From 72fb7425790f2e1997967a0fda01cb8286ec81de Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 12:31:29 -0500 Subject: [PATCH 01/36] Create config.json --- default-configs/mesh/config.json | 1 + 1 file changed, 1 insertion(+) create mode 100644 default-configs/mesh/config.json diff --git a/default-configs/mesh/config.json b/default-configs/mesh/config.json new file mode 100644 index 0000000000..48cdce8528 --- /dev/null +++ b/default-configs/mesh/config.json @@ -0,0 +1 @@ +placeholder From a7f79a2b8bea8f737d71319ee9d12f30ee1f22ef Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 12:33:43 -0500 Subject: [PATCH 02/36] Change URLs to defaults for editing during install --- default-configs/mesh/config.json | 35 +++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/default-configs/mesh/config.json b/default-configs/mesh/config.json index 48cdce8528..52ae3097f2 100644 --- a/default-configs/mesh/config.json +++ b/default-configs/mesh/config.json @@ -1 +1,34 @@ -placeholder +{ + "settings": { + "Cert": "mesh.example.com", + "MongoDb": "mongodb://127.0.0.1:27017", + "MongoDbName": "meshcentral", + "WANonly": true, + "Minify": 1, + "Port": 4443, + "AgentAliasPort": 443, + "AliasPort": 443, + "AllowLoginToken": true, + "AllowFraming": true, + "_AgentPing": 60, + "AgentPong": 300, + "AllowHighQualityDesktop": true, + "TlsOffload": "127.0.0.1", + "agentCoreDump": false, + "Compression": true, + "WsCompression": true, + "AgentWsCompression": true, + "MaxInvalidLogin": { "time": 5, "count": 5, "coolofftime": 30 } + }, + "domains": { + "": { + "Title": "Tactical RMM", + "Title2": "Tactical RMM", + "NewAccounts": false, + "CertUrl": "https://mesh.example.com/", + "GeoLocation": true, + "CookieIpCheck": false, + "mstsc": true + } + } +} From ab02d877dda22fa6fd1aac715fa4c8ff19cf93f6 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 12:39:23 -0500 Subject: [PATCH 03/36] Update config.json --- default-configs/mesh/config.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/default-configs/mesh/config.json b/default-configs/mesh/config.json index 52ae3097f2..15eaf705f8 100644 --- a/default-configs/mesh/config.json +++ b/default-configs/mesh/config.json @@ -1,6 +1,6 @@ { "settings": { - "Cert": "mesh.example.com", + "Cert": "meshdomain", "MongoDb": "mongodb://127.0.0.1:27017", "MongoDbName": "meshcentral", "WANonly": true, @@ -25,7 +25,7 @@ "Title": "Tactical RMM", "Title2": "Tactical RMM", "NewAccounts": false, - "CertUrl": "https://mesh.example.com/", + "CertUrl": "https://meshdomain/", "GeoLocation": true, "CookieIpCheck": false, "mstsc": true From 26462672a98e9c6c1a8c38aefeaabe4b666fc479 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 12:42:05 -0500 Subject: [PATCH 04/36] Create local_settings.py --- default-configs/python/local_settings.py | 27 ++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 default-configs/python/local_settings.py diff --git a/default-configs/python/local_settings.py b/default-configs/python/local_settings.py new file mode 100644 index 0000000000..908a9faccb --- /dev/null +++ b/default-configs/python/local_settings.py @@ -0,0 +1,27 @@ +SECRET_KEY = "DJANGO_SEKRET" + +DEBUG = False + +ALLOWED_HOSTS = ['rmmdomain'] + +ADMIN_URL = "ADMINURL/" + +CORS_ORIGIN_WHITELIST = [ + "https://frontenddomain" +] + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': 'tacticalrmm', + 'USER': 'pgusername', + 'PASSWORD': 'pgpw', + 'HOST': 'localhost', + 'PORT': '5432', + } +} + +MESH_USERNAME = "meshusername" +MESH_SITE = "https://meshdomain" +REDIS_HOST = "localhost" +ADMIN_ENABLED = True From 8799af46e9d9c37d25a83123bf5a71790b1c83dd Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 12:44:41 -0500 Subject: [PATCH 05/36] Create app.ini --- default-configs/uwsgi/app.ini | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 default-configs/uwsgi/app.ini diff --git a/default-configs/uwsgi/app.ini b/default-configs/uwsgi/app.ini new file mode 100644 index 0000000000..839ad00745 --- /dev/null +++ b/default-configs/uwsgi/app.ini @@ -0,0 +1,16 @@ +[uwsgi] +chdir = /rmm/api/tacticalrmm +module = tacticalrmm.wsgi +home = /rmm/api/env +master = true +processes = uwsgiprocs +threads = uwsgiprocs +enable-threads = true +socket = /rmm/api/tacticalrmm/tacticalrmm.sock +harakiri = 300 +chmod-socket = 660 +buffer-size = 65535 +vacuum = true +die-on-term = true +max-requests = 500 +disable-logging = true From 84a39dd72f97c8c20b8cebabc801c0f941e70c53 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 12:50:33 -0500 Subject: [PATCH 06/36] Create rmm.service --- service-definitions/rmm.service | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 service-definitions/rmm.service diff --git a/service-definitions/rmm.service b/service-definitions/rmm.service new file mode 100644 index 0000000000..8967bc243a --- /dev/null +++ b/service-definitions/rmm.service @@ -0,0 +1,15 @@ +[Unit] +Description=tacticalrmm uwsgi daemon +After=network.target postgresql.service + +[Service] +User=REPLACEME +Group=www-data +WorkingDirectory=/rmm/api/tacticalrmm +Environment="PATH=/rmm/api/env/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +ExecStart=/rmm/api/env/bin/uwsgi --ini app.ini +Restart=always +RestartSec=10s + +[Install] +WantedBy=multi-user.target From f026940362390ac5bb7bedcabab77d10943f3300 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 12:51:42 -0500 Subject: [PATCH 07/36] Create daphne.service --- service-definitions/daphne.service | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 service-definitions/daphne.service diff --git