Table des matières

Installation de Meshcentral sur LXC Ubuntu 18.04

Liens

Outils

apt install net-tools bash-completion software-properties-common
 
dpkg-reconfigure locales
 
cat <<EOF | tee -a /etc/bash.bashrc
if [ -f /etc/bash_completion ]; then
        . /etc/bash_completion
fi
EOF

Réseau

cat <<EOF | tee /etc/netplan/10-lxc.yaml
network:
  version: 2
  ethernets:
    eth0:
      dhcp4: no
      dhcp6: no
      addresses:
        - 10.0.3.133/24
      gateway4: 10.0.3.1
      nameservers:
        addresses:
          - 213.186.33.99 
          - 8.8.8.8
EOF

Meshcentral

apt install -y nodejs npm
node -v
npm -v
apt install mongodb -y
systemctl start mongodb
systemctl enable mongodb
setcap cap_net_bind_service=+ep /usr/bin/node
echo "@reboot setcap cap_net_bind_service=+ep /usr/bin/node" | crontab -
useradd -r -d /opt/meshcentral -s /sbin/nologin meshcentral
mkdir /opt/meshcentral
cd /opt/meshcentral
npm install meshcentral
npm install archiver@4.0.2 otplib@10.2.3 mongodb
mkdir /opt/meshcentral/meshcentral-data
chown -R meshcentral:meshcentral /opt/meshcentral
chmod 755 -R /opt/meshcentral/meshcentral-*
 
 
cat <<'EOF' | tee /opt/meshcentral/meshcentral-data/config.json
{
  "settings": {
    "MongoDb": "mongodb://127.0.0.1:27017/meshcentral",
    "Cert": "myservername.domain.com",
    "AliasPort": 443,
    "Port": 4430,
    "RedirPort": 800,
    "AgentPong": 300,
    "TlsOffload": "10.0.3.177"
  }
  "domains": {
  "": {"certUrl": "https://myservername.domain.com/"}
  }
}
EOF
 
sudo -u meshcentral node ./node_modules/meshcentral

Apache reverse proxy

https://github.com/Ylianst/MeshCentral/issues/317#issuecomment-525048548 

RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule . "ws://10.0.3.133:4430%{REQUEST_URI}" [P]
ProxyPass / http://10.0.3.133:4430/ connectiontimeout=86400 timeout=30
ProxyPassReverse / http://10.0.3.133:4430/
ProxyPreserveHost On

Systemd service

cat <<EOF | tee /etc/systemd/system/meshcentral.service
[Unit]
Description=MeshCentral Server

[Service]
Type=simple
LimitNOFILE=1000000
ExecStart=/usr/bin/node /opt/meshcentral/node_modules/meshcentral
WorkingDirectory=/opt/meshcentral
Environment=NODE_ENV=production
User=meshcentral
Group=meshcentral
Restart=always
# Restart service after 10 seconds if node service crashes
RestartSec=10
# Set port permissions capability
AmbientCapabilities=cap_net_bind_service

[Install]
WantedBy=multi-user.target
EOF

systemctl enable meshcentral.service
systemctl start meshcentral.service
systemctl status meshcentral.service
systemctl stop meshcentral.service