diff --git a/docs/Example configs/haproxy-with-sni-sample.cfg b/docs/Example configs/haproxy-with-sni-sample.cfg
index 4fb3a8d7..a1f23cad 100644
--- a/docs/Example configs/haproxy-with-sni-sample.cfg
+++ b/docs/Example configs/haproxy-with-sni-sample.cfg
@@ -1,12 +1,10 @@
# Uses proxy protocol in HAProxy in combination with SNI to preserve the original host address
# Update the config.json to work with HAProxy
+# Specify the IP addrehostname that the traffic will come from HAProxy (this might not be the address that is bound to the listener)
+# "tlsOffload": "10.1.1.10",
#
-# Specify the hostname and port that has the public certificate
-# "tlsOffload": "https://mc.publicdomain.com:443",
-#
-# Specify the IP address of the HAProxy instance (this might not be the address that is bound to the listener).
-# "TrustedProxy": "10.1.1.10",
-
+# Specify the HAPRoxy URL with the hostname to get the certificate
+# "certUrl": "https://mc.publicdomain.com:443/"
frontend sni-front
bind 10.1.1.10:443
@@ -38,3 +36,9 @@ backend mc-back-HTTPS
option http-server-close
server mc-01 10.1.1.30:443 check port 443 verify none
+# In the event that it is required to have TLS between HAProxy and Meshcentral,
+# Remove the tls_Offload line and replace with trustedProxy
+# Specify the IP addrehostname that the traffic will come from HAProxy (this might not be the address that is bound to the listener)
+# "trustedProxy": "10.1.1.10",
+# and change the last line of backend mc-back-HTTPS to use HTTPS by adding the ssl keyword
+# server mc-01 10.1.1.30:443 check ssl port 443 verify none
diff --git a/docs/docs/meshcentral/agents.md b/docs/docs/meshcentral/agents.md
index 0e1c983c..1ba89e61 100644
--- a/docs/docs/meshcentral/agents.md
+++ b/docs/docs/meshcentral/agents.md
@@ -31,6 +31,13 @@ Default Install Path: `/usr/local/mesh_services/meshagent/meshagent`
Launches from `/Library/LaunchAgents/meshagent.plist`
+Controlling agent
+
+```bash
+launchctl stop meshagent
+launchctl start meshagent
+```
+
## Apple macOS Universal
For OSx 11+ including Big Sur, Monterey and later
diff --git a/docs/docs/meshcentral/config.md b/docs/docs/meshcentral/config.md
index 112900fb..14d3e6ba 100644
--- a/docs/docs/meshcentral/config.md
+++ b/docs/docs/meshcentral/config.md
@@ -42,6 +42,7 @@ See description for information about each item.
}
}
},
+ "sqlite3": { "type": "boolean", "default": false, "description": "Set true to use SQLite3 as a local MeshCentral database." },
"mySQL": {
"type": "object",
"description": "Add this section to connect MeshCentral to a MySQL database instance.",
@@ -75,6 +76,11 @@ See description for information about each item.
"database": { "type": "string", "default": "meshcentral", "description": "Name of PostgreSQL database used" }
}
},
+ "acebase": {
+ "type": "object",
+ "description": "Add this section to enable AceBase database support, this is a local database system much like NeDB.",
+ "properties": { "sponsor": { "type": "boolean", "default": false, "description": "Set true to remove the AceBase banner on startup." } }
+ },
"WANonly": { "type": "boolean", "default": false, "description": "When enabled, only MeshCentral WAN features are enabled and agents will connect to the server using a well known DNS name." },
"LANonly": { "type": "boolean", "default": false, "description": "When enabled, only MeshCentral LAN features are enabled and agents will find the server using multicast LAN packets." },
"maintenanceMode": { "type": "boolean", "default": false, "description": "When enabled the server is in maintenance mode, only administrators can login. Use the maintenance command in server console to change." },
@@ -581,13 +587,14 @@ See description for information about each item.