a/service-definitions/daphne.service b/service-definitions/daphne.service new file mode 100644 index 0000000000..a1576ad889 --- /dev/null +++ b/service-definitions/daphne.service @@ -0,0 +1,15 @@ +[Unit] +Description=django channels daemon +After=network.target + +[Service] +User=REPLACEME +Group=www-data +WorkingDirectory=/rmm/api/tacticalrmm +Environment="PATH=/rmm/api/env/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +ExecStart=/rmm/api/env/bin/daphne -u /rmm/daphne.sock tacticalrmm.asgi:application +Restart=always +RestartSec=3s + +[Install] +WantedBy=multi-user.target From 6b9b081350352dfbc176424b18768e5c62e05bed Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 12:53:04 -0500 Subject: [PATCH 08/36] Create nats.service --- service-definitions/nats.service | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 service-definitions/nats.service diff --git a/service-definitions/nats.service b/service-definitions/nats.service new file mode 100644 index 0000000000..bb85259f44 --- /dev/null +++ b/service-definitions/nats.service @@ -0,0 +1,18 @@ +[Unit] +Description=NATS Server +After=network.target + +[Service] +PrivateTmp=true +Type=simple +ExecStart=/usr/local/bin/nats-server -c /rmm/api/tacticalrmm/nats-rmm.conf +ExecReload=/usr/bin/kill -s HUP \$MAINPID +ExecStop=/usr/bin/kill -s SIGINT \$MAINPID +User=REPLACEME +Group=www-data +Restart=always +RestartSec=5s +LimitNOFILE=1000000 + +[Install] +WantedBy=multi-user.target From d0f932cc79014c4997f670bbbac940ec1d4a44e3 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 12:54:17 -0500 Subject: [PATCH 09/36] Create nats-api.service --- service-definitions/nats-api.service | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 service-definitions/nats-api.service diff --git a/service-definitions/nats-api.service b/service-definitions/nats-api.service new file mode 100644 index 0000000000..90e26f8ec2 --- /dev/null +++ b/service-definitions/nats-api.service @@ -0,0 +1,14 @@ +[Unit] +Description=TacticalRMM Nats Api v1 +After=nats.service + +[Service] +Type=simple +ExecStart=/usr/local/bin/nats-api +User=REPLACEME +Group=REPLACEME +Restart=always +RestartSec=5s + +[Install] +WantedBy=multi-user.target From 52867db790fb47eafa90fb9b7386c879d2bb75ed Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 13:02:53 -0500 Subject: [PATCH 10/36] Create celery.service --- service-definitions/celery.service | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 service-definitions/celery.service diff --git a/service-definitions/celery.service b/service-definitions/celery.service new file mode 100644 index 0000000000..6bd94eacf2 --- /dev/null +++ b/service-definitions/celery.service @@ -0,0 +1,18 @@ +[Unit] +Description=Celery Service V2 +After=network.target redis-server.service postgresql.service + +[Service] +Type=forking +User=REPLACEME +Group=REPLACEME +EnvironmentFile=/etc/conf.d/celery.conf +WorkingDirectory=/rmm/api/tacticalrmm +ExecStart=/bin/sh -c '\${CELERY_BIN} -A \$CELERY_APP multi start \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel="\${CELERYD_LOG_LEVEL}" \$CELERYD_OPTS' +ExecStop=/bin/sh -c '\${CELERY_BIN} multi stopwait \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --loglevel="\${CELERYD_LOG_LEVEL}"' +ExecReload=/bin/sh -c '\${CELERY_BIN} -A \$CELERY_APP multi restart \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel="\${CELERYD_LOG_LEVEL}" \$CELERYD_OPTS' +Restart=always +RestartSec=10s + +[Install] +WantedBy=multi-user.target From 4183be2588387616d3bd091a6f8533f99da2d0c8 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 13:04:04 -0500 Subject: [PATCH 11/36] Create celery.conf --- default-configs/celery/celery.conf | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 default-configs/celery/celery.conf diff --git a/default-configs/celery/celery.conf b/default-configs/celery/celery.conf new file mode 100644 index 0000000000..92cb5e1486 --- /dev/null +++ b/default-configs/celery/celery.conf @@ -0,0 +1,16 @@ +CELERYD_NODES="w1" + +CELERY_BIN="/rmm/api/env/bin/celery" + +CELERY_APP="tacticalrmm" + +CELERYD_MULTI="multi" + +CELERYD_OPTS="--time-limit=86400 --autoscale=20,2" + +CELERYD_PID_FILE="/rmm/api/tacticalrmm/%n.pid" +CELERYD_LOG_FILE="/var/log/celery/%n%I.log" +CELERYD_LOG_LEVEL="ERROR" + +CELERYBEAT_PID_FILE="/rmm/api/tacticalrmm/beat.pid" +CELERYBEAT_LOG_FILE="/var/log/celery/beat.log" From d5646579eafe60f63b75a0ddcecf79270db2e8f3 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 13:05:23 -0500 Subject: [PATCH 12/36] Create meshcentral.conf --- default-configs/nginx/meshcentral.conf | 39 ++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 default-configs/nginx/meshcentral.conf diff --git a/default-configs/nginx/meshcentral.conf b/default-configs/nginx/meshcentral.conf new file mode 100644 index 0000000000..1cadf5b94f --- /dev/null +++ b/default-configs/nginx/meshcentral.conf @@ -0,0 +1,39 @@ +server { + listen 80; + listen [::]:80; + server_name ${meshdomain}; + return 301 https://\$server_name\$request_uri; +} + +server { + + listen 443 ssl; + listen [::]:443 ssl; + proxy_send_timeout 330s; + proxy_read_timeout 330s; + server_name ${meshdomain}; + ssl_certificate ${CERT_PUB_KEY}; + ssl_certificate_key ${CERT_PRIV_KEY}; + + ssl_session_cache shared:WEBSSL:10m; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers EECDH+AESGCM:EDH+AESGCM; + ssl_ecdh_curve secp384r1; + ssl_stapling on; + ssl_stapling_verify on; + add_header X-Content-Type-Options nosniff; + + location / { + proxy_pass http://127.0.0.1:4443/; + proxy_http_version 1.1; + + proxy_set_header Host \$host; + proxy_set_header Upgrade \$http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-Host \$host:\$server_port; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + } +} From 3c15fe87dd4026b57fdb3f7ceef6e24fe8646b0d Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 13:06:35 -0500 Subject: [PATCH 13/36] Create rmm.conf --- default-configs/nginx/rmm.conf | 68 ++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 default-configs/nginx/rmm.conf diff --git a/default-configs/nginx/rmm.conf b/default-configs/nginx/rmm.conf new file mode 100644 index 0000000000..7b036a2b70 --- /dev/null +++ b/default-configs/nginx/rmm.conf @@ -0,0 +1,68 @@ +server_tokens off; + +upstream tacticalrmm { + server unix:////rmm/api/tacticalrmm/tacticalrmm.sock; +} + +map \$http_user_agent \$ignore_ua { + "~python-requests.