Document handling of /etc/hosts for mesh domain

amidaware / trmm-docs

Documentation for the Tactical RMM software

https://docs.tacticalrmm.com

9 stars 30 forks source link

Document handling of /etc/hosts for mesh domain #190

Open NiceGuyIT opened 1 year ago

NiceGuyIT commented 1 year ago

Commit 716c0fe introduced the "management" of /etc/hosts to handle the scenario of cloud init files. This change assumes a reverse proxy is not used and will cause problems for people using MeshCentral with reverse proxies.

In my environment, mesh.example.com points to the reverse proxy to get the TLS cert, not 127.0.0.1. Since $meshdomain is included in the checks/fix, updating might "break" the (unsupported) reverse proxy configuration.

I don't expect the code to be updated to account for unsupported configurations. This issue is to update the documentation.

NiceGuyIT commented 1 year ago

The "symptom" is the Connect greyed out in MeshCentral. journalctl reports the following.

Aug 21 07:27:44 ns-v18-tactical meshcentral[2486]: Agent bad web cert hash (Agent:e583a0455e != Server:1a57156b69 or 1a57156b69), holding connection (127.0.0.1:36028).
Aug 21 07:27:44 ns-v18-tactical meshcentral[2486]: Agent reported web cert hash:e583a0455e0e7378449c502f4431fe8ddda4cd86f24bbe0b806cb3eef713ebd094aec202b4744692daf2f91040a2f5aa.

silversword411 commented 1 year ago

How would you suggest documenting it? Disclaimer in the unsupported first page?

LastStopITSolutions commented 1 year ago

My PR essentially addresses this issue. The error isn't mentioned per se but if users follow my writeup to a T they shouldn't see this error.

silversword411 commented 10 months ago

My PR essentially addresses this issue

Which PR?