How install MeshCentral on CyberPanel for your own remote desktop server
Setting up a remote desktop server is a powerful way to manage and control multiple devices from a central location. MeshCentral, an open-source remote management software, is a versatile tool that allows you to accomplish this. By installing MeshCentral on CyberPanel, you can harness the power of a remote desktop server with added security and flexibility. This article will guide you through the entire process of installing MeshCentral on CyberPanel, from setting up DNS records to configuring Docker and customizing MeshCentral.
To install MeshCentral on CyberPanel and run your own remote desktop server, follow these detailed steps. Before starting, ensure you have read and applied the instructions in the following articles:
Table of Contents
Understanding the Basics
Before diving into the installation process, it’s important to understand what each component does. CyberPanel is a web hosting control panel powered by OpenLiteSpeed, making it an excellent choice for managing websites and web applications. Docker is a platform that enables developers to package applications into containers—standardized units of software that contain everything the software needs to run. Portainer is a lightweight management UI that allows you to easily manage your Docker environments. MeshCentral, on the other hand, is an open-source remote management software that enables you to control and monitor devices remotely.
Step 1: Create a CNAME on DNS
The first step in the process is to create a CNAME record in your DNS settings. A CNAME, or Canonical Name, is a type of DNS record that maps an alias name to a true or canonical domain name. In this tutorial, we will use “Mesh.TechOnMart.com” as our example CNAME. This CNAME will point to the IP address of the server where you will install MeshCentral, allowing users to access MeshCentral through this domain.
To create a CNAME record, log in to your DNS provider’s control panel. Once logged in, navigate to the DNS management section, where you can add and manage DNS records. Here, you’ll need to add a new CNAME record. In the “Name” field, enter “Mesh” (or whatever you prefer to use as your subdomain). In the “Value” or “Target” field, enter your server’s IP address or the domain name it should point to. Once you’ve added the CNAME record, save your changes.
By setting up a CNAME record, you’re essentially creating a more user-friendly way for people to access your MeshCentral instance. Instead of remembering an IP address, users can simply type in “Mesh.TechOnMart.com” to reach the remote desktop server.
Step 2: Create a Website with SSL for the CNAME on CyberPanel
With your DNS record set up, the next step is to create a website on CyberPanel for the CNAME you just created. This website will serve as the front-end for your MeshCentral instance, and it will need to be secured with SSL to ensure encrypted communication between the server and clients.
- Log in to CyberPanel: Start by logging into your CyberPanel dashboard. If you haven’t already installed CyberPanel, you’ll need to do so before proceeding.
- Create a New Website: Navigate to
MAIN > Website > Create Website
Here, you’ll be prompted to fill out several fields:
- Select Package: Choose “Default” (or any package you’ve created).
- Select Owner: Choose “admin” (or any user you prefer).
- Domain Name: Enter the CNAME you created earlier (e.g., “Mesh.TechOnMart.com”). Make sure to enter it in lowercase letters.
- Email: Enter an email address associated with the website.
- Select PHP: Choose PHP 7.4 or any other version you prefer (though PHP version is not crucial for MeshCentral).
After filling out these fields, click the “Create Website” button.
- Issue SSL Certificate: Once the website is created, go to
MAIN > Website > List Websites
Find the website you just created and click “Issue SSL” next to it. CyberPanel will then obtain an SSL certificate from Let’s Encrypt for the domain. This process may take a few moments.
- Confirm SSL Installation: After the SSL certificate is issued, click “Manage” next to the website to confirm that the SSL certificate has been installed correctly. You should see the SSL status as active, indicating that the website is now secure.
Securing your website with SSL is critical for protecting the data that is transferred between your server and its users. This step ensures that all communication is encrypted, making it much harder for malicious actors to intercept sensitive information.
Step 3: Set Up MeshCentral Using Docker Compose in Portainer
Now that your website is set up and secured, the next step is to install MeshCentral using Docker Compose in Portainer. Portainer simplifies the process of managing Docker containers, allowing you to deploy applications like MeshCentral with just a few clicks.
- Log in to Portainer: Start by logging into your Portainer instance. If Portainer is not yet installed on your server, you’ll need to install it before proceeding. Portainer provides a user-friendly interface for managing Docker containers, making it easier to deploy and manage applications.
