MeshCentral

MeshCentral is a full computer management website. With MeshCentral, you can run your own webserver to remotely manage and control computers on a local network or anywhere on the internet.

Once the server starts, create a device group and download and install an agent on each computer you want to manage. A minute later, the new computer will show up on the website and you can take control of it.

MeshCentral includes full web-based remote desktop, terminal, and file management capability.

Please read our disclaimer https://docs.ibracorp.io/#disclaimer.

Assumptions

You have the community apps installed within Unraid.
You are running Nginx Proxy Manager as your reverse proxy.
You have already set up SSL Certs within Nginx Proxy Manager.
You are using Cloudflare as your DNS provider and have all your subdomains proxied.
(optional) You have Authelia set up and running.

Install MeshCentral

In unRAID, find your way to the community app store and search for "MeshCentral".

Once you click install we will now have to configure the settings before we deploy the container.

For the Network, since we will be adding access to the WebUI using Nginx Proxy Manager let's add your existing custom docker network.
The WebUI port can use any port that is currently free on your Unraid server. For this example, we will be using 8086.
The Hostname will be the subdomain we will use to access the WebUI for this app. For this example, we will use "mesh.domain.com" (you need to add your domain here).
Reverse Proxy, here we need to tell the app where to look for the edge cert when hitting your domain. Sometimes people will use let's encrypt and so here you would point this to your reverse proxy IP. For most of us, we use Cloudflare and Cloudflare certificates. So, we will be adding your root domain here if this is currently in use. If you do not have an app pointing to your root domain, here you will have to use a subdomain that you currently are using (proxy.domain.com for example, if you use that to access Nginx Proxy Manager).
Reverse Proxy Port, this is again where the app will look for the edge cert (combined with either the IP earlier or the domain/subdomain we added). If you are using a Let's Encrypt certificate, you will need to point this to your reverse proxy SSL port. If your domains are proxied via Cloudflare then you will have to use port 443 (combined with your domain/subdomain earlier).
Allow new accounts, to prevent other people from signing up, we will disable this feature.
Once you have added all these details, we will now click apply and let the app install.

Reverse Proxy Set-Up

Now that the app is configured and running, let's get it configured in Nginx Proxy Manager.

Proxy Host Config

Go to your Nginx Proxy Manager instance, login, go to "Proxy Hosts" and click "Add Proxy Host".

First, you will need to add the mesh subdomain that you added to your MeshCentral configuration in step 3. that you will use to access this app.
MeshCentral by default uses HTTPS and so here we will select this protocol for Nginx Proxy Manager to talk to MeshCentral.
Here we will use the hostname of the app to forward traffic from the web onto the docker container. This only works if your Nginx Proxy Manager and Mesh Central (or any other app) are on the same custom docker network.
This is where we will add the default port Nginx Proxy Manager will have to forward all traffic on to. By default for MeshCentral, this is 443 (Please Note: since we are using the container hostname, we can now use the containers internal port which in this case is 443).
Since we want this app to be secure, we will need need to add a certificate to be able to use HTTPS.

SSL Config

Here you will select the SSL certificate of your choosing. You can watch our previous videos on how to set-up SSL Certs if you have not done so already.
Since we want to make sure this app will be secure, we will be forcing all traffic to be SSL (use HTTPS).
Here we will also enable HTTP/2 to allow better support for the app.
Now we can click save to add this record to your Nginx Proxy Manager.

Cloudflare

We will now have to add MeshCental to your Cloudflare account to redirect traffic to your app.

For MeshCentral we simply need to add a new CNAME Record to your DNS provider. As per the example earlier, we will be using mesh.domain.com

Type

Name

Value

TTL

Status

CNAME

mesh

Automatic

Orange ☁️

Admin Account

Now that everything is configured correctly and your MeshCentral application is accessible using the subdomain mesh.domain.com let's set up your first account. Even though we disabled "Allow New Accounts", we are still able to register the first account which will automatically be the admin account.

Click "Create one".

Once you get to the screen to make a new account, you will have to fill in your username, email and password. Once you click to create an account, you will be in the dashboard.

Authelia Config (optional)

Now some of you will be running Authelia and will be wondering how you can lock down the WebUI with your single sign-on.

Proxy Host - Advanced Config

To do this you just need to use the normal method of adding the endpoint config to the advanced tab of the MeshCentral record in NginxProxyManager (see our Authelia guide if you are not sure).

Authelia - configuration.yaml

Just adding MeshCentral to point to Authelia for authorization isn't enough to protect it properly. The WebUI will be protected but if you add any devices externally, they will not be able to be added to your MeshCentral application due to Authelia blocking access. Editing the Authelia config we can allow certain bypasses that MeshCentral needs to work fully. Don't worry though, all communications are still encrypted and authorized using their own certificates.

configuration.yaml edit

You will need to add this close to the top of your Authelia rules to bypass certain calls MeshCentral needs to work properly.

## meshcentral bypass
    - domain: "*.domain.com"
      policy: bypass
      resources:
        - "^/meshagents.*$"
        - "^/meshsettings.*$"
        - "^/agent.*$"
        - "^/control.*$"
        - "^/meshrelay.*$"

Once, you have configured all of the above you are ready to start playing!

Dashboard

Here is an example of the dashboard at the time of writing. Let's get your first device set up.

Adding a Windows 10 Machine

Firstly, we will need to add a group for the first devices.

Click the icon to add a new device group.

Fill in the group name.
For this example, we will use the "Manage using a software agent" type.
Optionally you could fill in the description.

Now you will be able to add a device by clicking on the "add one" button.

For our windows machine, we will choose "Windows" and also "Background & interactive" (please see their documentation for more details). We can now click on the "Windows x64 (.exe)" button to download the custom install.

Since this isn't a signed application, we will have to click "Run Anyway" on the dialogue box that pop's up. since it is our own application we now we can trust it. Once you have clicked this you will have to click "connect".

If we go back to the MeshCentral dashboard, you should now see that the device has been added to your new device group.

You can now click on this device and use multiple helpful tools such as RDP, Terminal, File sharing, and much much more. There are simply too many features to go through in this short guide so it would be best to head over to the MeshCentral website and have a look through their documentation or even visit their YouTube channel where they actively release videos each week.