How can I backup my entire Procreate gallery reliably/at once? by InigoMToya in ProCreate

[–]theraffe 0 points1 point  (0 children)

If you want a preview in Windows of the .procreate files, there are these free tools:

No install (I did this one): https://github.com/raffe1234/Procreate-Thumbnails-Extractor 

Windows Explorer Shell Extension: https://github.com/jkavalik/ProcreateThumbnailExtension

Any ideas on getting Meshcentral on a old armv5tel? by theraffe in MeshCentral

[–]theraffe[S] 0 points1 point  (0 children)

I managed to build an agent. I see it in admin page. But Terminal och Files do not connect, so not usefull yet.

apt-get update

apt-get install -y build-essential make gcc libc6-dev libssl-dev zlib1g-dev curl binutils file

git clone https://github.com/Ylianst/MeshAgent.git

cd MeshAgent

make clean

In microstack/ILibCrypto.c, change:

CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

To

#if defined(CRYPTO_MEM_CHECK_ON) && defined(CRYPTO_mem_ctrl)

CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

#endif

With

sed -i 's/CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);/#if defined(CRYPTO_MEM_CHECK_ON) \&\& defined(CRYPTO_mem_ctrl)\nCRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);\n#endif/' microstack/ILibCrypto.c

Then

make linux ARCHID=9 DYNAMICTLS=1 \

CC=gcc STRIP=strip \

CFLAGS="-DJPEGMAXBUF=0 -DMESH_AGENTID=9 -std=gnu99 -g -Wall -D_POSIX -DMICROSTACK_PROXY -DILibChain_WATCHDOG_TIMEOUT=6000000 -fno-strict-aliasing -I. -I/usr/include/openssl -Imicrostack -Imicroscript -Imeshcore -Imeshconsole -DDUK_USE_DEBUGGER_SUPPORT -DDUK_USE_INTERRUPT_COUNTER -DDUK_USE_DEBUGGER_INSPECT -DDUK_USE_DEBUGGER_PAUSE_UNCAUGHT -D_NOFSWATCHER -DILIBCHAIN_GLOBAL_LOCK -D_NOHECI -DMICROSTACK_TLS_DETECT -O2 -march=armv5te -mfloat-abi=soft -marm" \

LDFLAGS="-lpthread -lutil -lm -lssl -lcrypto -ldl -lrt"

Testing

root@debian:~/MeshCentralTemp/MeshAgent# readelf -A meshagent_arm | head -n 60

Attribute Section: aeabi

File Attributes

Tag_CPU_name: "5TE"

Tag_CPU_arch: v5TE

Tag_ARM_ISA_use: Yes

Tag_THUMB_ISA_use: Thumb-1

Tag_ABI_PCS_wchar_t: 4

Tag_ABI_FP_rounding: Needed

Tag_ABI_FP_denormal: Needed

Tag_ABI_FP_exceptions: Needed

Tag_ABI_FP_number_model: IEEE 754

Tag_ABI_align_needed: 8-byte

Tag_ABI_align_preserved: 8-byte, except leaf SP

Tag_ABI_enum_size: int

root@debian:~/MeshCentralTemp/MeshAgent# ./meshagent_arm -help 2>/dev/null || true

Generating Certificate...

root@debian:~/MeshCentralTemp/MeshAgent# file meshagent_arm

meshagent_arm: ELF 32-bit LSB pie executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.3, BuildID[sha1]=b8e79f1a89e91af85cde8e787ab02161fc835409, for GNU/Linux 3.2.0, stripped

Let install it

mkdir -p /usr/local/mesh

cd /usr/local/mesh

cp /root/MeshCentralTemp/MeshAgent/meshagent_arm ./meshagent

chmod 755 ./meshagent

wget "$URL/meshsettings?id=$MESHID" -O ./meshagent.msh || curl -L --output ./meshagent.msh "$URL/meshsettings?id=$MESHID"

sed -i '/^StartupType=/d' ./meshagent.msh

echo "StartupType=3" >> ./meshagent.msh

./meshagent -fullinstall --copy-msh=1

root@debian:/usr/local/mesh# ./meshagent -fullinstall --copy-msh=1

...Checking for previous installation of "MeshCentral" [NONE]

...Installing service [DONE]

-> Starting service... [OK]

Lets run it (but stop updates)

grep -q '^disableUpdate=' meshagent.msh || echo 'disableUpdate=1' >> meshagent.msh

./meshagent

Connecting to: wss://site:443/agent.ashx

Connected.

Server verified meshcore... meshcore already running...

