In this section, we will look at installing MeshCentral on the Single Board Computer Raspberry Pi. This computers low price and low power consumption makes it perfect for an always on system fro managing computers in a home or small business network. This install will work on any version of the Raspberry Pi, b ut will certainly be faster on v3 or newer boards.

For this example, we are going to be using the Raspian operating system. You can use the NOOBS version to get this installed on your Rasperry pi. For better performance you can use the “Raspian Stretch Lite” image., which is smaller and does not use the X Desktop interface.

To help keep things even smaller, in this walkthrough, we are not going to use MongoDB, and instead use the built in NeDB.

The first prerequisite is to ensure NodeJS is installed on the system. We are going to assume the default user “pi” and that we are in the home folder. Lets start by installing NodeJS:

sudo apt-get update
sudo apt-get dist-upgrade
curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash
sudo apt-get -y install nodejs

You can verify the versions of NodeJS and NPM just installed with the following commands:

node -v

On Linux, as a security feature, ports below 1024 are reserved for processes running as “root” user. In our case, we need MeshCentral to listen/run on ports 80 and 443. To accomplish this, we first need to discover where NodeJS runs from:

whereis node
node: /usr/bin/node /usr/include/node /usr/share/man/man1/node.1.gz

In this case, the result shows NodeJS binaries are found at /usr/bin/node. We will this path in the next command, which will allow NodeJS to utilize ports below 1024. Note that these permissions may sometimes be lost when updating the Linux Kernel and the command may need to be run again. ¹⁾

sudo setcap cap_net_bind_service=+ep /usr/bin/node

We are finally ready to install MeshCentral! We use NPM to install the latest version of MeshCentral with the command below: <HTML> <span style=“color:red;font-size:110%;”>!!DO NOT USE “SUDO” FOR THIS COMMAND!!</span> </HTML>

npm install meshcentral

After the installation completes we can manually run MeshCentral for the first time Since we will only be managing computers inside the local network, we will use the –lanonly aregument. And since generating the larger default certificates (RSA3072) can take quite a while on the Raspberry Pi, we will use the –fastcert option as well. This will generate slightly less secure RSA2048 certificates instead, but they run much faster on small processors like the Raspberry Pi:

node ./node_modules/meshcentral --lanonly --fastcert

At this point, you should see MeshCentral create its' certificates and start running.

MeshCentral HTTP redirection web server running on port 80.
Generating certificates, may take a few minutes...
Generating root certificate...
Generating HTTPS certificate...
Generating MeshAgent certificate...
Generating Intel AMT MPS certificate...
Generating Intel AMT console certificate...
Server name not configured, running in LAN-only mode.
MeshCentral HTTPS web server running on port 443.
Server has no users, next new account will be site administrator.

Do note the last line in that output! The first user account created will become the system admin account. Let's use ifconfig to find the system's IP address:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.162 netmask 255.255.255.0 broadcast 192.168.2.255
inet6 fe80::8841:34b7:685:14a7 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:01:13:3f txqueuelen 1000 (Ethernet)
RX packets 58325 bytes 72302196 (68.9 MiB)
RX errors 0 dropped 271 overruns 0 frame 0
TX packets 28457 bytes 3576126 (3.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

in this case, we see the IP address is 192.168.2.162. So you should be able to open a browser and go to that address: https://192.168.2.162 and should see the server working as expected. Your browser will give you a certificate warning because the self-generated certificate is not trusted. For now you can just ignore that warning and continue. Chack the MeshCentral User's Guide or this wiki's configuration guide for info on how to fix this.

MeshCentral is in a usable state now, but there are still a couple of things to do still. Press CTRL-C to stop MeshCentral and we will continue on.

There are only a couple of things we want to check in the default configuration. Most of the configuration for MeshCentral is stored in the config.json file. We can edit it by entering the following command:

sudo nano ~/meshcentral-data/config.json

Inside of the text editor, we want to make the beginning of the file look like this:

{
  "settings": {
    "LANonly": true,
    "FastCert": true,
    "_Port": 443,
    "_RedirPort": 80,
    "_AllowLoginToken": true,
    "_AllowFraming": true,
    "_WebRTC": false,
    "_ClickOnce": false,
    "_UserAllowedIP" : "127.0.0.1,::1,192.168.2.0\24"
  },
  <...more stuff in here...>
}

If you are starting with the default config.json file created by the installation, you will need to remove some of the leading underscore characters “_” and add it to the beginning of some other values. This leading underscore character indicated a commented out value. So to enable a setting the value should not start with this underscore. To disable a setting you need to *add* the underscore. For full details on all of the available options in config.json you can see our config.json reference or the Complete config.json schema on GitHub.

Once you have finished editing the config.json file, save it (CTRL-O in nano) and exit the text editor (CTRL-X in nano) and manually run MeshCentral again:

node ./node_modules/meshcentral

Now go ahead and create a new account. The first account created becomes the server administrator, so yo don't want to delay creating this account. Once you have created this account and logged in with it successfully you can close MeshCentral again using CTRL-C. Next we will set up MeshCentral to run automatically in the background.

Since Raspian supports systemd, we are going to use that to auto start MeshCentral in the background. First we need to know what our own username and group are. The simplest way to find this info is (from your home folder) run

ls -l

Doing so should give output similar to this example below:

drwxr-xr-x 2 pi pi 4096 Jul 20 00:03 Desktop
drwxr-xr-x 2 pi pi 4096 Jul 20 00:03 Documents
drwxr-xr-x 2 pi pi 4096 Jul 20 00:03 Download
...

Make note of the username and group. In the sample above, the username is pi and the group is also pi.

We will also need to know the path where NodeJS binaries are at. to find this enter:

whereis node

Node is usually installed at /usr/bin/node but if your check above shows a different path, make note of it and enter it into the appropriate place in the file we are about to create.

We will need all of this information to create the description file for the MeshCentral service we create. To create this description file, enter:

sudo nano /etc/systemd/system/meshcentral.service

In this new file, enter the following lines:

[Unit]
Description=MeshCentral Server

[Service]
Type=simple
LimitNOFILE=1000000
ExecStart=/usr/bin/node /home/pi/node_modules/meshcentral
WorkingDirectory=/home/pi
Environment=NODE_ENV=production
User=pi
Group=pi
Restart=always
# Restart service after 10 seconds if node service crashes
RestartSec=10
# Set port permissions capability
AmbientCapabilities=cap_net_bind_service

[Install]
WantedBy=multi-user.target

Be sure you set the username and group values correctly for your specific installation.Notice that the ExecStart and WorkingDirectory lines include the path to the user's home folder. So make sure you have the correct username in there. Also be sure to double check the path to NodeJS in the ExecStart line.

Once we have this file created we can now enable, start, stop and disable MeshCentral:

sudo systemctl enable meshcentral.service
sudo systemctl start meshcentral.service
sudo systemctl stop meshcentral.service
sudo systemctl disable meshcentral.service

Run the first two commands to enable then start MeshCentral. Enabling the service will make MeshCentral start up automatically each time the computer restarts.

Once MeshCentral is started, you can access it via web browser just as we did earlier. You should now refer to the MeshCentral User's Guide or this wiki's configuration guides for information about on how to further configure and use MeshCentral.

sudo raspi-config

Choose “Network → Hostname” and follow the on screen instructions.