MeshCentral behind a GUI Nginx Proxy Manager and externally issued SSL certificates

preview_player
Показать описание
MeshCentral is an open source, multi-platform, self-hosted and feature packed portal for remote device management (it even runs off a Pi!). It is one of the easiest I've seen for adding new devices, but that really only works once you have the server setup correctly for agents to connect automatically to it when using it in WAN mode.

The challenge I had was firstly that my server is behind a reverse proxy, which claims the SSL port 443 for itself, and secondly that the agent SSL pattern hash was not matching the SSL pattern hash that MeshCentral was using from my Cloudflare issued SSL cert, and MeshCentral then rejects the agent's connection as it wants to ensure there is no man-in-the-middle attack in progress.

So half of this video is quickly showing what MeshCentral looks like, and the second half is about how I solved the two issues I was faced with. I only found the dev's video much later about Nginx Proxy, after I'd spent two days pouring through support forums trying to piece a solution together, but I'll include a link to it as well. My solution was considering specifically the Nginx Proxy Manager with the GUI interface, and I discovered a way to enter the custom proxy set header commands into it.

Don't get me wrong, though, as MeshCentral has excellent documentation as well as dev videos - definitely one of the better documented open source projects that I've seen. It even has support for MQTT clients, which may have potential for smart home devices.

Intro 00:00
Tour of my MeshCentral UI 02:34
Adding a new Agent 07:44
The Problem 08:43
Using Obsidian Note 11:35
Config File 12:53
AliasPort for Agents 14:06
External Certificate Hash Validation 15:44
Nginx PM Custom Location 21:13
Conclusion and Next Video 25:22

#technology #opensource #meshcentral #cloudflare #nginxpm
  1. Danie van der Merwe
  2. technology
  3. meshcentral
  4. opensource
  5. FOSS
  6. open source
Рекомендации по теме
MeshCentral behind a 0:26:55

MeshCentral behind a GUI Nginx Proxy Manager and externally issued SSL certificates

MeshCentral - NGINX 0:20:55

MeshCentral - NGINX Reverse Proxy

MeshCentral - 2023 0:46:29

MeshCentral - 2023 Update - A powerful, Professional Level, Remote Machine Management Tool!

MeshCentral2 with NGINX 0:17:46

MeshCentral2 with NGINX

MeshCentral - Port 0:11:55

MeshCentral - Port Aliasing & Running behind NAT's

MeshCentral - Public 0:14:51

MeshCentral - Public Server

MeshCentral - Let's 0:16:55

MeshCentral - Let's Encrypt

MeshCentral Install Ubuntu 0:13:58

MeshCentral Install Ubuntu

Meshcentral - Only 0:06:04

Meshcentral - Only Internal RDP works (Agents Installs or external RDP Fails)

Meshcentral - Introduction 0:05:33

Meshcentral - Introduction

access EVERYTHING from 0:29:50

access EVERYTHING from your web browser!! (Linux and Windows Desktop, SSH) // Guacamole Install

The Free and 0:28:31

The Free and Open Source Software I Use in 2024 - Part 1

meshcentral 0:02:30

meshcentral

Установка MeshCentral в 0:18:12

Установка MeshCentral в виртуальной машине. Ubuntu

MeshCentral - LAN, 0:08:11

MeshCentral - LAN, WAN and Hybrid mode

MESH CENTRAL VCENTER 0:01:13

MESH CENTRAL VCENTER SETUP

Quick Mesh Central 0:06:13

Quick Mesh Central Tour

MeshCentral - Intel 0:14:34

MeshCentral - Intel AMT TLS security and certificates

Meshcentral config.json seems 0:03:42

Meshcentral config.json seems to be ignored

NGINX - Verstehe 0:04:09

NGINX - Verstehe den High-Performance Server / Reverse Proxy in 4 Minuten

MeshCentral - Web 0:19:52

MeshCentral - Web relay using DNS names and multiple web relay.

Remote Desktop & 0:24:58

Remote Desktop & Access Tools comparison between 4 great open source, self hosted options!

MeshCentral - Agent 0:06:46

MeshCentral - Agent Invite Codes

MeshCentral - MongoDB 0:17:13

MeshCentral - MongoDB

Комментарии
Автор

Thanks so much for this info. Before your guide I had setup npm like I have with some other things. I could see and login to M.C.s web gui, but agents would not connect at all.

All the other guides showed cli nginx settings that dont quite align with npm (and most assumed it was hosted on same server so used localhost address). Once I set npm to use http and not https and set the domains field correctly it all started working. From the WAN I can now manage PC agents both local and remote from server.
Thanks again!!

jeremyjohnson
Автор

I am just going to tell it like it is...You are an absolute LEGEND! I was pulling my hair out with this for 2 days. Even had to re-watch this video a few times and BOOM it is now working for me.
Setup is CloudFlare > NPM > Mesh. Thank you :)

danny
Автор

Anyone figure out how to get this to work with NGINX Proxy Manager??

Bkgoodman
Автор

So, what I did to have proper internal IP address from the agents was set tlsOffload value to true, instead of using "IP of my reverse proxy".
And thank you for explaining about tlsOffload, because I wasn't fully understand why I was getting 502 errors after change tlsOffload from false to true, I could understand why you have to set NPM to proxy http and not https.

aleJohnny
Автор

Thanks so much for posting this! You solved my issue and very well explained.

acomputers
Автор

Thanks for the video.

How to setup NPM to access Intel AMT (Cira)?
Does it work?

JanSkolnik
Автор

excellent contribution!

does nextcloud give you results?
what plugin do you use to view the pdf?
can you read and edit word/excel?

MikeLeBlank
Автор

One thing to watch out for if you reboot your server, and you have Nginx Proxy Manager running, is that Nginx PM sometimes cannot start due to MeshCentral already having started and bound to either port 443 or 80 itself. MeshCentral should not have done this as it is using port 444 (in my case) and the port alias is supposed to be only for external agents. But if redirPort is not explicitly set, it defaults to port 80 and blocks Nginx Proxy Manager. So to avoid this, just explicitly set redirPort to some other unused port eg. 800, but removing that preceding _, in the config.json file:

"settings": {
"cert": "yourdomain.com",
"WANonly": true,
"_LANonly": true,
"_sessionKey": "MyReallySecretPassword1",
"cookieIpCheck": false,
"TlsOffload": "172.17.0.10",
"_ignoreAgentHashCheck": true,
"port": 444,
"aliasPort": 443,
"redirPort": 800,
"_redirAliasPort": 80
},

GadgeteerZA
Автор

Thanks, but doesn't work for me...

Glatze
Автор

I do not know if Youtube or You deleted my another comment about making a video on NGINX Proxy manager with Nextcloud FPM version. Can you make it?

sutalk
Автор

Did you encounter an issue "Unable to connect web socket, click to reconnect."?

dustojnikhummer
Автор

I'm trying to run it over the claoudflare tunnel and not winning :(

Mrh
Автор

Where is the text of custom location? It is very hard to copy it from your video. Please

sutalk
Автор

could you share the notes as a file?

im trying to do the same thing but cant for the life of me figure this one out

MONTERMATT
Автор

i bought a domain name from namecheap, entered my static IP in advanced DNS settings under 'A' name with a "@" as host. then i have followed all of the steaps but meshcentral is not opening when I click on the newly made proxy button. even when opening the mesh manually by visiting the localhost:444 I see an error "Invalid origin in HTTP request". Could you please help? @danie van der merwe

pushkaryadav
Автор

I have configured this as it shows here. 502 bad gateway. I'm getting mad.

ulkonja
Автор

Are you experiencing regular disconnections ?

ulkonja