[GH-ISSUE #1400] Separate MeshCentral Agent + Web Console ports #2823

New issue

Open

opened 2026-03-14 05:37:34 +03:00 by kerem · 2 comments

kerem commented 2026-03-14 05:37:34 +03:00

Owner

Copy link

Originally created by @joeldeteves on GitHub (Jan 10, 2023).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/1400

We've discussed this previously in Discord, and I think it's time to open an issue for it.

As the description says, I am requesting that the MeshCentral Agent + Web Console ports be separated.

This is to allow for more fine-grained control and better security of the bundled MeshCentral instance.

For example, if the Agents run on their own port, we can proxy in front of the web console while still allowing agents to communicate, set firewall rules only allowing access from certain IPs to the Mesh Console, etc.

Happy to help out with this one on the Docker side - unsure what, if anything needs to change on the TRMM side.

Thank you,

EDIT: Here is an explanation from Ylian on how this works:

Originally created by @joeldeteves on GitHub (Jan 10, 2023). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/1400 We've discussed this previously in Discord, and I think it's time to open an issue for it. As the description says, I am requesting that the MeshCentral Agent + Web Console ports be separated. This is to allow for more fine-grained control and better security of the bundled MeshCentral instance. For example, if the Agents run on their own port, we can proxy in front of the web console while still allowing agents to communicate, set firewall rules only allowing access from certain IPs to the Mesh Console, etc. Happy to help out with this one on the Docker side - unsure what, if anything needs to change on the TRMM side. Thank you, EDIT: Here is an explanation from Ylian on how this works: 

kerem added the

dev-triage

label 2026-03-14 05:37:34 +03:00

kerem commented 2026-03-14 05:37:45 +03:00

Author

Owner

Copy link

@joeldeteves commented on GitHub (Jan 10, 2023):

Just a FYI, I found a workaround on this.

I was able to use Path on my Traefik reverse proxy to exclude the agent paths.

However, for users who want to use another method e.g. firewall/vpn, it would be good to have the ports separated.

<!-- gh-comment-id:1376802901 --> @joeldeteves commented on GitHub (Jan 10, 2023): Just a FYI, I found a workaround on this. I was able to use `Path` on my Traefik reverse proxy to exclude the agent paths. However, for users who want to use another method e.g. firewall/vpn, it would be good to have the ports separated.

kerem commented 2026-03-14 05:37:51 +03:00

Author

Owner

Copy link

@Trapulo commented on GitHub (Feb 28, 2024):

Can you explain what did you do?
I'm using HAProxy as reverse proxy + SSL offloading behind the Tactical docker env.

<!-- gh-comment-id:1969012992 --> @Trapulo commented on GitHub (Feb 28, 2024): Can you explain what did you do? I'm using HAProxy as reverse proxy + SSL offloading behind the Tactical docker env.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

master

1.0.0

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.20.1

v0.20.0

v0.19.4

v0.19.3

v0.19.2

v0.19.1

v0.19.0

v0.18.2

v0.18.1

v0.18.0

v0.17.5

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.5

v0.16.4

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.12

v0.15.11

v0.15.10

v0.15.9

v0.15.8

v0.15.7

v0.15.6

v0.15.5

v0.15.4

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.8

v0.14.7

v0.14.6

v0.14.5

v0.14.4

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.4

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.2

v0.9.1

v0.9.0

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.32

v0.4.31

v0.4.30

v0.4.29

v0.4.28

v0.4.27

v0.4.26

v0.4.25

v0.4.24

v0.4.23

v0.4.22

v0.4.21

v0.4.20

v0.4.19

v0.4.18

v0.4.17

v0.4.16

v0.4.15

v0.4.14

v0.4.13

v0.4.12

v0.4.11

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.23

v0.2.22

v0.2.21

v0.2.20

v0.2.19

v0.2.18

v0.2.17

v0.2.16

v0.2.15

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

In Process

  

bug

  

bug

  

dev-triage

  

documentation

  

duplicate

  

enhancement

  

fixed

  

good first issue

  

help wanted

  

integration

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

requires agent update

  

security

  

ui tweak

  

wontfix

No labels

In Process

bug

bug

dev-triage

documentation

duplicate

enhancement

fixed

good first issue

help wanted

integration

invalid

pull-request

question

requires agent update

security

ui tweak

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/tacticalrmm#2823

No description provided.