*" 0; + "~go-resty.*" 0; + default 1; +} + +server { + listen 80; + listen [::]:80; + server_name ${rmmdomain}; + return 301 https://\$server_name\$request_uri; +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name ${rmmdomain}; + client_max_body_size 300M; + access_log /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log combined if=\$ignore_ua; + error_log /rmm/api/tacticalrmm/tacticalrmm/private/log/error.log; + ssl_certificate ${CERT_PUB_KEY}; + ssl_certificate_key ${CERT_PRIV_KEY}; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers EECDH+AESGCM:EDH+AESGCM; + ssl_ecdh_curve secp384r1; + ssl_stapling on; + ssl_stapling_verify on; + add_header X-Content-Type-Options nosniff; + + location /static/ { + root /rmm/api/tacticalrmm; + } + + location /private/ { + internal; + add_header "Access-Control-Allow-Origin" "https://${frontenddomain}"; + alias /rmm/api/tacticalrmm/tacticalrmm/private/; + } + + location ~ ^/ws/ { + proxy_pass http://unix:/rmm/daphne.sock; + + proxy_http_version 1.1; + proxy_set_header Upgrade \$http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_redirect off; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host \$server_name; + } + + location / { + uwsgi_pass tacticalrmm; + include /etc/nginx/uwsgi_params; + uwsgi_read_timeout 300s; + uwsgi_ignore_client_abort on; + } +} From 678d089e15de5f43f39de40ac731921acb335e85 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 13:09:18 -0500 Subject: [PATCH 14/36] Create celerybeat.service --- service-definitions/celerybeat.service | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 service-definitions/celerybeat.service diff --git a/service-definitions/celerybeat.service b/service-definitions/celerybeat.service new file mode 100644 index 0000000000..d6cefee030 --- /dev/null +++ b/service-definitions/celerybeat.service @@ -0,0 +1,16 @@ +[Unit] +Description=Celery Beat Service V2 +After=network.target redis-server.service postgresql.service + +[Service] +Type=simple +User=REPLACEME +Group=REPLACEME +EnvironmentFile=/etc/conf.d/celery.conf +WorkingDirectory=/rmm/api/tacticalrmm +ExecStart=/bin/sh -c '\${CELERY_BIN} -A \${CELERY_APP} beat --pidfile=\${CELERYBEAT_PID_FILE} --logfile=\${CELERYBEAT_LOG_FILE} --loglevel=\${CELERYD_LOG_LEVEL}' +Restart=always +RestartSec=10s + +[Install] +WantedBy=multi-user.target From 0ba355d755a57ee9b63bda401d6c1f26f1d9825d Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 13:10:17 -0500 Subject: [PATCH 15/36] Create meshcentral.service --- service-definitions/meshcentral.service | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 service-definitions/meshcentral.service diff --git a/service-definitions/meshcentral.service b/service-definitions/meshcentral.service new file mode 100644 index 0000000000..bd5a528624 --- /dev/null +++ b/service-definitions/meshcentral.service @@ -0,0 +1,16 @@ +[Unit] +Description=MeshCentral Server +After=network.target mongod.service nginx.service +[Service] +Type=simple +LimitNOFILE=1000000 +ExecStart=/usr/bin/node node_modules/meshcentral +Environment=NODE_ENV=production +WorkingDirectory=/meshcentral +User=REPLACEME +Group=REPLACEME +Restart=always +RestartSec=10s + +[Install] +WantedBy=multi-user.target From 0798a5a51246ed22f1f37ce4e669a3a6dc453a55 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 13:11:30 -0500 Subject: [PATCH 16/36] Create frontend.conf --- default-configs/nginx/frontend.conf | 36 +++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 default-configs/nginx/frontend.conf diff --git a/default-configs/nginx/frontend.conf b/default-configs/nginx/frontend.conf new file mode 100644 index 0000000000..7b4bec28b4 --- /dev/null +++ b/default-configs/nginx/frontend.conf @@ -0,0 +1,36 @@ +server { + server_name ${frontenddomain}; + charset utf-8; + location / { + root /var/www/rmm/dist; + try_files \$uri \$uri/ /index.html; + add_header Cache-Control "no-store, no-cache, must-revalidate"; + add_header Pragma "no-cache"; + } + error_log /var/log/nginx/frontend-error.log; + access_log /var/log/nginx/frontend-access.log; + + listen 443 ssl; + listen [::]:443 ssl; + ssl_certificate ${CERT_PUB_KEY}; + ssl_certificate_key ${CERT_PRIV_KEY}; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers EECDH+AESGCM:EDH+AESGCM; + ssl_ecdh_curve secp384r1; + ssl_stapling on; + ssl_stapling_verify on; + add_header X-Content-Type-Options nosniff; +} + +server { + if (\$host = ${frontenddomain}) { + return 301 https://\$host\$request_uri; + } + + listen 80; + listen [::]:80; + server_name ${frontenddomain}; + return 404; +} From 5d27f6372e162ba581abd64aaaecd1d187b2c37f Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 14:20:34 -0500 Subject: [PATCH 17/36] Update frontend.conf --- default-configs/nginx/frontend.