Skip to content
Klutch.sh Docs

Deploying a MeshCentral App

Introduction

MeshCentral is an open-source, web-based remote management and device monitoring platform built on Node.js. Deploying MeshCentral with a Dockerfile on Klutch.sh delivers reproducible builds, managed secrets, and persistent storage for configuration and agent data—all managed from klutch.sh/app. This guide covers installation, repository prep, a production-ready Dockerfile, deployment steps, Nixpacks overrides, sample usage, and production tips.

Prerequisites

  • A Klutch.sh account (sign up)
  • A GitHub repository containing your MeshCentral Dockerfile (GitHub is the only supported git source)
  • Optional MongoDB if you choose it over the default NeDB storage (deploy as a Klutch.sh TCP app on port 8000 and connect on 27017)
  • Domain and TLS certificate (self-signed or public) for secure remote access

For onboarding, see the Quick Start.

Architecture and ports

  • MeshCentral serves HTTP(S) and WebSocket traffic; set the internal container port to 443 (the default secure port for MeshCentral).
  • If you run MongoDB, connect via TCP on 27017; otherwise MeshCentral uses embedded NeDB.
  • Persistent storage is required for config, user data, and certificates.

Repository layout

meshcentral/
├── Dockerfile              # Must be at repo root for auto-detection
└── README.md

Keep secrets and certificates out of Git; store secrets in Klutch.sh environment variables and mount certificates via volumes.

Installation (local) and starter commands

Validate locally before pushing to GitHub:

Terminal window
docker build -t meshcentral-local .
docker run -p 443:443 -e HOSTNAME=localhost meshcentral-local

Dockerfile for MeshCentral (production-ready)

Place this Dockerfile at the repo root; Klutch.sh auto-detects it (no Docker selection in the UI):

FROM ghcr.io/ylianst/meshcentral:latest


ENV NODE_ENV=production \
    PORT=443 \
    HOSTNAME=example-app.klutch.sh \
    IFRAME=enable


EXPOSE 443
CMD ["/entrypoint.sh"]

Notes:

  • Pin the image tag (e.g., ghcr.io/ylianst/meshcentral:1.1.x) for stability and upgrade intentionally.
  • MeshCentral reads meshcentral-data/config.json for advanced settings; mount that path as a volume to persist changes.
  • For MongoDB, add MONGO_URL=mongodb://<user>:<password>@<host>:27017/meshcentral.

Environment variables (Klutch.sh)

Set these in Klutch.sh before deploying:

  • HOSTNAME=example-app.klutch.sh
  • PORT=443
  • NODE_ENV=production
  • MONGO_URL=mongodb://<user>:<password>@<host>:27017/meshcentral (optional; omit to use NeDB)
  • WEBRTC=true (optional for WebRTC relay)
  • TLS options if not using built-in LetsEncrypt: CERT_PATH, KEY_PATH (ensure certificates are mounted)

If you deploy without the Dockerfile and need Nixpacks overrides (Node):

  • NIXPACKS_BUILD_CMD=npm install
  • NIXPACKS_START_CMD=node node_modules/meshcentral
  • NIXPACKS_NODE_VERSION=18

Attach persistent volumes

In Klutch.sh storage settings, add mount paths and sizes (no names required):

  • /meshcentral-data — configuration, users, certificates, and NeDB data.
  • /meshcentral-files — optional path for file storage or backups.

Ensure these directories are writable.

Deploy MeshCentral on Klutch.sh (Dockerfile workflow)

  1. Push your repository—with the Dockerfile at the root—to GitHub.
  2. Open klutch.sh/app, create a project, and add an app.
  3. Select HTTP traffic and set the internal port to 443.
  4. Add the environment variables above, including MONGO_URL if using MongoDB and any TLS variables.
  5. Attach persistent volumes for /meshcentral-data (and /meshcentral-files if used) sized for your user base and certificates.
  6. Deploy. Your MeshCentral instance will be reachable at https://example-app.klutch.sh; attach a custom domain if desired.

Sample usage

Basic reachability check:

Terminal window
curl -I https://example-app.klutch.sh

If you enabled MongoDB, confirm connectivity from inside a one-off shell:

Terminal window
docker exec -it <container> node -e "require('mongodb').MongoClient.connect(process.env.MONGO_URL).then(()=>console.log('ok'))"

Health checks and production tips

  • Add an HTTP probe to / or /meshsettings to validate web responsiveness.
  • Enforce HTTPS at the edge; forward internally to port 443.
  • Keep master/admin credentials and MONGO_URL secrets in Klutch.sh and rotate them regularly.
  • Monitor disk usage on /meshcentral-data; resize before it fills.
  • Pin image versions and test upgrades in staging; back up meshcentral-data before upgrades.

MeshCentral on Klutch.sh combines reproducible Docker builds with managed secrets, persistent storage, and flexible HTTP/TCP routing. With the Dockerfile at the repo root, port 443 configured, and optional MongoDB connected, you can deliver secure remote management without extra YAML or workflow overhead.