- Create a New Stack: In Portainer, navigate to “Stacks” on the left panel and click on “Add Stack” at the top right. A stack in Docker Compose is a group of services that are deployed together. In this case, we will create a stack that includes both MongoDB and MeshCentral.
- Define the Docker Compose File: In the “Web editor” section, you’ll need to define the Docker Compose file. The following is an example of a Docker Compose file that sets up MeshCentral and its dependencies:
version: '3'
services:
mongodb:
container_name: meshcentral_db
restart: always
image: mongo:latest
expose:
- 27017
volumes:
# mongodb data-directory - A must for data persistence
- ./meshcentral/mongodb_data:/data/db
meshcentral:
restart: always
container_name: meshcentral
depends_on:
- 'mongodb'
image: ghcr.io/ylianst/meshcentral:latest
ports:
- 0000:0000 #MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs
# - 4530:4530 #RelayPort
# - 800:80
# - 4433:4433
environment:
- HOSTNAME=Sub.Domain.com #your hostname
- REVERSE_PROXY=0.0.0.0 #set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy
- REVERSE_PROXY_TLS_PORT=443
- IFRAME=false #set to true if you wish to enable iframe support
- ALLOW_NEW_ACCOUNTS=false #set to false if you want disable self-service creation of new accounts besides the first (admin)
- WEBRTC=true #set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution
- NODE_ENV=production
volumes:
# config.json and other important files live here. A must for data persistence
- ./meshcentral/data:/opt/meshcentral/meshcentral-data
# where file uploads for users live
- ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
# location for the meshcentral-backups - this should be mounted to an external storage
- ./meshcentral/backup:/opt/meshcentral/meshcentral-backups
# location for site customization files
- ./meshcentral/web:/opt/meshcentral/meshcentral-web
# Bind the SSL certificates from Cyberpanel to MeshCentral
# - /etc/letsencrypt/live/Sub.Domain.com/privkey.pem:/opt/meshcentral/meshcentral-data/webserver-cert-private.key:ro
# - /etc/letsencrypt/live/Sub.Domain.com/fullchain.pem:/opt/meshcentral/meshcentral-data/webserver-cert-public.crt:ro
Before deploying the stack, make sure to adjust the ports
section in the Docker Compose file. You’ll need to choose an available port on your VPS and use it for both the left and right sides of the port mapping (e.g., 8080:8080
). Additionally, modify the HOSTNAME
field by entering the domain name you created earlier (e.g., Mesh.TechOnMart.com
). Finally, update the REVERSE_PROXY
section with the IP address of your VPS to ensure proper routing of traffic. These changes are crucial for the correct operation of MeshCentral on your server.
- Deploy the Stack: After defining the Docker Compose file, click “Deploy the stack” to start the deployment process. Portainer will pull the necessary images and create the containers as defined in the Docker Compose file. This may take a few moments, depending on your server’s internet connection and performance.
- Verify the Deployment: Once the stack is deployed, go to the “Containers” section in Portainer to verify that both the
meshcentral_db
andmeshcentral
containers are running. If everything is set up correctly, you should see both containers listed as “Running.”
Docker Compose makes it easy to deploy and manage complex applications by allowing you to define all the services and dependencies in a single file. This step ensures that MeshCentral is installed and running on your server, ready to be configured and customized.
Step 4: Customize MeshCentral Configuration
With MeshCentral up and running, the next step is to customize its configuration to suit your specific needs. MeshCentral’s configuration file, config.json
, contains various settings that control how the software behaves, including the server name, ports, and authentication methods.
Access the Configuration File: The config.json
file is located in the
/meshcentral/data
directory within the Docker container. You can access this file using Portainer’s file manager or by connecting to the container via SSH.
Edit the Configuration File: Open the config.json
file in a text editor and make the necessary changes. For example, you may want to change the port number to match the one you’ve configured in Docker. You can also customize the server name, enable or disable certain features, and adjust security settings.
