more docs

api/tacticalrmm/accounts/management/commands/generate_barcode.py

@@ -7,7 +7,7 @@ from accounts.models import User
 
 
 class Command(BaseCommand):
-    help = "Generates barcode for Google Authenticator and creates totp for user"
+    help = "Generates barcode for Authenticator and creates totp for user"
 
     def add_arguments(self, parser):
         parser.add_argument("code", type=str)
@@ -27,11 +27,11 @@ class Command(BaseCommand):
         subprocess.run(f'qr "{url}"', shell=True)
         self.stdout.write(
             self.style.SUCCESS(
-                "Scan the barcode above with your google authenticator app"
+                "Scan the barcode above with your authenticator app"
             )
         )
         self.stdout.write(
             self.style.SUCCESS(
-                f"If that doesn't work you may manually enter the key: {code}"
+                f"If that doesn't work you may manually enter the setup key: {code}"
             )
         )

docs/docs/install_docker.md

@@ -0,0 +1,72 @@
+# Docker Setup
+
+- Install docker and docker-compose
+- Obtain valid wildcard certificate for your domain. If certificates are not provided, a self-signed certificate will be generated and most agent functions won't work. See below on how to generate a free Let's Encrypt!
+
+## Generate certificates with certbot
+Install Certbot
+
+```
+sudo apt-get install certbot
+```
+
+Generate the wildcard certificate. Add the DNS entry for domain validation. Replace `example.com` with your root doamin
+
+```
+sudo certbot certonly --manual -d *.example.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns
+```
+
+## Configure DNS and firewall
+
+You will need to add DNS entries so that the three subdomains resolve to the IP of the docker host. There is a reverse proxy running that will route the hostnames to the correct container. On the host, you will need to ensure the firewall is open on tcp ports 80, 443 and 4222.
+
+## Setting up the environment
+
+Get the docker-compose and .env.example file on the host you which to install on
+
+```
+wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/docker/docker-compose.yml
+wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/docker/.env.example
+mv .env.example .env
+```
+
+Change the values in .env to match your environment.
+
+If you are supplying certificates through Let's Encrypt or another source, see the section below about base64 encoding the certificate files. 
+
+## Base64 encoding certificates to pass as env variables
+
+Use the below command to add the the correct values to the .env.
+
+Running this command multiple times will add redundant entries, so those will need to be removed.
+
+Let's encrypt certs paths are below. Replace ${rootdomain} with your own.
+
+public key
+`/etc/letsencrypt/live/${rootdomain}/fullchain.pem`
+
+private key
+`/etc/letsencrypt/live/${rootdomain}/privkey.pem`
+
+```
+echo "CERT_PUB_KEY=$(sudo base64 -w 0 /path/to/pub/key)" >> .env
+echo "CERT_PRIV_KEY=$(sudo base64 -w 0 /path/to/priv/key)" >> .env
+```
+
+## Starting the environment
+
+Run the below command to start the environment.
+
+```
+sudo docker-compose up -d
+```
+
+Removing the -d will start the containers in the foreground and is useful for debugging.
+
+## Get MeshCentral EXE download link
+
+Run the below command to get the download link for the mesh central exe. This needs to be uploaded on first successful signin.
+
+```
+sudo docker-compose exec tactical-backend python manage.py get_mesh_exe_url
+```