"additionalProperties": false,
"description": "Use this section to set resource metadata of the Windows agents prior to signing. In Windows, you can right-click and select properties to view these values.",
"properties": {
+ "icon": { "type": "string", "description": "Sets the agent icon, this is the name of a .ico file with the file placed in the meshcentral-data folder." },
"fileDescription": { "type": "string", "description": "Executable file description." },
- "fileVersion": { "type": "string", "description": "Executable file version, generally in the form of 1.2.3.4." },
+ "fileVersion": { "type": "string", "description": "Executable file version, in the form of 'n.n.n.n', for example: '1.2.3.4'." },
"internalName": { "type": "string", "description": "Executable internal name." },
"legalCopyright": { "type": "string", "description": "Executable legal copyright." },
"originalFilename": { "type": "string", "description": "Executable original file name." },
"productName": { "type": "string", "description": "Executable product name." },
- "productVersion": { "type": "string", "description": "Executable product version, generally in the form of 1.2.3.4." }
+ "productVersion": { "type": "string", "description": "Executable product version. Any string format will work, but a alphabetic character is required for this value to show correctly in the Windows property box. For example: 'v1.2.3.4' will work, but '1.2.3.4' will not." }
}
},
"assistantCustomization": {
@@ -934,6 +941,7 @@ See description for information about each item.
"additionalProperties": false,
"properties": {
"log": { "type": "string" },
+ "strictCommonName": { "type": "boolean", "default": false, "description": "When set to true, the certificate common name needs to match exactly the Intel AMT trusted FQDN or DHCP Option 15. If false, some flexibility may be given to the matching." },
"certs": {
"type": "object",
"additionalProperties": {
@@ -1265,5 +1273,4 @@ See description for information about each item.
},
"required": [ "settings", "domains" ]
}
-
```
\ No newline at end of file
diff --git a/docs/docs/meshcentral/debugging.md b/docs/docs/meshcentral/debugging.md
index d5bf0001..339e4f53 100644
--- a/docs/docs/meshcentral/debugging.md
+++ b/docs/docs/meshcentral/debugging.md
@@ -37,7 +37,7 @@ cd C:\Program Files\Open Source\MeshCentral\node_modules\meshcentral
node meshcentral
```
-The problem with the second command is that NPM may install missing modules are the incorrect location.
+The problem with the second command is that NPM may install missing modules in the incorrect location.
Also, in general I recommend not using the MeshCentral MSI Installer and just install manually unless you are very much scared of the command prompt. Anyone that knows about bit about the shell should install MeshCentral like this:
@@ -203,6 +203,12 @@ service meshcentral restart
## MeshAgent
+Troubleshooting agent
+
+```bash
+./meshagent -state
+```
+
### Agent Debug Logs to server
This automatically downloads all agent error logs into `meshcentral-data/agenterrorlogs.txt`
diff --git a/docs/docs/meshcentral/images/2022-08-24-06-42-40.png b/docs/docs/meshcentral/images/2022-08-24-06-42-40.png
new file mode 100644
index 00000000..7edcf6a2
Binary files /dev/null and b/docs/docs/meshcentral/images/2022-08-24-06-42-40.png differ
diff --git a/docs/docs/meshcentral/index.md b/docs/docs/meshcentral/index.md
index cd2fabcb..dd930db7 100644
--- a/docs/docs/meshcentral/index.md
+++ b/docs/docs/meshcentral/index.md
@@ -577,6 +577,42 @@ IP addresses are separated by a comma. As a result, only users coming these IP a
**Note**: When IP address whitelist is effective, Mesh Agent connection from any IP address will be not affected.
+You can also use files for IP lists
+
+```json
+"userAllowedIp": "file:userallowedips.txt",
+"userBlockedIp": "file:userblockedips.txt",
+"agentAllowedIp": "file:agentallowedips.txt"
+```
+
+Place the file in the `meshcentral-data` folder.
+
+All the lines that start with a number or `:` will be used, everything else is ignored. So, you can put comments anyway you like, but probably best to start then with a `#` or something to make it clear.