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/default-configs/nginx/frontend.conf b/default-configs/nginx/frontend.conf index 7b4bec28b4..0c0caa828b 100644 --- a/default-configs/nginx/frontend.conf +++ b/default-configs/nginx/frontend.conf @@ -1,5 +1,5 @@ server { - server_name ${frontenddomain}; + server_name rmm.example.com; charset utf-8; location / { root /var/www/rmm/dist; @@ -25,12 +25,12 @@ server { } server { - if (\$host = ${frontenddomain}) { + if (\$host = rmm.example.com) { return 301 https://\$host\$request_uri; } listen 80; listen [::]:80; - server_name ${frontenddomain}; + server_name rmm.example.com; return 404; } From be851c9b2e3ca1753cc809cfd72a8890fbc8869c Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 14:21:48 -0500 Subject: [PATCH 18/36] Update meshcentral.conf --- default-configs/nginx/meshcentral.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/default-configs/nginx/meshcentral.conf b/default-configs/nginx/meshcentral.conf index 1cadf5b94f..894108a2e7 100644 --- a/default-configs/nginx/meshcentral.conf +++ b/default-configs/nginx/meshcentral.conf @@ -1,7 +1,7 @@ server { listen 80; listen [::]:80; - server_name ${meshdomain}; + server_name mesh.example.com; return 301 https://\$server_name\$request_uri; } @@ -11,7 +11,7 @@ server { listen [::]:443 ssl; proxy_send_timeout 330s; proxy_read_timeout 330s; - server_name ${meshdomain}; + server_name mesh.example.com; ssl_certificate ${CERT_PUB_KEY}; ssl_certificate_key ${CERT_PRIV_KEY}; From edab4f791b0ccc6d371be35e11d3e105812da332 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 14:29:49 -0500 Subject: [PATCH 19/36] Update rmm.conf --- default-configs/nginx/rmm.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/default-configs/nginx/rmm.conf b/default-configs/nginx/rmm.conf index 7b036a2b70..9e90a41e56 100644 --- a/default-configs/nginx/rmm.conf +++ b/default-configs/nginx/rmm.conf @@ -13,14 +13,14 @@ map \$http_user_agent \$ignore_ua { server { listen 80; listen [::]:80; - server_name ${rmmdomain}; + server_name api.example.com; return 301 https://\$server_name\$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; - server_name ${rmmdomain}; + server_name api.example.com; client_max_body_size 300M; access_log /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log combined if=\$ignore_ua; error_log /rmm/api/tacticalrmm/tacticalrmm/private/log/error.log; @@ -41,7 +41,7 @@ server { location /private/ { internal; - add_header "Access-Control-Allow-Origin" "https://${frontenddomain}"; + add_header "Access-Control-Allow-Origin" "https://rmm.example.com"; alias /rmm/api/tacticalrmm/tacticalrmm/private/; } From 621273c1c2a5e16907706db199943f0ea625e181 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 14:31:21 -0500 Subject: [PATCH 20/36] Update frontend.conf --- default-configs/nginx/frontend.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/default-configs/nginx/frontend.conf b/default-configs/nginx/frontend.conf index 0c0caa828b..c8a4fea73b 100644 --- a/default-configs/nginx/frontend.conf +++ b/default-configs/nginx/frontend.conf @@ -12,8 +12,8 @@ server { listen 443 ssl; listen [::]:443 ssl; - ssl_certificate ${CERT_PUB_KEY}; - ssl_certificate_key ${CERT_PRIV_KEY}; + ssl_certificate /etc/ssl/certs/fullchain.pem; + ssl_certificate_key /etc/ssl/private/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; From 3ff42423c54fd0cf21d322492ad79ea204dbba8c Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 14:31:44 -0500 Subject: [PATCH 21/36] Update meshcentral.conf --- default-configs/nginx/meshcentral.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/default-configs/nginx/meshcentral.conf b/default-configs/nginx/meshcentral.conf index 894108a2e7..242497dd36 100644 --- a/default-configs/nginx/meshcentral.conf +++ b/default-configs/nginx/meshcentral.conf @@ -12,8 +12,8 @@ server { proxy_send_timeout 330s; proxy_read_timeout 330s; server_name mesh.example.com; - ssl_certificate ${CERT_PUB_KEY}; - ssl_certificate_key ${CERT_PRIV_KEY}; + ssl_certificate /etc/ssl/certs/fullchain.pem; + ssl_certificate_key /etc/ssl/private/privkey.pem; ssl_session_cache shared:WEBSSL:10m; From fbd01646209061b2e4f734ca5b0ba01f36473f00 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 14:32:28 -0500 Subject: [PATCH 22/36] Update rmm.conf --- default-configs/nginx/rmm.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/default-configs/nginx/rmm.conf b/default-configs/nginx/rmm.conf index 9e90a41e56..5bead63cb0 100644 --- a/default-configs/nginx/rmm.conf +++ b/default-configs/nginx/rmm.conf @@ -24,8 +24,8 @@ server { client_max_body_size 300M; access_log /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log combined if=\$ignore_ua; error_log /rmm/api/tacticalrmm/tacticalrmm/private/log/error.log; - ssl_certificate ${CERT_PUB_KEY}; - ssl_certificate_key ${CERT_PRIV_KEY}; + ssl_certificate /etc/ssl/certs/fullchain.pem; + ssl_certificate_key /etc/ssl/private/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; From 1f30e57db25b9a618329b035f4a4fd3bdd508e8b Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 14:33:46 -0500 Subject: [PATCH 23/36] Update config.json --- default-configs/mesh/config.