diff --git a/docs/docs/howitallworks.md b/docs/docs/howitallworks.md
index 77904685..48125b83 100644
--- a/docs/docs/howitallworks.md
+++ b/docs/docs/howitallworks.md
@@ -136,6 +136,16 @@ Files create `c:\Windows\temp\Tacticalxxxx\` folder for install (and log files)
***
+### Agent Recovery
+
+#### Mesh Agent Recovery
+
+Tactical Agent just runs `mesh_agent.exe -something` to get the mesh agent id and saves it to the django database.
+
+#### Tactical RPC Recovery
+
+#### Tactical Agent Recovery
+
### Windows Update Management
Tactical RMM Agent sets:
diff --git a/docs/docs/images/meshagentdl.png b/docs/docs/images/meshagentdl.png
index 85defd46..8bf10fea 100644
Binary files a/docs/docs/images/meshagentdl.png and b/docs/docs/images/meshagentdl.png differ
diff --git a/docs/docs/install_docker.md b/docs/docs/install_docker.md
index 44be4bb7..8523cc18 100644
--- a/docs/docs/install_docker.md
+++ b/docs/docs/install_docker.md
@@ -1,27 +1,62 @@
# Docker Setup
-- Install docker and docker-compose
-- Obtain valid wildcard certificate for your domain. If certificates are not provided, a self-signed certificate will be generated and most agent functions won't work. See below on how to generate a free Let's Encrypt!
+## 1. Install Docker
-## Generate certificates with certbot
+Install docker
-Install Certbot
+### 2. Create the A records
+
+We'll be using `example.com` as our domain for this example.
+
+!!!info
+ The RMM uses 3 different sites. The Vue frontend e.g. `rmm.example.com` which is where you'll be accesing your RMM from the browser, the REST backend e.g. `api.example.com` and Meshcentral e.g. `mesh.example.com`
+
+1. Get the public IP of your server with `curl https://icanhazip.tacticalrmm.io`
+2. Open the DNS manager of wherever the domain you purchased is hosted.
+3. Create 3 A records: `rmm`, `api` and `mesh` and point them to the public IP of your server:
+
+
+
+## 3. Acquire Let's Encrypt Wildcard certs with certbot
+
+!!!warning
+ If the Let's Encrypt wildcard certificates are not provided, a self-signed certificate will be generated and most agent functions won't work.
+
+### A. Install Certbot
```bash
sudo apt-get install certbot
```
-Generate the wildcard certificate. Add the DNS entry for domain validation. Replace `example.com` with your root doamin
+### B. Generate the wildcard Let's Encrypt certificates
+
+We're using the [DNS-01 challenge method](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge)
+#### a. Deploy the TXT record in your DNS manager
+
+!!!warning
+ TXT records can take anywhere from 1 minute to a few hours to propogate depending on your DNS provider.
+ You should verify the TXT record has been deployed first before pressing Enter.
+ A quick way to check is with the following command:
`dig -t txt _acme-challenge.example.com`
+ or test using: Enter: `_acme-challenge.example.com`
+
+
+
+
+
+#### b. Request Let's Encrypt Wildcard cert
```bash
sudo certbot certonly --manual -d *.example.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns
```
-## Configure DNS and firewall
+!!!note
+ Replace `example.com` with your root domain
+
+## 4. Configure DNS and firewall
You will need to add DNS entries so that the three subdomains resolve to the IP of the docker host. There is a reverse proxy running that will route the hostnames to the correct container. On the host, you will need to ensure the firewall is open on tcp ports 80, 443 and 4222.
-## Setting up the environment
+## 5. Setting up the environment
Get the docker-compose and .env.example file on the host you which to install on
@@ -33,9 +68,9 @@ mv .env.example .env
Change the values in .env to match your environment.
-If you are supplying certificates through Let's Encrypt or another source, see the section below about base64 encoding the certificate files.
+When supplying certificates through Let's Encrypt, see the section below about base64 encoding the certificate files.
-## Base64 encoding certificates to pass as env variables
+### A. Base64 encoding certificates to pass as env variables
Use the below command to add the the correct values to the .env.
@@ -54,7 +89,7 @@ echo "CERT_PUB_KEY=$(sudo base64 -w 0 /path/to/pub/key)" >> .env
echo "CERT_PRIV_KEY=$(sudo base64 -w 0 /path/to/priv/key)" >> .env
```
-## Starting the environment
+## 6. Starting the environment
Run the below command to start the environment.
@@ -64,7 +99,7 @@ sudo docker-compose up -d
Removing the -d will start the containers in the foreground and is useful for debugging.
-## Get MeshCentral EXE download link
+## 7. Get MeshCentral EXE download link
Run the below command to get the download link for the mesh central exe. This needs to be uploaded on first successful signin.
@@ -72,6 +107,16 @@ Run the below command to get the download link for the mesh central exe. This ne
sudo docker-compose exec tactical-backend python manage.py get_mesh_exe_url
```
-## Backups
+Download the mesh agent:
+
+
+
+Navigate to `https://rmm.example.com` and login with the username/password you created during install.
