From 9eb45270f26fe7efa61fd5949ce48bb3a233bd59 Mon Sep 17 00:00:00 2001 From: sadnub Date: Wed, 25 Nov 2020 14:53:38 -0500 Subject: [PATCH] Update docker readme --- docker/readme.md | 54 ++++++++++++++++++++++++++---------------------- 1 file changed, 29 insertions(+), 25 deletions(-) diff --git a/docker/readme.md b/docker/readme.md index 124f4fec..8ee987fd 100644 --- a/docker/readme.md +++ b/docker/readme.md @@ -1,9 +1,9 @@ # Docker Setup - Install docker and docker-compose -- Optional (but strongly recommended) obtain valid wildcard certificate for domain. If certificates are not provided, a self-signed cert will be generated. See below on how to generate a free Let's Encrypt! +- Obtain valid wildcard certificate for your domain. If certificates are not provided, a self-signed certificate will be generated and most agent functions won't work. See below on how to generate a free Let's Encrypt! -## (Optional) Generate certificates with certbot +## Generate certificates with certbot Install Certbot ``` @@ -16,11 +16,11 @@ Generate the wildcard certificate. Add the DNS entry for domain validation. Repl sudo certbot certonly --manual -d *.example.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns ``` -## Configure DNS and Firewall +## Configure DNS and firewall -You will need to add DNS entries so that the three subdomains resolve to the IP of the docker host. There is a reverse proxy running that will route the hostnames to the correct container. On the host, you will need to ensure the firewall is open on tcp ports 80, 443, 4505, 4506. +You will need to add DNS entries so that the three subdomains resolve to the IP of the docker host. There is a reverse proxy running that will route the hostnames to the correct container. On the host, you will need to ensure the firewall is open on tcp ports 80, 443, 4222, 4505, 4506. -## Run the environment with Docker +## Setting up the environment Get the docker-compose and .env.example file on the host you which to install on @@ -34,12 +34,35 @@ Change the values in .env to match your environment. If you are supplying certificates through Let's Encrypt or another source, see the section below about base64 encoding the certificate files. -Then run the below command to start the environment. +## Base64 encoding certificates to pass as env variables + +Use the below command to add the the correct values to the .env. + +Running this command multiple times will add redundant entries, so those will need to be removed. + +Let's encrypt certs paths are below. Replace ${rootdomain} with your own. + +public key +`/etc/letsencrypt/live/${rootdomain}/fullchain.pem` + +private key +`/etc/letsencrypt/live/${rootdomain}/privkey.pem` + +``` +echo "CERT_PUB_KEY=$(sudo base64 -w 0 /path/to/pub/key)" >> .env +echo "CERT_PRIV_KEY=$(sudo base64 -w 0 /path/to/priv/key)" >> .env +``` + +## Starting the environment + +Run the below command to start the environment. ``` sudo docker-compose up -d ``` +Removing the -d will start the containers in the foreground and is useful for debugging. + ## Get MeshCentral EXE download link Run the below command to get the download link for the mesh central exe. This needs to be uploaded on first successful signin. @@ -47,22 +70,3 @@ Run the below command to get the download link for the mesh central exe. This ne ``` sudo docker-compose exec tactical-backend python manage.py get_mesh_exe_url ``` - -## Base64 encoding certificates to pass as env variables - -Use the below command to add the the correct values to the .env. - -Running this command multiple times will add redundant entries, so those will need to be removed. - -Let's encrypt certs are stored in: - -public key -`/etc/letsencrypt/live/${rootdomain}/fullchain.pem` - -private key -`/etc/letsencrypt/live${rootdomain}/privkey.pem` - -``` -echo "CERT_PUB_KEY=$(sudo base64 -w 0 /path/to/pub/key)" >> .env -echo "CERT_PRIV_KEY=$(sudo base64 -w 0 /path/to/priv/key)" >> .env -```