Open Menethoran opened 1 month ago
Menethoran
commented
1 month ago Additionally, When launching the agent (binary) in Ubuntu, and connecting, the agent shows successful connection, displaying Device Group and the Serve url with a "Disconnect" button below it, however, it still does not display in "My Devices"
Menethoran
commented
1 month ago Actually:
GET
/agent.ashx/.websocket
{"host":"meshcentral.mysite.org","accept-encoding":"gzip, br","cdn-loop":"cloudflare; loops=1","cf-connecting-ip":"70.0.0.73","cf-ipcountry":"US","cf-ray":"8c5b0FAKEc58b-IAD","cf-visitor":"{\"scheme\":\"https\"}","connection":"Upgrade","sec-websocket-key":"oiK9hmkCVuFAKERV5QS5/r2==","sec-websocket-version":"13","upgrade":"websocket","x-forwarded-for":"70.0.0.73, 172.6.5.193","x-forwarded-host":"meshcentral.mysite.org","x-forwarded-port":"443","x-forwarded-proto":"https","x-forwarded-server":"8a11e2c4fa88","x-real-ip":"172.6.5.193"}is displayed in TRACE, again, still not showing in devices (information has been changed. IPs,and keys should be obvious where)
si458
commented
1 month ago your config.json looks incomplete/missing? can you repair your config.json above?
also ive noticed u have cloudflare in the trace json,
have you tried NOT proxing via cloudflare to elimate them being the issue?
(we have had issues in the past with cloudflare where the websockets wasnt carrying the remote desktops correctly)
si458
commented
1 month ago also you are missing "trustedProxy": "CloudFlare" from inside your settings of your config.json
Menethoran
commented
1 month ago your config.json looks incomplete/missing? can you repair your config.json above?
also ive noticed u have
cloudflarein the trace json, have you tried NOT proxing via cloudflare to elimate them being the issue? (we have had issues in the past with cloudflare where the websockets wasnt carrying the remote desktops correctly)
I have disabled cloudflare proxy. (issue persists)
my config.json is as above. But, I missed the top line "{" on my copy/paste
interesting. if you put your "{" next to your ```, it removes it. Added a return between and populated
si458
commented
1 month ago @Menethoran your config.json is still not right because
the the schema file says
"$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.j>
same with __comment__" in the letsencrypt, its missing the extra ", at the end
you can copy the full config.json correctly by going into the My Server tab in the web ui and clicking Show Server Configuration
Menethoran
commented
1 month ago correction... my stupid terminal doesnt word wrap on copying... heres corrected version.
{
"$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
"settings": {
"cert": "meshcentral.BLAH.org",
"WANonly": true,
"_LANonly": true,
"_sessionKey": "Buggery!",
"port": 80,
"_aliasPort": 443,
"redirPort": 443,
"_redirAliasPort": 443,
"AgentPong": 300,
"TLSOffload": true,
"SelfUpdate": false,
"AllowFraming": true,
"WebRTC": false,
"IgnoreAgentHashCheck": false,
"log": "debug"
},
"domains": {
"": {
"_title": "",
"_title2": "MeshCentral",
"_minify": true,
"certurl": "https://meshcentral.BLAH.org:443",
"NewAccounts": "false",
"_userNameIsEmail": true
}
},
"_letsencrypt": {
"__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>",
"_email": "BLAH@gmail.com",
"_names": "meshcentral.BLAH.org",
"skipChallengeVerification": true,
"production": true
}
}ok so try adding adding the trustproxy entry into your settings section as explained above and restart and see if that helps https://github.com/Ylianst/MeshCentral/issues/6391#issuecomment-2361682049
Menethoran
commented
1 month ago adding the trustproxy leads me to a 404 error.
si458
commented
1 month ago ok so try removing the tlsoffload option, then setting cloudflare to talk to https and port 443, and restarting meshcentral
Menethoran
commented
1 month ago With Cloudflare proxy turned off and the following config, i get a bad gateway.
