nucleo000/meshcentral
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
580401d003ce7c3f8b596b229783dd8dfcc416e9
meshcentral/docker-compose.yml
josedario87 580401d003
All checks were successful
deploy-meshcentral / deploy (push) Successful in 13s
Details
Fix: Agregar insecureSkipVerify para certificados autofirmados de MeshCentral
2025-10-31 22:18:18 -06:00

75 lines
3.4 KiB
YAML
Raw Blame History

version: '3.8'
services:
meshcentral:
image: ghcr.io/ylianst/meshcentral:latest
container_name: ${APP_NAME:-meshcentral}
restart: unless-stopped
volumes:
- /srv/meshcentral/data:/opt/meshcentral/meshcentral-data
- /srv/meshcentral/files:/opt/meshcentral/meshcentral-files
- /srv/meshcentral/backup:/opt/meshcentral/meshcentral-backup
- /srv/meshcentral/config:/opt/meshcentral/meshcentral-config
environment:
- HOSTNAME=${APP_DOMAIN}
- REVERSE_PROXY=traefik
- REVERSE_PROXY_TLS_PORT=443
- IFRAME=false
- ALLOWLOGINTOKEN=true
- LOCALSESSIONRECORDING=false
- MINIFY=true
- WEBRTC=true
- CLICKONCE=false
- ALLOWHIGHQUALITYDESKTOP=true
- DESKTOPASPECTRATIOS=1.33,1.5,1.6,1.7,1.778,2.0
- ALLOWFRAMING=false
- COOKIEENCODING=hex
- SESSIONRECORDINGCHUNKSIZE=1000000
ulimits:
nofile:
soft: 65536
hard: 65536
networks:
- principal
- traefik-network
labels:
- "traefik.enable=true"
- "traefik.docker.network=principal"
# Service
- "traefik.http.services.${APP_NAME}.loadbalancer.server.port=443"
- "traefik.http.services.${APP_NAME}.loadbalancer.server.scheme=https"
# ServerTransport para ignorar validación SSL del backend (certificados autofirmados)
- "traefik.http.servertransports.meshcentral-transport.serverstransport.insecureskipverify=true"
- "traefik.http.services.${APP_NAME}.loadbalancer.serverstransport=meshcentral-transport"
# Router principal con Authentik Forward Auth para rutas de usuario
- "traefik.http.routers.${APP_NAME}.rule=Host(`${APP_DOMAIN}`) && !PathPrefix(`/agent.ashx`) && !PathPrefix(`/meshrelay.ashx`) && !PathPrefix(`/devicefile.ashx`) && !PathPrefix(`/amtactivate`) && !PathPrefix(`/meshsettings`) && !PathPrefix(`/devicepower.ashx`)"
- "traefik.http.routers.${APP_NAME}.entrypoints=websecure"
- "traefik.http.routers.${APP_NAME}.tls=true"
- "traefik.http.routers.${APP_NAME}.tls.certresolver=letsencrypt"
- "traefik.http.routers.${APP_NAME}.service=${APP_NAME}"
- "traefik.http.routers.${APP_NAME}.priority=100"
- "traefik.http.routers.${APP_NAME}.middlewares=${APP_NAME}-headers"
# Router para agentes (sin autenticación) - mayor prioridad
- "traefik.http.routers.${APP_NAME}-agents.rule=Host(`${APP_DOMAIN}`) && (PathPrefix(`/agent.ashx`) || PathPrefix(`/meshrelay.ashx`) || PathPrefix(`/devicefile.ashx`) || PathPrefix(`/amtactivate`) || PathPrefix(`/meshsettings`) || PathPrefix(`/devicepower.ashx`))"
- "traefik.http.routers.${APP_NAME}-agents.entrypoints=websecure"
- "traefik.http.routers.${APP_NAME}-agents.tls=true"
- "traefik.http.routers.${APP_NAME}-agents.tls.certresolver=letsencrypt"
- "traefik.http.routers.${APP_NAME}-agents.service=${APP_NAME}"
- "traefik.http.routers.${APP_NAME}-agents.priority=200"
- "traefik.http.routers.${APP_NAME}-agents.middlewares=${APP_NAME}-headers"
# Custom headers middleware
- "traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Host=${APP_DOMAIN}"
- "traefik.http.middlewares.${APP_NAME}-headers.headers.sslredirect=true"
networks:
principal:
external: true
traefik-network:
external: true
Reference in New Issue View Git Blame Copy Permalink