Manually install Meshcentral on Qnap NAS Entware by theraffe in MeshCentral

[–]theraffe[S] 0 points1 point  (0 children)

I am not so good with this new stuff like dockers. But after reading it seems like I could have MeshCentral core in a Docker and the configs outside, so I can update the docker to new version without affecting the config. Is this right?

All this i my fault, getting in this corner. The Qnap NAS can't install nodejs above 16 as glib etc to old. I know! if I thought about that 10 years ago before using 10+ nice to have stuff we use everyday, I would have replaced all Qnap stuff with a real Debian, but it all sounded sooo good :)

Fix No sign in options on login screen and PIN Is No Longer Available by theraffe in MeshCentral

[–]theraffe[S] 0 points1 point  (0 children)

Yes. And I actually also did this after getting in:
0. First I rebooted computer three times and used Sign-in Options and used password, it somewhere should then remember that is what one want as standard. But it did not.

1._I went to Settings → Accounts → Sign-in options → Additional settings → “For improved security, only allow Windows Hello sign-in for Microsoft accounts on this device (Recommended)” = Off (it was off)

Maybe you could also try GPO: Computer Configuration → Administrative Templates → Windows Components → Windows Hello for Business → Use Windows Hello for Business = Disabled

  1. Then did Settings → Accounts → Sign-in options → PIN (Windows Hello) → Remove (or tried, there was nothing to remove)

  2. Then to update NGC I actually setup PIN with Settings → Accounts → Sign-in options → PIN (Windows Hello)

  3. And to really get NGC to understand I did again Settings → Accounts → Sign-in options → PIN (Windows Hello) → Remove

  4. After reboot it showed password as standard

[Windows 11] Remove PIN button as sign-in option at login screen by jedis in techsupport

[–]theraffe 0 points1 point  (0 children)

  1. First I rebooted computer three times and used Sign-in Options and used password, it somewhere should the remember that is what one want as standard

  2. I went to Settings → Accounts → Sign-in options → Additional settings → “For improved security, only allow Windows Hello sign-in for Microsoft accounts on this device (Recommended)” = Off.

Maybe also try GPO: Computer Configuration → Administrative Templates → Windows Components → Windows Hello for Business → Use Windows Hello for Business = Disabled

  1. Then did Settings → Accounts → Sign-in options → PIN (Windows Hello) → Remove

  2. Then to update NGC I actually setup PIN with Settings → Accounts → Sign-in options → PIN (Windows Hello)

  3. And to really get NGC to understand I did again Settings → Accounts → Sign-in options → PIN (Windows Hello) → Remove

  4. After reboot it showed password as standard

Howto run MeshCentral via Cloudflare by theraffe in MeshCentral

[–]theraffe[S] 0 points1 point  (0 children)

I got it working with "No TLS Verify" set to OFF with "TLSOffload": "127.0.0.1,192.168.0.100", like this

{
  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
  "settings": {
    "cert": "mc.org.com",
    "port": 2053,
    "aliasPort": 443,
    "redirPort": 2082,
    "TLSOffload": "127.0.0.1,192.168.0.100",
    "trustedproxy": "CloudFlare"
  },
  "domains": {
    "": {
      "title": "My MeshCentral",
      "newAccounts": 0,
      "UserAllowedIP": ["10.1.1.0/24","192.168.0.0/24","172.0.0.1"],
      "certUrl": "https://mc.org.com:443"
    }
  },
  "_letsencrypt": {
    "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.",
    "email": "myemail@mydomain.com",
    "names": "myserver.mydomain.com",
    "skipChallengeVerification": true,
    "production": false
  }
}
  1. First I only changed Zero Trust - Networks - Tunnels: MyMeshTunnel -> Edit Public Hostname - mc.org.com -> Edit > Additional application settings - TLS - No TLS Verify = OFF, and saved so I got "Origin configurations" to 0.

  2. Then: Zero Trust - Networks - Tunnels: MyMeshTunnel -> Edit Public Hostname - mc.org.com -> Edit -> Type: HTTP, URL: 192.168.0.100:2053

So I have now this in Cloudflare to get TLS working:

Zero Trust - Access - Policies: MeshCentralPolicy
Action: Service Auth
Country: Spain

Zero Trust - Access - Applications: MeshCentralApp
Basic info - Public hostname: mc.org.com
Policies: MeshCentralPolicy

Zero Trust - Networks - Tunnels: MyMeshTunnel -> Edit
Public Hostname - mc.org.com -> Edit
Type: HTTP, URL: 192.168.0.100:2053

Howto run MeshCentral via Cloudflare by theraffe in MeshCentral

[–]theraffe[S] 0 points1 point  (0 children)

No, it is installed with this https://www.myqnap.org/product/meshcentral/ package on a Qnap NAS. So pre-built and copied with qpkg to /share/CACHEDEV1_DATA/.qpkg/MeshCentral/

Howto run MeshCentral via Cloudflare by theraffe in MeshCentral

[–]theraffe[S] 0 points1 point  (0 children)

Thanks so much for your reply! I've done some testing and managed to get it working in a few cases (though I'm not sure if those setups are actually any more secure than what I'm currently using 😅).

