago

@si458 I reverted to 1.1.21 and it comes up normal. So there must be a bug in 1.1.22

si458 commented 7 months ago

1.1.22 did have some changes to do with saml if i remember? https://github.com/Ylianst/MeshCentral/releases/tag/1.1.22 you might need to update your saml config, trying to find the commit/issue about it

EDIT: https://github.com/Ylianst/MeshCentral/pull/5856 - https://ylianst.github.io/MeshCentral/meshcentral/#generic-saml-setup

cfoellmann commented 7 months ago

The issue is about openid not SAML and there seems to be no changes. My main domain works and SAML login works.

I have activated normal password login on my second domain and that works. So SAML is "broken" and the assets are still not split between the domains :-(

si458 commented 7 months ago

i cant understand if BOTH domains use saml, and one works but the other doesnt, how can saml be broken? what about this issue? https://github.com/Ylianst/MeshCentral/issues/4725 im just going to try setup an Authentik server and see what i find

EDIT: what page is getting the 404? the login page? the default page? after login? p.s i did also email you i think :)

cfoellmann commented 7 months ago

The SAML action is initiated through /auth-saml and that one is not working on the second domain -> 404

cfoellmann commented 7 months ago

The issue disappears when switching from DNS to path based for the second domain

si458 commented 7 months ago

ok have fixed the saml issue you was having #6015 ive also verified the customise issue too! its yet again the DNS value causing the issue! remove it and use path format, and works no problems!