From 3a95ddb2644558ef9caf2a6242fa21a9d0bcf4b7 Mon Sep 17 00:00:00 2001
From: josedario87 <jodarioel87@gmail.com>
Date: Sat, 1 Nov 2025 01:41:40 -0600
Subject: [PATCH] Actualizar config.json para TCP passthrough de agentes

- Agregar ambos dominios al certificado SSL (APP_DOMAIN y MESH_AGENTS_DOMAIN)
- Configurar tlsPort: 443 para que MeshCentral escuche HTTPS
- Cambiar TLSOffload a false para que MeshCentral maneje su propio SSL
- Actualizar certUrl para apuntar al dominio de agentes
- Agregar configuraciones adicionales: minify, localSessionRecording, allowedOrigin
- Eliminar variable MESH_PORT no utilizada
- Mejorar mensajes de deployment
---
 .gitea/workflows/build-and-deploy.yml | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/.gitea/workflows/build-and-deploy.yml b/.gitea/workflows/build-and-deploy.yml
index 675de34..733ffbb 100644
--- a/.gitea/workflows/build-and-deploy.yml
+++ b/.gitea/workflows/build-and-deploy.yml
@@ -11,7 +11,6 @@ jobs:
       APP_NAME: ${{ vars.APP_NAME }}
       APP_DOMAIN: ${{ vars.APP_DOMAIN }}
       MESH_AGENTS_DOMAIN: ${{ vars.MESH_AGENTS_DOMAIN }}
-      MESH_PORT: ${{ vars.MESH_PORT }}
       # Authentik OIDC configuration
       AUTHENTIK_ISSUER: ${{ vars.AUTHENTIK_ISSUER }}
       AUTHENTIK_ISSUER_INTERNAL: ${{ vars.AUTHENTIK_ISSUER_INTERNAL }}
@@ -24,6 +23,7 @@ jobs:
         run: |
           echo "ℹ️  Deploying MeshCentral"
           echo "   Domain: ${{ vars.APP_DOMAIN }}"
+          echo "   Agents Domain: ${{ vars.MESH_AGENTS_DOMAIN }}"
           echo "   Container: ${{ vars.APP_NAME }}"
           echo "   Network: principal"
 
@@ -42,13 +42,18 @@ jobs:
         run: |
           tee /srv/meshcentral/data/config.json > /dev/null <<'EOF'
           {
+            "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
             "settings": {
-              "cert": "${{ vars.APP_DOMAIN }}",
-              "port": 80,
+              "plugins": {
+                "enabled": false
+              },
+              "cert": "${{ vars.APP_DOMAIN }},${{ vars.MESH_AGENTS_DOMAIN }}",
+              "port": 81,
               "aliasPort": 443,
-              "redirPort": 80,
+              "redirPort": 81,
+              "tlsPort": 443,
               "AgentPong": 300,
-              "TlsOffload": true,
+              "TLSOffload": false,
               "SelfUpdate": false,
               "AllowFraming": false,
               "WebRTC": true,
@@ -61,7 +66,10 @@ jobs:
                 "title": "MeshCentral - Nucleo Rio Frio",
                 "title2": "Remote Management Platform",
                 "newAccounts": false,
-                "certUrl": "${{ vars.APP_DOMAIN }}",
+                "minify": false,
+                "localSessionRecording": true,
+                "allowedOrigin": false,
+                "certUrl": "https://${{ vars.MESH_AGENTS_DOMAIN }}:443",
                 "geoLocation": true,
                 "cookieIpCheck": false,
                 "allowLoginToken": true,
@@ -108,4 +116,5 @@ jobs:
       - name: Deployment complete
         run: |
           echo "✅ MeshCentral deployed successfully"
-          echo "   Access at: https://${{ vars.APP_DOMAIN }}"
+          echo "   Web UI: https://${{ vars.APP_DOMAIN }}"
+          echo "   Agents: https://${{ vars.MESH_AGENTS_DOMAIN }}:443"