moar docs

docs/docs/faq.md

@@ -6,6 +6,8 @@ Alot of features in the web UI are hidden behind right-click menus; almost every
 #### Where are the Linux / Mac agents?
 Linux / Mac agents are currently under development.
 
+#### Can I run Tactical RMM locally behind NAT without exposing anything to the internet?
+Yes, you will just need to setup local DNS for the 3 subdomains, either by editing host files on all your agents or through a local DNS server.
 #### I am locked out of the web UI. How do I reset my password?
 
 SSH into your server and run these commands:

docs/docs/install_agent.md

@@ -48,4 +48,19 @@ To create a deployment, from the web UI click **Agents > Manage Deployments**.<b
     Create a client/site named "Default" and create a deployment for it with a very long expiry to have a generic installer that can be deployed anytime at any client/site.<br/><br/>
     You can then move the agent into the correct client/site from the web UI after it's been installed.
 
-Copy/paste the download link from the deployment into your browser. It will take a few seconds to dynamically generate the executable and then your browser will automatically download the exe.
+Copy/paste the download link from the deployment into your browser. It will take a few seconds to dynamically generate the executable and then your browser will automatically download the exe.
+
+
+#### Optional installer args
+
+The following optional arguments can be passed to any of the installation method executables:
+
+```
+-log debug
+```
+Will print very verbose logging during agent install. Usefull for troubleshooting agent install.
+
+```
+-silent
+```
+This will not popup any message boxes during install, either any error messages or the "Installation was successfull" message box that pops up at the end of a successfull install.

docs/docs/install_server.md

@@ -7,7 +7,7 @@
     The provided install script assumes a fresh server with no software installed on it. Attempting to run it on an existing server with other services **will** break things and the install will fail.<br/><br/>
     The install script has been tested on the following public cloud providers: DigitalOcean, Linode, Vultr, BuyVM (highly recommended), Hetzner, AWS, Google Cloud and Azure, as well as behind NAT on Hyper-V, Proxmox and ESXi.
 
-- A real domain is needed to generate a Let's Encrypt cert. <br/>If you cannot afford to purchase a domain ($12 a year) then you can get one for free at [freenom.com](https://www.freenom.com/)<br/><br/>
+- A real domain is needed to generate a Let's Encrypt wildcard cert. <br/>If you cannot afford to purchase a domain ($12 a year) then you can get one for free at [freenom.com](https://www.freenom.com/)<br/><br/>
 
 - A TOTP based authenticator app. Some popular ones are Google Authenticator, Authy and Microsoft Authenticator.<br/><br/>
 
@@ -58,7 +58,7 @@ ufw allow from X.X.X.X to any port 22
 
 Enable and activate the firewall
 ```
-ufw enable && sudo ufw reload
+ufw enable && ufw reload
 ```
 
 #### Create the A records
@@ -95,7 +95,7 @@ Answer the initial questions when prompted. Replace `example.com` with your doma
 ![questions](images/install_questions.png)
 
 
-Deploy the TXT record in your DNS manager:
+#### Deploy the TXT record in your DNS manager:
 
 !!!warning
     TXT records can take anywhere from 1 minute to a few hours to propogate depending on your DNS provider.<br/>

docs/docs/mesh_integration.md

@@ -0,0 +1,28 @@
+# MeshCentral Integration
+
+#### Overview
+
+Tactical RMM integrates with [MeshCentral](https://github.com/Ylianst/MeshCentral) for the following 3 functions:
+
+- Take Control
+- Real time shell
+- Real time file browser
+
+At some point in the future, these functions will be directly built into the Tactical Agent, removing the need for MeshCentral.
+
+It should be noted that Tactical RMM and MeshCentral are 2 completely separate products and can run independently of each other.
+
+They do not even have to run on the same box, however when you install Tactical RMM it simply installs meshcentral for you with some preconfigured settings to allow integration.
+
+It is highly recommended to use the MeshCentral instance that Tactical installs, since it allows the developers more control over it and to ensure things don't break.
+
+#### How does it work
+
+MeshCentral has an embedding feature that allows integration into existing products.
+
+See *Section 14 - Embedding MeshCentral* in the [MeshCentral User Guide](https://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2UserGuide.pdf) for a detailed explanation of how this works.
+
+The Tactical RMM Agent keeps track of your Mesh Agents, and periodically interacts with them to synchronize the mesh agent's unique ID with the tactical rmm database.
+
+When you do a take control / terminal / file browser on an agent using the Tactical UI, behind the scenes, Tactical generates a login token for meshcentral's website and then "wraps" MeshCentral's UI in an iframe for that specific agent only, using it's unique ID to know what agent to render in the iframe.
+