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/default-configs/mesh/config.json b/default-configs/mesh/config.json index 15eaf705f8..52ae3097f2 100644 --- a/default-configs/mesh/config.json +++ b/default-configs/mesh/config.json @@ -1,6 +1,6 @@ { "settings": { - "Cert": "meshdomain", + "Cert": "mesh.example.com", "MongoDb": "mongodb://127.0.0.1:27017", "MongoDbName": "meshcentral", "WANonly": true, @@ -25,7 +25,7 @@ "Title": "Tactical RMM", "Title2": "Tactical RMM", "NewAccounts": false, - "CertUrl": "https://meshdomain/", + "CertUrl": "https://mesh.example.com/", "GeoLocation": true, "CookieIpCheck": false, "mstsc": true From 84e941b72ae9ebe069a23b811b0d1c07b7b5c3f5 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Wed, 1 Jun 2022 14:36:12 -0500 Subject: [PATCH 24/36] Update local_settings.py --- default-configs/python/local_settings.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/default-configs/python/local_settings.py b/default-configs/python/local_settings.py index 908a9faccb..954b54a650 100644 --- a/default-configs/python/local_settings.py +++ b/default-configs/python/local_settings.py @@ -2,12 +2,12 @@ DEBUG = False -ALLOWED_HOSTS = ['rmmdomain'] +ALLOWED_HOSTS = ['api.example.com'] ADMIN_URL = "ADMINURL/" CORS_ORIGIN_WHITELIST = [ - "https://frontenddomain" + "https://rmm.example.com" ] DATABASES = { @@ -22,6 +22,6 @@ } MESH_USERNAME = "meshusername" -MESH_SITE = "https://meshdomain" +MESH_SITE = "https://mesh.example.com" REDIS_HOST = "localhost" ADMIN_ENABLED = True From 9a9789de2c4f269e6500f7b9f188fed561dd2cce Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Thu, 9 Jun 2022 20:27:29 -0500 Subject: [PATCH 25/36] Update app.ini --- default-configs/uwsgi/app.ini | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/default-configs/uwsgi/app.ini b/default-configs/uwsgi/app.ini index 839ad00745..5875198cb7 100644 --- a/default-configs/uwsgi/app.ini +++ b/default-configs/uwsgi/app.ini @@ -3,8 +3,8 @@ chdir = /rmm/api/tacticalrmm module = tacticalrmm.wsgi home = /rmm/api/env master = true -processes = uwsgiprocs -threads = uwsgiprocs +processes = uwsgiprocs1 +threads = uwsgiprocs2 enable-threads = true socket = /rmm/api/tacticalrmm/tacticalrmm.sock harakiri = 300 From af050c615d01e43a229d375ce33a0f35637eb046 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Sun, 17 Jul 2022 16:38:33 -0500 Subject: [PATCH 26/36] Delete default-configs directory --- default-configs/celery/celery.conf | 16 ------ default-configs/mesh/config.json | 34 ------------ default-configs/nginx/frontend.conf | 36 ------------- default-configs/nginx/meshcentral.conf | 39 -------------- default-configs/nginx/rmm.conf | 68 ------------------------ default-configs/python/local_settings.py | 27 ---------- default-configs/uwsgi/app.ini | 16 ------ 7 files changed, 236 deletions(-) delete mode 100644 default-configs/celery/celery.conf delete mode 100644 default-configs/mesh/config.json delete mode 100644 default-configs/nginx/frontend.conf delete mode 100644 default-configs/nginx/meshcentral.conf delete mode 100644 default-configs/nginx/rmm.conf delete mode 100644 default-configs/python/local_settings.py delete mode 100644 default-configs/uwsgi/app.ini diff --git a/default-configs/celery/celery.conf b/default-configs/celery/celery.conf deleted file mode 100644 index 92cb5e1486..0000000000 --- a/default-configs/celery/celery.conf +++ /dev/null @@ -1,16 +0,0 @@ -CELERYD_NODES="w1" - -CELERY_BIN="/rmm/api/env/bin/celery" - -CELERY_APP="tacticalrmm" - -CELERYD_MULTI="multi" - -CELERYD_OPTS="--time-limit=86400 --autoscale=20,2" - -CELERYD_PID_FILE="/rmm/api/tacticalrmm/%n.pid" -CELERYD_LOG_FILE="/var/log/celery/%n%I.log" -CELERYD_LOG_LEVEL="ERROR" - -CELERYBEAT_PID_FILE="/rmm/api/tacticalrmm/beat.pid" -CELERYBEAT_LOG_FILE="/var/log/celery/beat.log" diff --git a/default-configs/mesh/config.json b/default-configs/mesh/config.json deleted file mode 100644 index 52ae3097f2..0000000000 --- a/default-configs/mesh/config.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "settings": { - "Cert": "mesh.example.com", - "MongoDb": "mongodb://127.0.0.1:27017", - "MongoDbName": "meshcentral", - "WANonly": true, - "Minify": 1, - "Port": 4443, - "AgentAliasPort": 443, - "AliasPort": 443, - "AllowLoginToken": true, - "AllowFraming": true, - "_AgentPing": 60, - "AgentPong": 300, - "AllowHighQualityDesktop": true, - "TlsOffload": "127.0.0.1", - "agentCoreDump": false, - "Compression": true, - "WsCompression": true, - "AgentWsCompression": true, - "MaxInvalidLogin": { "time": 5, "count": 5, "coolofftime": 30 } - }, - "domains": { - "": { - "Title": "Tactical RMM", - "Title2": "Tactical RMM", - "NewAccounts": false, - "CertUrl": "https://mesh.example.com/", - "GeoLocation": true, - "CookieIpCheck": false, - "mstsc": true - } - } -} diff --git a/default-configs/nginx/frontend.conf b/default-configs/nginx/frontend.conf deleted file mode 100644 index c8a4fea73b..0000000000 --- a/default-configs/nginx/frontend.conf +++ /dev/null @@ -1,36 +0,0 @@ -server { - server_name rmm.example.com; - charset utf-8; - location / { - root /var/www/rmm/dist; - try_files \$uri \$uri/ /index.html; - add_header Cache-Control "no-store, no-cache, must-revalidate"; - add_header Pragma "no-cache"; - } - error_log /var/log/nginx/frontend-error.log; - access_log /var/log/nginx/frontend-access.log; - - listen 443 ssl; - listen [::]:443 ssl; - ssl_certificate /etc/ssl/certs/fullchain.pem; - ssl_certificate_key /etc/ssl/private/privkey.pem; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers on; - ssl_ciphers EECDH+AESGCM:EDH+AESGCM; - ssl_ecdh_curve secp384r1; - ssl_stapling on; - ssl_stapling_verify on; - add_header X-Content-Type-Options nosniff; -} - -server { - if (\$host = rmm.example.com) { - return 301 https://\$host\$request_uri; - } - - listen 80; - listen [::]:80; - server_name rmm.example.com; - return 404; -} diff --git a/default-configs/nginx/meshcentral.conf