+
+```txt
+# My list of blocked IP's
+185.101.70.0/24
+185.46.85.0/24
+37.9.44.0/24
+37.9.45.0/24
+5.189.205.0/24
+5.189.206.0/24
+5.189.207.0/24
+5.62.153.0/24
+5.62.156.0/24
+5.62.158.0/24
+
+# One more list
+5.8.44.0/24
+5.8.45.0/24
+5.8.46.0/24
+79.110.28.0/24
+79.110.31.0/24
+91.204.14.0/24
+95.181.218.0/24
+95.85.81.0/24
+```
+
## Email Setup
We highly recommend the use of an email server (SMTP) because we could allow MeshCentral to verify user account’s email address by sending a confirmation request to the user to complete the account registration and for password recovery, should a user forget account password as illustrated below
@@ -1155,6 +1191,18 @@ To get this features setup, users will need to go to the “My Account” tab or
Note that if a user performs a password recovery using email, the 2-step authentication is then turned off and will need to be turned on again. This is not idea as someone being able to intercept the user’s email could still log into the web site. Users should make sure to properly protect their email account.
+Another form of MFA or Multi-factor Authentication is hardware based OTP (One Time Password) solution providing 2FA or Two-factor authentication. Yubikey is fully supported in MeshCentral.
+
+
+
+
+
+And taking authentication to the next step is removing the login page entirely. Use LoginKey 3FA with MeshCentral.
+
+
+
+
+
## Branding & Terms of use
Once MeshCentral is setup, you may want to customize the web site with your own brand and terms of use. This is important to personalize the web site to your organization. We also want to customize the web site in such a way that updating to the latest version will keep the branding as-is.
@@ -1194,6 +1242,10 @@ If, for example, MeshCentral is running on a Raspberry Pi. You may want to put a
This is great to personalize the look of the server within the web site.
+### Agent Branding
+
+
+
### Terms of use
You can change the terms of use of the web site by adding a “terms.txt” file in the “meshcentral-data” folder. The file can include HTML markup. Once set, the server does not need to be restarted, the updated terms.txt file will get used the next time it’s requested.
@@ -1404,6 +1456,10 @@ Before you get started, your MeshCentral server must be publicly facing on the i
### LDAP
+
+
+
+
You can integrate LDAP using [these](https://github.com/Ylianst/MeshCentral/blob/f05eb9a198bed249c2b1a969ce17a41404ef70a6/meshcentral-config-schema.json#L505-L513) configuration options
diff --git a/docs/powerpoints/MeshCentral - 0084 - LDAP Integration.pptx b/docs/powerpoints/MeshCentral - 0084 - LDAP Integration.pptx
new file mode 100644
index 00000000..ab55ad14
Binary files /dev/null and b/docs/powerpoints/MeshCentral - 0084 - LDAP Integration.pptx differ
diff --git a/docs/powerpoints/MeshCentral - 0087 - AceBase Database.pptx b/docs/powerpoints/MeshCentral - 0087 - AceBase Database.pptx
new file mode 100644
index 00000000..365fcc9a
Binary files /dev/null and b/docs/powerpoints/MeshCentral - 0087 - AceBase Database.pptx differ
diff --git a/docs/powerpoints/MeshCentral - 0088 - SQLite Database.pptx b/docs/powerpoints/MeshCentral - 0088 - SQLite Database.pptx
new file mode 100644
index 00000000..9b069181
Binary files /dev/null and b/docs/powerpoints/MeshCentral - 0088 - SQLite Database.pptx differ
diff --git a/docs/powerpoints/MeshCentral - 0091 - SessionKey.pptx b/docs/powerpoints/MeshCentral - 0091 - SessionKey.pptx
new file mode 100644
index 00000000..563b6342
Binary files /dev/null and b/docs/powerpoints/MeshCentral - 0091 - SessionKey.pptx differ
diff --git a/docs/powerpoints/MeshCentral - 0092 - Agent Ping and Browser Pong.pptx b/docs/powerpoints/MeshCentral - 0092 - Agent Ping and Browser Pong.pptx
new file mode 100644
index 00000000..a1cd400b
Binary files /dev/null and b/docs/powerpoints/MeshCentral - 0092 - Agent Ping and Browser Pong.pptx differ