+
+Once logged in, you will be redirected to the initial setup page.
+
+Create your first client/site, choose the default timezone and then upload the mesh agent you just downloaded.
+
+## Note about Backups
The backup script **does not** work with docker. To backup your install use [standard docker backup/restore](https://docs.docker.com/desktop/backup-and-restore/) processes.
diff --git a/docs/docs/install_server.md b/docs/docs/install_server.md
index 6179accc..2d172ce8 100644
--- a/docs/docs/install_server.md
+++ b/docs/docs/install_server.md
@@ -131,7 +131,7 @@ Answer the initial questions when prompted. Replace `example.com` with your doma
-### Deploy the TXT record in your DNS manager
+### Deploy the TXT record in your DNS manager for Lets Encrypt wildcard certs
!!!warning
TXT records can take anywhere from 1 minute to a few hours to propogate depending on your DNS provider.
@@ -149,6 +149,8 @@ Create a login for the RMM web UI:
A bunch of URLS / usernames / passwords will be printed out at the end of the install script. **Save these somewhere safe.** [Recover them if you didn't](faq.md#how-do-i-recover-my-meshcentral-login-credentials)
+### Upload mesh agents
+
Copy the url for the meshagent exe (`https://mesh.example.com/agentinvite?c=......`), paste it in your browser and download the mesh agent:
@@ -181,6 +183,9 @@ Login to your router/NAT device.
1. Set your TRMM server as a static IP (Use a DHCP reservation is usually safer)
2. Create 2 port forwarding rules. `TCP Port 443` and `TCP Port 4222` to your TRMM servers private IP address.
+
+!!!note
+ can help with Port Forwarding setup
### You're Done
diff --git a/docs/docs/troubleshooting.md b/docs/docs/troubleshooting.md
index 594c54d5..d689ac0a 100644
--- a/docs/docs/troubleshooting.md
+++ b/docs/docs/troubleshooting.md
@@ -26,7 +26,7 @@ ping mesh.example.com
The IP address for all 3 should reflect your Tactical RMM server
-## Problems after new install
+## Problems after new server install
In the very unlikely event you have issues after install please wipe the box and install again (following all the steps including downloading the install script but not running it) use the following command which will log the install progress and if you continue to have issues will assist with support of the installation.
@@ -47,9 +47,9 @@ If you see an error about SSL or certificate expired, then your Let's Encrypt ce
Refer to the Let's Encrypt cert renewal instructions [here](update_server.md#keeping-your-lets-encrypt-certificate-up-to-date)
-## Agents not updating
+## Agents not installing or updating
-The most common problem we've seen of agents not updating is due to Antivirus blocking the updater executable.
+The most common problem we've seen of agents not installing or updating is due to Antivirus blocking the updater executable.
Windows Defender will 100% of the time block the updater from running unless an exclusion is set.
diff --git a/docs/docs/unsupported_scripts.md b/docs/docs/unsupported_scripts.md
index 99fccf90..22a7b1ea 100644
--- a/docs/docs/unsupported_scripts.md
+++ b/docs/docs/unsupported_scripts.md
@@ -539,3 +539,9 @@ done
###Renew certs can be done by sudo letsencrypt renew (this should automatically be in /etc/cron.d/certbot)
```
+
+### Using your own certs with Docker
+
+Let's Encrypt is the only officially supported method of obtaining wildcard certificates. Publicly signed certificates should work but have not been fully tested.
+
+If you are providing your own publicly signed certificates, ensure you download the **full chain** (combined CA/Root + Intermediary) certificate in pem format. If certificates are not provided, a self-signed certificate will be generated and most agent functions won't work.
diff --git a/scripts_wip/Win_Bitlocker_Enable.ps1 b/scripts_wip/Win_Bitlocker_Enable.ps1
new file mode 100644
index 00000000..5127c96c
--- /dev/null
+++ b/scripts_wip/Win_Bitlocker_Enable.ps1
@@ -0,0 +1,27 @@
+<#
+.SYNOPSIS
+ Enables Bitlocker
+
+.DESCRIPTION
+ Enables bitlocker, and shows recovery keys
+
+.OUTPUTS
+ Results are printed to the console.
+
+.NOTES
+ Change Log
+ V1.0 Initial release from dinger1986 https://discord.com/channels/736478043522072608/744281869499105290/836871708790882384
+#>
+
+If(!(test-path C:\TEMP\))
+{
+ New-Item -ItemType Directory -Force -Path C:\TEMP\
+}
+
+Enable-Bitlocker -MountPoint c: -UsedSpaceOnly -SkipHardwareTest -RecoveryPasswordProtector
+manage-bde -protectors C: -get
+
+$bitlockerkey = manage-bde -protectors C: -get
+(
+echo $bitlockerkey
+)>"C:\Temp\bitlockerkey.txt"
\ No newline at end of file