b/default-configs/nginx/meshcentral.conf deleted file mode 100644 index 242497dd36..0000000000 --- a/default-configs/nginx/meshcentral.conf +++ /dev/null @@ -1,39 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name mesh.example.com; - return 301 https://\$server_name\$request_uri; -} - -server { - - listen 443 ssl; - listen [::]:443 ssl; - proxy_send_timeout 330s; - proxy_read_timeout 330s; - server_name mesh.example.com; - ssl_certificate /etc/ssl/certs/fullchain.pem; - ssl_certificate_key /etc/ssl/private/privkey.pem; - - ssl_session_cache shared:WEBSSL:10m; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers on; - ssl_ciphers EECDH+AESGCM:EDH+AESGCM; - ssl_ecdh_curve secp384r1; - ssl_stapling on; - ssl_stapling_verify on; - add_header X-Content-Type-Options nosniff; - - location / { - proxy_pass http://127.0.0.1:4443/; - proxy_http_version 1.1; - - proxy_set_header Host \$host; - proxy_set_header Upgrade \$http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Forwarded-Host \$host:\$server_port; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto \$scheme; - } -} diff --git a/default-configs/nginx/rmm.conf b/default-configs/nginx/rmm.conf deleted file mode 100644 index 5bead63cb0..0000000000 --- a/default-configs/nginx/rmm.conf +++ /dev/null @@ -1,68 +0,0 @@ -server_tokens off; - -upstream tacticalrmm { - server unix:////rmm/api/tacticalrmm/tacticalrmm.sock; -} - -map \$http_user_agent \$ignore_ua { - "~python-requests.*" 0; - "~go-resty.*" 0; - default 1; -} - -server { - listen 80; - listen [::]:80; - server_name api.example.com; - return 301 https://\$server_name\$request_uri; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name api.example.com; - client_max_body_size 300M; - access_log /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log combined if=\$ignore_ua; - error_log /rmm/api/tacticalrmm/tacticalrmm/private/log/error.log; - ssl_certificate /etc/ssl/certs/fullchain.pem; - ssl_certificate_key /etc/ssl/private/privkey.pem; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers on; - ssl_ciphers EECDH+AESGCM:EDH+AESGCM; - ssl_ecdh_curve secp384r1; - ssl_stapling on; - ssl_stapling_verify on; - add_header X-Content-Type-Options nosniff; - - location /static/ { - root /rmm/api/tacticalrmm; - } - - location /private/ { - internal; - add_header "Access-Control-Allow-Origin" "https://rmm.example.com"; - alias /rmm/api/tacticalrmm/tacticalrmm/private/; - } - - location ~ ^/ws/ { - proxy_pass http://unix:/rmm/daphne.sock; - - proxy_http_version 1.1; - proxy_set_header Upgrade \$http_upgrade; - proxy_set_header Connection "upgrade"; - - proxy_redirect off; - proxy_set_header Host \$host; - proxy_set_header X-Real-IP \$remote_addr; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host \$server_name; - } - - location / { - uwsgi_pass tacticalrmm; - include /etc/nginx/uwsgi_params; - uwsgi_read_timeout 300s; - uwsgi_ignore_client_abort on; - } -} diff --git a/default-configs/python/local_settings.py b/default-configs/python/local_settings.py deleted file mode 100644 index 954b54a650..0000000000 --- a/default-configs/python/local_settings.py +++ /dev/null @@ -1,27 +0,0 @@ -SECRET_KEY = "DJANGO_SEKRET" - -DEBUG = False - -ALLOWED_HOSTS = ['api.example.com'] - -ADMIN_URL = "ADMINURL/" - -CORS_ORIGIN_WHITELIST = [ - "https://rmm.example.com" -] - -DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.postgresql', - 'NAME': 'tacticalrmm', - 'USER': 'pgusername', - 'PASSWORD': 'pgpw', - 'HOST': 'localhost', - 'PORT': '5432', - } -} - -MESH_USERNAME = "meshusername" -MESH_SITE = "https://mesh.example.com" -REDIS_HOST = "localhost" -ADMIN_ENABLED = True diff --git a/default-configs/uwsgi/app.ini b/default-configs/uwsgi/app.ini deleted file mode 100644 index 5875198cb7..0000000000 --- a/default-configs/uwsgi/app.ini +++ /dev/null @@ -1,16 +0,0 @@ -[uwsgi] -chdir = /rmm/api/tacticalrmm -module = tacticalrmm.wsgi -home = /rmm/api/env -master = true -processes = uwsgiprocs1 -threads = uwsgiprocs2 -enable-threads = true -socket = /rmm/api/tacticalrmm/tacticalrmm.sock -harakiri = 300 -chmod-socket = 660 -buffer-size = 65535 -vacuum = true -die-on-term = true -max-requests = 500 -disable-logging = true From 3413a9dd7d6df2d83523c670b7343004b889c7fa Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Sun, 17 Jul 2022 16:39:01 -0500 Subject: [PATCH 27/36] Delete service-definitions directory --- service-definitions/celery.service | 18 ------------------ service-definitions/celerybeat.service | 16 ---------------- service-definitions/daphne.service | 15 --------------- service-definitions/meshcentral.service | 16 ---------------- service-definitions/nats-api.service | 14 -------------- service-definitions/nats.service | 18 ------------------ service-definitions/rmm.service | 15 --------------- 7 files changed, 112 deletions(-) delete mode 100644 service-definitions/celery.service delete mode 100644 service-definitions/celerybeat.service delete mode 100644 service-definitions/daphne.service delete mode 100644 service-definitions/meshcentral.service delete mode 100644 service-definitions/nats-api.service delete mode 100644 service-definitions/nats.service delete mode 100644 service-definitions/rmm.service diff --git a/service-definitions/celery.service b/service-definitions/celery.service deleted file mode 100644 index 6bd94eacf2..0000000000 --- a/service-definitions/celery.