docker.recipes

MeshCentral Remote Management

intermediate

Full-featured remote computer management and remote desktop solution.

Overview

MeshCentral is a full-featured, open-source remote computer management solution developed by Intel's Ylian Saint-Hilaire. Originally designed for enterprise IT management, MeshCentral provides comprehensive remote desktop access, file transfer capabilities, and device management through a web-based interface. It supports Intel AMT (Active Management Technology) for out-of-band management while also offering in-band management through lightweight agents installed on target systems. This deployment stack combines MeshCentral with MongoDB for persistent storage of device information, user accounts, and session data, while NGINX serves as a reverse proxy to handle SSL termination and load balancing. MongoDB stores all configuration data, user sessions, device certificates, and audit logs, while NGINX provides secure HTTPS access and can handle multiple concurrent connections efficiently. The architecture separates concerns effectively, with MeshCentral focusing on device management logic, MongoDB handling data persistence, and NGINX managing web traffic and security. This configuration is ideal for IT administrators managing distributed teams, homelab enthusiasts running multiple systems, and small to medium businesses needing centralized remote management without expensive commercial solutions. The stack provides enterprise-grade features like two-factor authentication, device grouping, policy management, and comprehensive audit logging, making it valuable for organizations requiring secure remote access with detailed compliance tracking.

Key Features

  • Web-based remote desktop with HTML5 canvas rendering requiring no client-side plugins
  • Intel AMT integration for out-of-band management and power control of compatible hardware
  • Multi-platform agent support for Windows, Linux, macOS with automatic reconnection capabilities
  • MongoDB-backed device certificate management and user session persistence
  • NGINX SSL termination with configurable cipher suites and HTTP/2 support
  • Real-time device status monitoring with MongoDB change streams for instant updates
  • Built-in file transfer system with drag-and-drop functionality and transfer resumption
  • Device grouping and policy inheritance with MongoDB-stored configuration templates

Common Use Cases

  • 1IT support teams providing remote assistance to employees working from distributed locations
  • 2Homelab administrators managing multiple servers, workstations, and IoT devices from a central interface
  • 3Small business owners maintaining point-of-sale systems and office computers across multiple locations
  • 4System administrators requiring out-of-band management for Intel vPro enabled hardware
  • 5Educational institutions managing computer labs and student devices remotely
  • 6Managed service providers offering remote IT support to multiple client organizations
  • 7Development teams accessing and managing build servers and testing environments

Prerequisites

  • Minimum 2GB RAM recommended for MongoDB data storage and indexing operations
  • Valid SSL certificates for NGINX or knowledge of Let's Encrypt certificate generation
  • Domain name or static IP address for MESH_HOSTNAME environment variable configuration
  • Ports 80 and 443 available and forwarded through firewall for external agent connections
  • Understanding of MeshCentral agent deployment methods for target operating systems
  • Basic familiarity with MongoDB backup procedures for device and user data protection

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  meshcentral: 
3    image: ghcr.io/ylianst/meshcentral:latest
4    container_name: meshcentral
5    environment: 
6      - HOSTNAME=${MESH_HOSTNAME}
7      - REVERSE_PROXY=nginx
8      - REVERSE_PROXY_TLS_PORT=443
9      - IFRAME=false
10      - ALLOW_NEW_ACCOUNTS=true
11      - WEBRTC=false
12      - NODE_ENV=production
13      - MONGO_URL=mongodb://mongodb:27017/meshcentral
14    volumes: 
15      - meshcentral-data:/opt/meshcentral/meshcentral-data
16      - meshcentral-files:/opt/meshcentral/meshcentral-files
17    depends_on: 
18      - mongodb
19    networks: 
20      - meshcentral-network
21    restart: unless-stopped
22
23  mongodb: 
24    image: mongo:6
25    container_name: meshcentral-mongo
26    volumes: 
27      - mongo-data:/data/db
28    networks: 
29      - meshcentral-network
30    restart: unless-stopped
31
32  nginx: 
33    image: nginx:alpine
34    container_name: meshcentral-nginx
35    ports: 
36      - "80:80"
37      - "443:443"
38    volumes: 
39      - ./nginx.conf:/etc/nginx/nginx.conf:ro
40      - ./certs:/etc/nginx/certs:ro
41    depends_on: 
42      - meshcentral
43    networks: 
44      - meshcentral-network
45    restart: unless-stopped
46
47volumes: 
48  meshcentral-data: 
49  meshcentral-files: 
50  mongo-data: 
51
52networks: 
53  meshcentral-network: 
54    driver: bridge