Bind SSL Certificates: If you’re using SSL certificates issued by CyberPanel, you’ll need to bind them to MeshCentral. To do this, copy the fullchain.pem
and privkey.pem
files from the
/etc/letsencrypt/live/Sub.Domain.com/
directory on your server to the /meshcentral/data/
directory in the Docker container. Once copied, rename them to webserver-cert-public.crt
and webserver-cert-private.key
, respectively.
Restart MeshCentral: After making your changes, restart the MeshCentral container in Portainer to apply the new configuration. This will ensure that MeshCentral uses the updated settings and SSL certificates.
Customizing the configuration allows you to tailor MeshCentral to your specific needs, whether you’re managing a small number of devices or running a large-scale remote desktop service. This step is crucial for ensuring that your MeshCentral instance is secure, efficient, and optimized for your use case.
Step 5: Connect to MeshCentral Panel and Add Admin User
Once MeshCentral is configured and running, the next step is to connect to the MeshCentral panel and create an admin user. This
admin account will have full control over the MeshCentral instance, allowing you to add devices, manage users, and configure additional settings.
Access MeshCentral Panel: Open a web browser and navigate to
https://<Sub.Domain.com:port>
replacing “port” with the port number you’ve configured in the config.json
file. This will take you to the MeshCentral login page.
Create Admin Account: On the login page, you’ll be prompted to create an admin account. Enter a username, password, and email address to create the account. This account will be used to log in to the MeshCentral panel and manage the server.
Log in to the Admin Panel: After creating the admin account, log in to the MeshCentral panel using your credentials. Once logged in, you’ll have access to all the features and settings of MeshCentral, allowing you to start adding devices and configuring the server.
Creating an admin account is a critical step in securing your MeshCentral instance. With an admin account, you’ll have full control over the server, ensuring that only authorized users can access and manage the remote desktop service.
Step 6: Additional Security and Customization
With MeshCentral up and running, you may want to implement additional security measures to protect your remote desktop server. MeshCentral offers several advanced security features that you can enable to enhance the safety and reliability of your server.
- Enable Two-Factor Authentication (2FA): Two-factor authentication adds an extra layer of security by requiring users to provide a second form of authentication, such as a code sent to their mobile device. This helps prevent unauthorized access even if someone manages to obtain a user’s password.
- Configure User Permissions: MeshCentral allows you to create different user roles with varying levels of permissions. For example, you can create admin, manager, and user roles, each with different access rights. This helps you control who can do what on the server, reducing the risk of accidental or malicious changes.
- Set Up Alerts and Notifications: MeshCentral can send alerts and notifications to the admin when certain events occur, such as failed login attempts or device disconnections. Setting up these alerts allows you to monitor the server’s activity and respond quickly to potential issues.
- Backup and Restore Configuration: Regularly backing up your MeshCentral configuration ensures that you can quickly restore the server in case of a failure or data loss. MeshCentral allows you to schedule automatic backups, storing them in a secure location.
By implementing these additional security measures, you can significantly reduce the risk of unauthorized access and ensure that your MeshCentral server remains secure and reliable. Customizing the server to fit your specific needs also helps you get the most out of MeshCentral, whether you’re managing a small network of devices or a large-scale remote desktop service.
Conclusion
Installing MeshCentral on CyberPanel for your own remote desktop server is a powerful way to manage multiple devices from a central location. This guide has walked you through the entire process, from setting up DNS records and creating a website with SSL, to deploying MeshCentral using Docker Compose and customizing its configuration.
By following these steps, you’ll have a secure, reliable, and fully functional MeshCentral instance that you can use to manage and control your devices remotely. Whether you’re a system administrator, IT professional, or simply someone looking to set up a remote desktop server, MeshCentral on CyberPanel provides a robust solution for all your remote management needs.
More:
- Ultimate Guide to VPS Hosting Benefits
- How to install Pterodactyl on CyberPanel to run your own Minecraft server
- How to Install WordPress on CyberPanel with LiteSpeed Cache and Create Packages, Users, and Websites
- Install utilities on CyberPanel like Webmin, Docker, Portainer and Opening of the Openlitespeed Control Panel
- How to install Cyberpanel with OpenLiteSpeed on Ubuntu and basic Configuration
Leave a Reply
You must be logged in to post a comment.