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=Celery Service V2 -After=network.target redis-server.service postgresql.service - -[Service] -Type=forking -User=REPLACEME -Group=REPLACEME -EnvironmentFile=/etc/conf.d/celery.conf -WorkingDirectory=/rmm/api/tacticalrmm -ExecStart=/bin/sh -c '\${CELERY_BIN} -A \$CELERY_APP multi start \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel="\${CELERYD_LOG_LEVEL}" \$CELERYD_OPTS' -ExecStop=/bin/sh -c '\${CELERY_BIN} multi stopwait \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --loglevel="\${CELERYD_LOG_LEVEL}"' -ExecReload=/bin/sh -c '\${CELERY_BIN} -A \$CELERY_APP multi restart \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel="\${CELERYD_LOG_LEVEL}" \$CELERYD_OPTS' -Restart=always -RestartSec=10s - -[Install] -WantedBy=multi-user.target diff --git a/service-definitions/celerybeat.service b/service-definitions/celerybeat.service deleted file mode 100644 index d6cefee030..0000000000 --- a/service-definitions/celerybeat.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Celery Beat Service V2 -After=network.target redis-server.service postgresql.service - -[Service] -Type=simple -User=REPLACEME -Group=REPLACEME -EnvironmentFile=/etc/conf.d/celery.conf -WorkingDirectory=/rmm/api/tacticalrmm -ExecStart=/bin/sh -c '\${CELERY_BIN} -A \${CELERY_APP} beat --pidfile=\${CELERYBEAT_PID_FILE} --logfile=\${CELERYBEAT_LOG_FILE} --loglevel=\${CELERYD_LOG_LEVEL}' -Restart=always -RestartSec=10s - -[Install] -WantedBy=multi-user.target diff --git a/service-definitions/daphne.service b/service-definitions/daphne.service deleted file mode 100644 index a1576ad889..0000000000 --- a/service-definitions/daphne.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=django channels daemon -After=network.target - -[Service] -User=REPLACEME -Group=www-data -WorkingDirectory=/rmm/api/tacticalrmm -Environment="PATH=/rmm/api/env/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -ExecStart=/rmm/api/env/bin/daphne -u /rmm/daphne.sock tacticalrmm.asgi:application -Restart=always -RestartSec=3s - -[Install] -WantedBy=multi-user.target diff --git a/service-definitions/meshcentral.service b/service-definitions/meshcentral.service deleted file mode 100644 index bd5a528624..0000000000 --- a/service-definitions/meshcentral.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=MeshCentral Server -After=network.target mongod.service nginx.service -[Service] -Type=simple -LimitNOFILE=1000000 -ExecStart=/usr/bin/node node_modules/meshcentral -Environment=NODE_ENV=production -WorkingDirectory=/meshcentral -User=REPLACEME -Group=REPLACEME -Restart=always -RestartSec=10s - -[Install] -WantedBy=multi-user.target diff --git a/service-definitions/nats-api.service b/service-definitions/nats-api.service deleted file mode 100644 index 90e26f8ec2..0000000000 --- a/service-definitions/nats-api.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=TacticalRMM Nats Api v1 -After=nats.service - -[Service] -Type=simple -ExecStart=/usr/local/bin/nats-api -User=REPLACEME -Group=REPLACEME -Restart=always -RestartSec=5s - -[Install] -WantedBy=multi-user.target diff --git a/service-definitions/nats.service b/service-definitions/nats.service deleted file mode 100644 index bb85259f44..0000000000 --- a/service-definitions/nats.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=NATS Server -After=network.target - -[Service] -PrivateTmp=true -Type=simple -ExecStart=/usr/local/bin/nats-server -c /rmm/api/tacticalrmm/nats-rmm.conf -ExecReload=/usr/bin/kill -s HUP \$MAINPID -ExecStop=/usr/bin/kill -s SIGINT \$MAINPID -User=REPLACEME -Group=www-data -Restart=always -RestartSec=5s -LimitNOFILE=1000000 - -[Install] -WantedBy=multi-user.target diff --git a/service-definitions/rmm.service b/service-definitions/rmm.service deleted file mode 100644 index 8967bc243a..0000000000 --- a/service-definitions/rmm.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=tacticalrmm uwsgi daemon -After=network.target postgresql.service - -[Service] -User=REPLACEME -Group=www-data -WorkingDirectory=/rmm/api/tacticalrmm -Environment="PATH=/rmm/api/env/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -ExecStart=/rmm/api/env/bin/uwsgi --ini app.ini -Restart=always -RestartSec=10s - -[Install] -WantedBy=multi-user.target From 6d6dfa3de27768e96e543a0ff1bd7d45974d39ea Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Sun, 17 Jul 2022 16:42:05 -0500 Subject: [PATCH 28/36] Update docker-compose.yml --- docker/docker-compose.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 51615aecd4..a40430ce55 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -30,6 +30,12 @@ services: POSTGRES_DB: tacticalrmm POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASS} + healthcheck: + test: [ "CMD", "pg_isready", "-d", "tacticalrmm" ] + interval: 30s + timeout: 10s + retries: 5 + start_period: 10s volumes: - postgres_data:/var/lib/postgresql/data networks: @@ -42,6 +48,12 @@ services: user: 1000:1000 command: redis-server restart: always + healthcheck: + test: [ "CMD", "redis-cli", "ping" ] + interval: 30s + timeout: 10s + retries: 5 + start_period: 10s volumes: - redis_data:/data networks: @@ -128,6 +140,12 @@ services: MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USER} MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD} MONGO_INITDB_DATABASE: meshcentral + healthcheck: + test: echo 'db.runCommand("ping").ok' | mongo localhost:27017/meshcentral --quiet + interval: 30s + timeout: 10s + retries: 5 + start_period: 10s networks: - mesh-db volumes: @@ -191,6 +209,12 @@ services: MESH_HOST: ${MESH_HOST} CERT_PUB_KEY: ${CERT_PUB_KEY} CERT_PRIV_KEY: ${CERT_PRIV_KEY} + healthcheck: + test: [ "CMD", "curl", "--silent", "--fail", "http://localhost:8080" ] + interval: 30s + timeout: 10s + retries: 5 + start_period: 10s networks: proxy: ipv4_address: 172.20.0.20 From b2b31402ecf8e7a3263f4e186b4ab579369914a9 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Mon, 18 Jul 2022 10:22:44 -0500 Subject: [PATCH 29/36] Added config for monitoring port --- api/tacticalrmm/tacticalrmm/utils.py | 1 + 1 file changed, 1 insertion(+) diff --git a/api/tacticalrmm/tacticalrmm/utils.py b/api/tacticalrmm/tacticalrmm/utils.py index 12dbbd5d7d..3592bc3adc 100644 --- a/api/tacticalrmm/tacticalrmm/utils.py +++ b/api/tacticalrmm/tacticalrmm/utils.py @@ -200,6 +200,7 @@ def reload_nats() -> None: "cert_file": cert_file, "key_file": key_file, }, + "http_port": 8222 "authorization": {"users": users}, "max_payload": 67108864, "port": nats_std_port, # internal only From a4926f217d8c59a2fc24ffba247fd429a1a07528 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Mon, 18 Jul 2022 10:23:55 -0500 Subject: [PATCH 30/36] Added port for monitoring --- docker/containers/tactical-nats/dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/containers/tactical-nats/dockerfile b/docker/containers/tactical-nats/dockerfile index 1a800c0337..7d01ee130b 100644 --- a/docker/containers/tactical-nats/dockerfile +++ b/docker/containers/tactical-nats/dockerfile @@ -26,4 +26,4 @@ ENTRYPOINT [ "/entrypoint.sh" ] USER 1000 -EXPOSE 4222 9235 +EXPOSE 4222 9235 8222 From 436472626b54bf76391c0f0ee7a2d0ae254ed8bf Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Mon, 18 Jul 2022 10:45:38 -0500 Subject: [PATCH 31/36] Added missing comma --- api/tacticalrmm/tacticalrmm/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/tacticalrmm/tacticalrmm/utils.py b/api/tacticalrmm/tacticalrmm/utils.py index 3592bc3adc..51d623368f 100644 --- a/api/tacticalrmm/tacticalrmm/utils.py +++ b/api/tacticalrmm/tacticalrmm/utils.py @@ -200,7 +200,7 @@ def reload_nats() -> None: "cert_file": cert_file, "key_file": key_file, }, - "http_port": 8222 + "http_port": 8222, "authorization": {"users": users}, "max_payload": 67108864, "port": nats_std_port, # internal only From 1c9dac43ae3aecdcaeecab0500fabbdf21018d46 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Mon, 18 Jul 2022 10:49:28 -0500 Subject: [PATCH 32/36] Added tactical user to remove root user issue --- docker/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index a40430ce55..b0140ad49a 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -31,7 +31,7 @@ services: POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASS} healthcheck: - test: [ "CMD", "pg_isready", "-d", "tacticalrmm" ] + test: [ "CMD", "pg_isready", "-U", "tactical", "-d", "tacticalrmm" ] interval: 30s timeout: 10s retries: 5 From 949f53a600d1af753c4c1443388d0efe33158f45 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Mon, 18 Jul 2022 12:13:38 -0500 Subject: [PATCH 33/36] Added curl for health check capability --- docker/containers/tactical-meshcentral/dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker/containers/tactical-meshcentral/dockerfile b/docker/containers/tactical-meshcentral/dockerfile index 2705daf5c8..234ede45f4 100644 --- a/docker/containers/tactical-meshcentral/dockerfile +++ b/docker/containers/tactical-meshcentral/dockerfile @@ -8,6 +8,8 @@ RUN apk add --no-cache bash SHELL ["/bin/bash", "-e", "-o", "pipefail", "-c"] +RUN apk add --no-cache curl + COPY api/tacticalrmm/tacticalrmm/settings.py /tmp/settings.py RUN npm install meshcentral@$(grep -o 'MESH_VER.*' /tmp/settings.py | cut -d'"' -f 2) From 34fd6ecb8f8caee7a73653b99966fb0b16510c23 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Tue, 19 Jul 2022 08:53:30 -0500 Subject: [PATCH 34/36] Removed port as it is unnecessary for localhost --- docker/containers/tactical-nats/dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/containers/tactical-nats/dockerfile b/docker/containers/tactical-nats/dockerfile index 7d01ee130b..1a800c0337 100644 --- a/docker/containers/tactical-nats/dockerfile +++ b/docker/containers/tactical-nats/dockerfile @@ -26,4 +26,4 @@ ENTRYPOINT [ "/entrypoint.sh" ] USER 1000 -EXPOSE 4222 9235 8222 +EXPOSE 4222 9235 From f577ec8b499d9c755498f5683c91eac52e3534d7 Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Tue, 19 Jul 2022 08:57:01 -0500 Subject: [PATCH 35/36] Bind monitoring port to localhost --- api/tacticalrmm/tacticalrmm/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/tacticalrmm/tacticalrmm/utils.py b/api/tacticalrmm/tacticalrmm/utils.py index 51d623368f..fce689f916 100644 --- a/api/tacticalrmm/tacticalrmm/utils.py +++ b/api/tacticalrmm/tacticalrmm/utils.py @@ -200,7 +200,7 @@ def reload_nats() -> None: "cert_file": cert_file, "key_file": key_file, }, - "http_port": 8222, + "http": localhost:8222, "authorization": {"users": users}, "max_payload": 67108864, "port": nats_std_port, # internal only From a04b373d3fc8d418e80e2dd93768c39503962c6c Mon Sep 17 00:00:00 2001 From: Kevin Ruffus Date: Tue, 19 Jul 2022 09:13:10 -0500 Subject: [PATCH 36/36] Fix formatting for localhost binding --- api/tacticalrmm/tacticalrmm/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/tacticalrmm/tacticalrmm/utils.py b/api/tacticalrmm/tacticalrmm/utils.py index fce689f916..9558307e62 100644 --- a/api/tacticalrmm/tacticalrmm/utils.py +++ b/api/tacticalrmm/tacticalrmm/utils.py @@ -200,7 +200,7 @@ def reload_nats() -> None: "cert_file": cert_file, "key_file": key_file, }, - "http": localhost:8222, + "http": "localhost:8222", "authorization": {"users": users}, "max_payload": 67108864, "port": nats_std_port, # internal only