docs/docs/troubleshooting.md

@@ -0,0 +1,52 @@
+# Troubleshooting
+
+#### "Bad credentials" error when trying to login to the Web UI
+
+If you are sure you are using the correct credentials and still getting a "bad credentials" error, open your browser's dev tools (ctrl + shift + j on chrome) and check the Console tab to see the real error.
+
+It will most probably be a CORS error which means you need to check your DNS settings and make sure whatever computer you're trying to access the UI from resolves your 3 subdomains to the correct IP of the server running the RMM (public IP if running in the cloud, or private IP if running behind NAT).
+
+If you see an error about SSL or certificate expired, then your Let's Encrypt cert has probably expired and you'll need to renew it.
+
+Refer to the Let's Encrypt cert renewal instructions [here](update_server.md#keeping-your-lets-encrypt-certificate-up-to-date)
+
+<br/>
+
+#### Agents not updating
+
+The most common problem we've seen of agents not updating is due to Antivirus blocking the updater executable.
+
+Windows Defender will 100% of the time block the updater from running unless an exclusion is set.
+
+Refer to the [Agent Installation](install_agent.md) instructions for AV exceptions to set and manually doing an agent update with logging to trouleshoot further.
+
+Agents will also not automatically update if they are too old.
+
+Since Tactical RMM is still in alpha and the developers makes breaking changes pretty frequently, there is no promise of backwards compatibility.
+
+If you have agents that are relatively old, you will need to uninstall them manually and reinstall using the latest version.
+
+<br/>
+
+#### Agents not checking in or showing up / General agent issues
+
+Open CMD as admin on the problem computer and stop the agent services:
+
+```cmd
+net stop tacticalagent
+net stop tacticalrpc
+```
+
+Run the tacticalagent service manually with debug logging:
+```cmd
+"C:\Program Files\TacticalAgent\tacticalrmm.exe" -m winagentsvc -log debug -logto stdout
+```
+
+Run the tacticalrpc service manually with debug logging:
+```cmd
+"C:\Program Files\TacticalAgent\tacticalrmm.exe" -m rpc -log debug -logto stdout
+```
+
+This will print out a ton of info. You should be able to see the error from the debug log output.
+
+Please then copy/paste the logs and post them either in our [Discord support chat](https://discord.gg/upGTkWp), or create a [github issue](https://github.com/wh1te909/tacticalrmm/issues).

docs/docs/update_server.md

@@ -1,5 +1,7 @@
 # Updating the RMM
 
+#### Updating to the latest RMM version
+
 !!!danger
     Do __not__ attempt to manually edit the update script or any configuration files unless specifically told to by one of the developers.<br/><br/>
     Since this software is completely self hosted and we have no access to your server, we have to assume you have not made any config changes to any of the files or services on your server, and the update script will assume this.<br/><br/>
@@ -24,4 +26,25 @@ You can pass the optional `--force` flag to the update script to forcefully run
 tactical@tacrmm:~$ ./update.sh --force
 ```
 This is usefull for a botched update that might have not completed fully.<br/><br/>
-The update script will also fix any permissions that might have gotten messed up during a botched update, or if you accidentally ran the update script as the `root` user.
+The update script will also fix any permissions that might have gotten messed up during a botched update, or if you accidentally ran the update script as the `root` user.
+
+<br/>
+
+#### Keeping your Let's Encrypt certificate up to date
+
+!!!info
+    Currently, the update script does not automatically renew your Let's Encrypt wildcard certificate, which expires every 3 months, since this non-trivial to automate using the DNS TXT record method.
+
+To renew your Let's Encrypt wildcard cert, run the following command, replacing `example.com` with your domain and `admin@example.com` with your email:
+
+```bash
+sudo certbot certonly --manual -d *.example.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m admin@example.com --no-eff-email
+```
+
+Same instructions as during install for [verifying the TXT record](install_server.md#deploy-the-txt-record-in-your-dns-manager) has propogated before hitting Enter.
+
+After this you have renewed the cert, simply run the `update.sh` script, passing it the `--force` flag.
+
+```bash
+./update.sh --force
+```

docs/mkdocs.yml

@@ -10,7 +10,11 @@ nav:
       - "Updating Agents": update_agents.md
   - Backup: backup.md
   - Restore: restore.md
+  - Troubleshooting: troubleshooting.md
   - FAQ: faq.md
+  - Functionality:
+      - "Alerting": alerting.md
+  - MeshCentral Integration: mesh_integration.md
   - License: license.md
 site_description: "A remote monitoring and management tool"
 site_author: "wh1te909"