docs/docs/install_server.md

@@ -0,0 +1,119 @@
+# Installation
+
+## Minimum requirements
+- A fresh linux VM running either Ubuntu 20.04 or Debian 10, with a minimum of 2GB RAM.<br/>
+
+!!!warning
+    The provided install script assumes a fresh server with no software installed on it. Attempting to run it on an existing server with other services **will** break things and the install will fail.<br/><br/>
+    The install script has been tested on the following public cloud providers: DigitalOcean, Linode, Vultr, BuyVM (highly recommended), Hetzner, AWS, Google Cloud and Azure, as well as behind NAT on Hyper-V, Proxmox and ESXi.
+
+- A real domain is needed to generate a Let's Encrypt cert. <br/>If you cannot afford to purchase a domain ($12 a year) then you can get one for free at [freenom.com](https://www.freenom.com/)<br/><br/>
+
+- A TOTP based authenticator app. Some popular ones are Google Authenticator, Authy and Microsoft Authenticator.<br/><br/>
+
+## Install
+
+#### Run updates and setup the linux user
+SSH into the server as **root**.<br/><br/>
+Download and run the prereqs and latest updates<br/>
+```bash
+apt update
+apt install -y wget curl sudo
+apt -y upgrade
+```
+If a new kernel is installed, then reboot the server with the `reboot` command<br/><br/>
+Create a user to run the rmm and add it to the sudoers group. For this example we'll be using a user named `tactical` but feel free to create whatever name you want.
+```bash
+adduser tactical
+usermod -a -G sudo tactical
+```
+- *Optional: [enable passwordless sudo to make your life easier](https://linuxconfig.org/configure-sudo-without-password-on-ubuntu-20-04-focal-fossa-linux)*<br/><br/>
+
+#### Setup the firewall (optional but highly recommended)
+
+!!!info
+    Skip this step if your VM is __not__ publicly exposed to the world e.g. running behind NAT. You should setup the firewall rules in your router instead (ports 22, 443 and 4222 TCP).
+
+```bash
+ufw default deny incoming
+ufw default allow outgoing
+ufw allow https
+ufw allow proto tcp from any to any port 4222
+```
+
+!!!info
+    SSH is only required for you to remotely login and do basic linux server administration for your rmm. It is not needed for any agent communication.<br/>
+Allow ssh from everywhere (__not__ recommended)
+```bash
+ufw allow ssh
+```
+
+Allow ssh from only allowed IP's (__highly__ recommended)
+```bash
+ufw allow from X.X.X.X to any port 22
+ufw allow from X.X.X.X to any port 22
+```
+
+Enable and activate the firewall
+```
+ufw enable && sudo ufw reload
+```
+
+#### Create the A records
+
+We'll be using `example.com` as our domain for this example.
+
+!!!info
+    The RMM uses 3 different sites. The Vue frontend e.g. `rmm.example.com` which is where you'll be accesing your RMM from the browser, the REST backend e.g. `api.example.com` and Meshcentral e.g. `mesh.example.com`
+
+
+Get the public IP of your server with `curl icanhazip.com`<br/>
+Open the DNS manager of wherever the domain you purchased is hosted.<br/>
+Create 3 A records: `rmm`, `api` and `mesh` and point them to the public IP of your server:
+
+![arecords](images/arecords.png)
+
+
+#### Run the install script
+
+Switch to the `tactical` user
+```bash
+su - tactical
+```
+
+Download and run the install script
+```bash
+wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/install.sh
+chmod +x install.sh
+./install.sh
+```
+
+Answer the initial questions when prompted. Replace `example.com` with your domain.
+
+![questions](images/install_questions.png)
+
+
+Deploy the TXT record in your DNS manager:
+
+!!!warning
+    TXT records can take anywhere from 1 minute to a few hours to propogate depending on your DNS provider.<br/>
+    You should verify the TXT record has been deployed first before pressing Enter.<br/>
+    A quick way to check is with the following command:<br/> `dig -t txt _acme-challenge.example.com`
+
+![txtrecord](images/txtrecord.png)
+
+![dnstxt](images/dnstxt.png)
+
+Create a login for the RMM web UI:
+
+![rmmlogin](images/rmmlogin.png)
+
+A bunch of URLS / usernames / passwords will be printed out at the end of the install script. Save these somewhere safe.
+
+Copy the url for the meshagent exe (`https://mesh.example.com/agentinvite?c=......`), paste it in your browser and download the mesh agent:
+
+![meshagentdl](images/meshagentdl.png)
+
+Navigate to `https://rmm.example.com` and login with the username/password you created during install.<br/><br/>
+Once logged in, you will be redirected to the initial setup page.<br/><br/>
+Create your first client/site, choose the default timezone and then upload the mesh agent you just downloaded.

docs/mkdocs.yml

@@ -1,9 +1,16 @@
 site_name: "Tactical RMM"
 nav:
   - Home: index.md
+  - Installation:
+      - "Traditional Install": install_server.md
+      - "Docker Install": install_docker.md
+  - Troubleshooting: troubleshooting.md
+  - FAQ: faq.md
 site_description: "A remote monitoring and management tool for Windows computers"
 site_author: "wh1te909"
 
+dev_addr: "0.0.0.0:8005"
+
 # Repository
 repo_name: "wh1te909/tacticalrmm"
 repo_url: "https://github.com/wh1te909/tacticalrmm"