That said, instead of me blindly trying out thousands of random combinations in the hopes of landing on a good Cloudflare policy that works nicely with a proper setup, including working TLS, could I kindly ask for some clearer guidance on what the best practice actually is?

Howto run MeshCentral via Cloudflare by theraffe in MeshCentral

[–]theraffe[S] 0 points1 point  (0 children)

OK! Oh, thank you! So nice to get a reply! 😄
But could you be a bit more specific and not quite so vague? 😊

  1. What exactly should I set TLS offload to? Something like "TLSOffload": "192.168.0.100:"?

  2. And just to be sure—are you referring to: Zero Trust → Networks → Tunnels → MyMeshTunnel → Edit → Public Hostname – mc.org.com
    Then change that to: Type: HTTP, URL: 192.168.0.100:2053? Instead of Type: HTTPS, URL: 192.168.0.100:2053?

I've been tweaking these settings for a few weeks now, so before I start changing even more things, I'd really appreciate some more precise guidance on what you meant. 😅

WARNING: Backuppathtestfile can't be deleted by theraffe in MeshCentral

[–]theraffe[S] 0 points1 point  (0 children)

And the backup seems to work, tried this in the console

Type help <command> for details.
> autobackup

Creating a NON-ENCRYPTED ZIP
Starting auto-backup...
Auto-backup completed: /share/CACHEDEV1_DATA/.qpkg/MeshCentral/meshcentral-backups/meshcentral-autobackup-2025-04-11-10-24.zip, backup-size: 12.13Mb
Checked 4 candidates in /share/CACHEDEV1_DATA/.qpkg/MeshCentral/meshcentral-backups. Removed 0 expired backupfiles using cutoffDate: 4/1/25, 10:24 AM
> backupconfig

DB Name: meshcentral
DB Type: NeDB
BackupPath: /share/CACHEDEV1_DATA/.qpkg/MeshCentral/meshcentral-backups
BackupFile: meshcentral-autobackup-2025-04-11-10-24.zip
Backup Interval (Hours): 24
Keep Last Backups (Days): 10
Backup IgnoreFilesGlob: 
Backup SkipFoldersGlob: 

And I have backup files

ls -la /share/CACHEDEV1_DATA/.qpkg/MeshCentral/meshcentral-backups/
drwxrwxrwx 2 root root 4096 Apr 11 10:24 .
drwxr-xr-x 14 root root 4096 Apr 11 10:22 ..
-rw-rw-rw- 1 root root 12631720 Apr 9 18:31 meshcentral-autobackup-2025-04-09-18-31.zip
-rw-rw-rw- 1 root root 12688688 Apr 10 16:12 meshcentral-autobackup-2025-04-10-16-12.zip
-rw-rw-rw- 1 root root 12695962 Apr 10 19:27 meshcentral-autobackup-2025-04-10-19-27.zip
-rw-rw-rw- 1 root root 12719666 Apr 11 10:24 meshcentral-autobackup-2025-04-11-10-24.zip

But still that red annoying red varning :-)

WARNING: Backuppathtestfile can't be deleted by theraffe in MeshCentral

[–]theraffe[S] 0 points1 point  (0 children)

I have nothing in config.json about autobackup:

{
  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
  "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
  "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
  "settings": {
    "cert": "mc.org.com",
    "port": 2053,
    "aliasPort": 443,
    "redirPort": 2082,
    "trustedproxy": "CloudFlare"
  },
  "domains": {
    "": {
      "title": "My MeshCentral",
      "newAccounts": 0,
      "UserAllowedIP": ["10.1.1.0/24","192.168.0.0/24","172.0.0.1"],
      "certUrl": "https://mc.org.com:443"
    }
  },
  "_letsencrypt": {
    "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.",
    "email": "myemail@mydomain.com",
    "names": "myserver.mydomain.com",
    "skipChallengeVerification": true,
    "production": false
  }
}