{
"$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
"settings": {
"cert": "meshcentral.BLAH.org",
"WANonly": true,
"_LANonly": true,
"_sessionKey": "Buggery!",
"port": 443, <-------------------------------IF I CHANGE THIS TO 80, SAME ISSUE PERSISTS,
"_aliasPort": 443,
"redirPort": 443,
"_redirAliasPort": 443,
"AgentPong": 300,
"TLSOffload": false,
"SelfUpdate": false,
"AllowFraming": true,
"WebRTC": false,
"IgnoreAgentHashCheck": false,
"log": "debug",
"trustedProxy": "CloudFlare"
},
"domains": {
"": {
"_title": "",
"_title2": "MeshCentral",
"_minify": true,
"certurl": "https://meshcentral.BLAH.org:443",
"NewAccounts": "false",
"_userNameIsEmail": true
}
},
"_letsencrypt": {
"__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>",
"_email": "BLAH@gmail.com",
"_names": "meshcentral.BLAH.org",
"skipChallengeVerification": true,
"production": true
}
}Im thinking, its a traefik issue, not a meshcentral issue, regardless of it seeming to work.
traefik is throwing this error:
2024-09-19T13:49:38-04:00 ERR error="service \"meshcentral-meshcentral\" error: unable to find the IP address for the container \"/meshcentral\": the server is ignored" container=meshcentral-meshcentral-92fcb3722244b288faffa5d2871bdad445ef7c141efeee54852e40b1dd04e051 providerName=dockerBUT, i dont have that defined as anything defined as meshcentral-meshcentral AND, the container obviously has an IP :)
traefik is sometimes such a PITA with its... oddities... .particularities...
Let me figure this part out and ill come back if its still broken. (ill be back to comment within 24 hours at absolute max )
si458
commented
1 month ago oh right so you are doing cloudflare -> traefik -> meshcentral and using docker!
in that case the trustedproxy would be "trustedProxy": "CloudFlare,meshcentral" or "trustedProxy": "meshcentral"
as the trustedproxy needs to include the IP address of your traefik server, so it can get the real IP addresses of your remote clients from cloudflare!
using a proxy with a proxy is a real pain at times!
i would just use cloudflare tunnels, and let cloudflare talk directly to your meshcentral and avoid traefik all together!
Menethoran
commented
1 month ago Yeah, I've disabled the cloudflare proxy.
Do I still want meshcentral as a trust proxy? (can I use the exactip of the traefik proxy? 10.2.83.254?) or the ip of the pc it runs on(10.2.77.13) and...? Mesh central?
On Thu, Sep 19, 2024, 3:09 PM Simon Smith @.***> wrote:
oh right so you are doing cloudflare -> traefik -> meshcentral and using docker!
in that case the trustedproxy would be "trustedProxy": "CloudFlare,meshcentral" or "trustedProxy": "meshcentral" as the trustedproxy needs to include the IP address of your traefik server, so it can get the real IP addresses of your remote clients from cloudflare!
using a proxy with a proxy is a real pain at times!
i would just use cloudflare tunnels, and let cloudflare talk directly to your meshcentral and avoid traefik all together!
— Reply to this email directly, view it on GitHub https://github.com/Ylianst/MeshCentral/issues/6391#issuecomment-2361976882, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB7VRSNAKFBOAMWJ7OP5PW3ZXMOPZAVCNFSM6AAAAABOQKLIV2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNRRHE3TMOBYGI . You are receiving this because you were mentioned.Message ID: @.***>
si458
commented
1 month ago ok so now your domain should go directly to your traefik server then to meshcentral
so in the trustedproxy you should put in the ip address of the meshcentral container
OR the ip address of the machine running meshcentral
OR
put in the name meshcentral if the ip is going to change
then restart meshcentral
Describe the bug A clear and concise description of what the bug is. What appears to be good installs on ubuntu via CLI, or agent. Via Windows. No population inside of Meshcentral of devices
To Reproduce Steps to reproduce the behavior:
Hard to say. This SHOULD work. I have no obvious errors (no errors in trafik logs, no errors in docker logs from what i can see)
Expected behavior A clear and concise description of what you expected to happen.
Install agent successfully should translate to population of device in my devices
Screenshots If applicable, add screenshots to help explain your problem.
I cant supply screen shots of something not happening, sorry.
Server Software (please complete the following information):
Ubuntu Server 24.04 Docker v 27.2, latest pull of meshcentral.
Client Device (please complete the following information):
client devices: Ubuntu desktop 24.04 (gaming desktop), Ubuntu 22.04 (XPS laptop), Windows 11 (XPS Laptop)
Remote Device (please complete the following information):
consoleTab then typeinfo]Additional context Add any other context about the problem here.
Running Trace in Meshcentral produces no apparent traffic from incoming connections (nothing is displayed other than website movement when tracing everything)
Your config.json file