.env Template

.env
1# MeshCentral
2MESH_HOSTNAME=mesh.example.com

Usage Notes

  1. 1Web UI at https://localhost
  2. 2Create admin account on first visit
  3. 3Download agents for Windows/Linux/Mac
  4. 4Supports remote desktop, file transfer
  5. 5Built-in device grouping and policies

Individual Services(3 services)

Copy individual services to mix and match with your existing compose files.

meshcentral
meshcentral:
  image: ghcr.io/ylianst/meshcentral:latest
  container_name: meshcentral
  environment:
    - HOSTNAME=${MESH_HOSTNAME}
    - REVERSE_PROXY=nginx
    - REVERSE_PROXY_TLS_PORT=443
    - IFRAME=false
    - ALLOW_NEW_ACCOUNTS=true
    - WEBRTC=false
    - NODE_ENV=production
    - MONGO_URL=mongodb://mongodb:27017/meshcentral
  volumes:
    - meshcentral-data:/opt/meshcentral/meshcentral-data
    - meshcentral-files:/opt/meshcentral/meshcentral-files
  depends_on:
    - mongodb
  networks:
    - meshcentral-network
  restart: unless-stopped
mongodb
mongodb:
  image: mongo:6
  container_name: meshcentral-mongo
  volumes:
    - mongo-data:/data/db
  networks:
    - meshcentral-network
  restart: unless-stopped
nginx
nginx:
  image: nginx:alpine
  container_name: meshcentral-nginx
  ports:
    - "80:80"
    - "443:443"
  volumes:
    - ./nginx.conf:/etc/nginx/nginx.conf:ro
    - ./certs:/etc/nginx/certs:ro
  depends_on:
    - meshcentral
  networks:
    - meshcentral-network
  restart: unless-stopped

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  meshcentral:
5    image: ghcr.io/ylianst/meshcentral:latest
6    container_name: meshcentral
7    environment:
8      - HOSTNAME=${MESH_HOSTNAME}
9      - REVERSE_PROXY=nginx
10      - REVERSE_PROXY_TLS_PORT=443
11      - IFRAME=false
12      - ALLOW_NEW_ACCOUNTS=true
13      - WEBRTC=false
14      - NODE_ENV=production
15      - MONGO_URL=mongodb://mongodb:27017/meshcentral
16    volumes:
17      - meshcentral-data:/opt/meshcentral/meshcentral-data
18      - meshcentral-files:/opt/meshcentral/meshcentral-files
19    depends_on:
20      - mongodb
21    networks:
22      - meshcentral-network
23    restart: unless-stopped
24
25  mongodb:
26    image: mongo:6
27    container_name: meshcentral-mongo
28    volumes:
29      - mongo-data:/data/db
30    networks:
31      - meshcentral-network
32    restart: unless-stopped
33
34  nginx:
35    image: nginx:alpine
36    container_name: meshcentral-nginx
37    ports:
38      - "80:80"
39      - "443:443"
40    volumes:
41      - ./nginx.conf:/etc/nginx/nginx.conf:ro
42      - ./certs:/etc/nginx/certs:ro
43    depends_on:
44      - meshcentral
45    networks:
46      - meshcentral-network
47    restart: unless-stopped
48
49volumes:
50  meshcentral-data:
51  meshcentral-files:
52  mongo-data:
53
54networks:
55  meshcentral-network:
56    driver: bridge
57EOF
58
59# 2. Create the .env file
60cat > .env << 'EOF'
61# MeshCentral
62MESH_HOSTNAME=mesh.example.com
63EOF
64
65# 3. Start the services
66docker compose up -d
67
68# 4. View logs
69docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/meshcentral-complete/run | bash

Troubleshooting

  • MeshCentral agents showing offline status: Verify MESH_HOSTNAME matches the actual domain/IP agents use to connect and check firewall rules for ports 80/443
  • MongoDB connection refused errors: Ensure MongoDB container is fully started before MeshCentral attempts connection, add health checks or increase depends_on conditions
  • NGINX 502 Bad Gateway errors: Check that MeshCentral container is responding on internal port and verify nginx.conf proxy_pass directives point to correct container names
  • SSL certificate errors in browser: Ensure certificate files in ./certs directory match the MESH_HOSTNAME and include proper certificate chain
  • Intel AMT devices not appearing: Verify network discovery is enabled and AMT devices are on same subnet, check that Intel ME firmware is properly configured
  • File transfer failures: Increase NGINX client_max_body_size directive and proxy timeout values to handle large file uploads through the reverse proxy

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

meshcentralmongodbnginx

Tags

#remote-management#remote-desktop#meshcentral#it-management

Category

Home Lab & Self-Hosting

Related Recipes

Ad Space