MeshCentral: Web-Relay - not found
Describe the bug I set up a new webrelay function, but when I try to open it, it gives Not Found
Screenshots
Server Software (please complete the following information):
- OS: Debian 10
- Virtualization: no, npm install
- Network: Hybrid, reverse proxy NGINX, tls offload on Nginx
- Version: 1.0.48
- Node: v16.14.1
- Browser: Google Chrome
Remote Device (please complete the following information):
- Device: VM
- OS: Debian
- Version: 10
- Current Core Version (if known): Apr 4 2022, 2198572183
Additional context Add any other context about the problem here.
Your config.json file
{
"$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
"__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
"__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
"settings": {
"cert": "rm.company.ru",
"relayDNS": "relay.rm.company.ru",
"MongoDb": "mongodb://127.0.0.1:27017/meshcentral",
"_WANonly": true,
"_LANonly": true,
"port": 443,
"aliasPort": 443,
"redirPort": 80,
"redirAliasPort": 80,
"relayPort": 453,
"relayAliasPort": 443,
"browserPing": 60,
"browserPong": 30,
"AgentPong": 30,
"manageAllDeviceGroups": [ "user//admin" ],
"manageCrossDomain": [ "user//admin" ],
"tlsOffload": "192.168.XXX.XXX",
"trustedProxy": "192.168.XXX.XXX",
"Compression": true,
"WsCompression": true,
"AgentWsCompression": true,
"desktopMultiplex": true,
"allowHighQualityDesktop": true,
},
"domains": {
"": {
"_siteStyle": 1,
"title": "Remote Access System",
"title2": "B2B Cluster",
"minify": true,
"newAccounts": false,
"hide": 5,
"agentNoProxy": false,
"novnc": true,
"mstsc": true,
"ssh": true,
"CertUrl": "https://rm.company.ru:443/",
"AutoRemoveInactiveDevices": 45,
"myServer": {
"Backup": true,
"Restore": true,
"Upgrade": true,
"ErrorLog": true,
"Console": true,
"Trace": true
},
"unknownUserRootRedirect": "https://rm.company.ru/auth-azure",
"DeviceSearchBarServerAndClientName": true,
"authStrategies": {
"azure": {
"callbackurl": "https://rm.company.ru/auth-azure-callback",
"newAccountsRights": [ "nonewgroups", "notools" ],
"newAccounts": true,
"clientid": "XXXXXXX",
"clientsecret": "XXXXXXX",
"tenantid": "XXXXX"
},
},
"deviceMeshRouterLinks": {
"rdp": true,
"ssh": true,
"scp": true,
"extralinks": [
{
"name": "MCRDesk",
"protocol": "mcrdesktop"
},
{
"name": "MCRFiles",
"protocol": "mcrfiles"
},
{
"name": "PVE",
"protocol": "https",
"port": 8006,
"filter": [ "tag:PVE" ]
},
{
"name": "PVEBKP",
"protocol": "https",
"port": 8007,
"filter": [ "tag:PVEBKP" ]
},
{
"name": "Winbox",
"protocol": "custom",
"port": 8291,
"filter": [ "tag:MIKROTIK" ]
}
]
},
"userSessionIdleTimeout": 60,
"terminal": {
"_linuxshell": "login",
"launchCommand": {
"linux": "su -\n",
"_darwin": "clear\necho \"Hello MacOS\"\n",
"_freebsd": "clear\necho \"Hello FreeBSD\"\n"
}
}
}
},
"_letsencrypt": {
"__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.",
"email": "myemail@mydomain.com",
"names": "myserver.mydomain.com",
"production": false
}
}
NGINX config
server {
listen 443 ssl;
server_name rm.company.ru relay.rm.company.ru;
proxy_send_timeout 330s;
proxy_read_timeout 330s;
location / {
proxy_pass http://10.10.1.208:443/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
}
ssl_certificate /etc/letsencrypt/live/rm.company.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/rm.company.ru/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 21 (9 by maintainers)
Commits related to this issue
- Web relay improvements, #4240 — committed to Ylianst/MeshCentral by Ylianst 2 years ago
Ylainst, a thought maybe for the second point. Don’t change device groups, just add different device sorting options/views and allow us to set our preferred default viewing type. Example is by customer, location, and/or device type (swtich, IoT, Server, terminal, etc). Just leave device group alone. Really I think all we need is a few more options when it comes to sorting our device lists.
For the first one on “Add local device” and the type… the “Type” will just indicate to MeshCentral was services to offer on the web page. If you select “Windows (RDP)” you will see the desktop tab with the RDP option show up for that device. If you select the other option, it will offer SSH on the terminal tab, and SCP on the File tab. That is all. Regardless of what you select, the “HTTP” and “HTTPS” links will be on the device page. I could improve this in the future where you would select exactly was services you want offered for a given device.
Of the second point, I do get it… but I use device group to set what policies all these devices should have. For devices with Intel AMT, every device in a device group needs to bet setup in some way, etc. It because tricky to apply a common policy across may devices if they are all different types. One idea would be to tag the devices to a customer and then view and sort by tag, but I would need to add device permissions based on tags and that is going to make things complicated. Another idea is for a device group to follow the permissions of the relay device, not sure if that would work. Access control is tricky and I can’t allow any gaps in security… I am certainly welcome to feedback and improvements. I did not expect to support so many device group types when I first started.
I just updated to 1.0.50 and it’s working correctly now. Thank you! This is a pretty impressive new feature! But, one question, I did ask this in the discussion area but not sure if it was noticed. How do we add a device (such as a router or printer) that doesn’t utilize an agent? I’ve created a device group with the ‘No agent devices relayed thru agent’ option and chose a device on that particular network I want to relay through. That part is no problem. However, when I go to add a device to that group, I don’t seem to have the correct options to add a local device? Here is what I am seeing:
Shouldn’t there be other options under Type?
THAT WONT WORK! it must be subdomain of your primary meshcentral domain! (e.g. mesh.exampledomain.com and relay.mesh.exampledomain.com)
you sadly cant set a cookie for another domain, from one domain, without visiting that domain and knowing what to set which requires tricky in the sever side of things
so its easier to set a subdomain cookie which will work for anything under the main domain that set it
It’s working for me now! Had the same error with an nginx reverse proxy.