MeshCentral behind NethServers Reverse Proxy

NethServer Version: 7.9.2009
Module: MeshCentral


Hello Markus

A small question with your MeshCentral module. I’m installing it on a new server, locally it works without issues.

At this site there are 2 NethServers, only one has http and https external access. This one is running the reverse proxy for the second NethServer.

Using a reverse proxy traditionally does not work, the page appears as textlike html:

The current settings are as follows:

I also tried using the newer “Websocket” option, which does not work - at least without a “path” it does not.
What would be a correct path for MeshCentral, assuming it could work?

Or is it not possible for MeshCentral to work behing NethServers Reverse Proxy at all?

Many thanks!

BTW: The Module is working without issues in several installations. Only here I may need a reverse Proxy…

My 2 cents

Maybe it’s a LAN/reverse proxy issue? Did you try if it works from WAN?

In /etc/httpd/conf.d/zz_meshcentral.conf there are some rewrite lines, maybe they’re needed.

You may add them in a custom reverse proxy conf file like zz_meshcustom.conf instead of the one configured in the server manager on the NethServer with the reverse proxy.

   RewriteCond %{HTTP:Upgrade} websocket [NC]
   RewriteCond %{HTTP:Connection} upgrade [NC]
   RewriteRule . ws://{REQUEST_URI} [P]

   ProxyPass /
   ProxyPassReverse /

I’m going to test it later today…


I only have either OpenVPN access to the LAN or access from outside at the moment… :slight_smile:

I can confirm the issue but I didn’t find a way that shows the page correctly.
I’ll try some more and report if I got it working…

1 Like


I actually have valid ssl certs on both Nethservers, and traffic is passed thru as https…

It works when you open the port 8989 on the Meshcentral Nethserver by creating a service and set the proxy to redirect to “Enable Websocket” is needed too.

Meshcentral Nethserver:

Proxying Nethserver:



Do I still need to forward the normal Ports 80/443?
And how, as NethServer ReverseProxy only allows one IP/Port with that specific name…

Without the port-forwarding for Ports 80/443, the webpages keeps searching until timeout.

Note: The NethServer doing the Reverse Proxy is NOT the firewall, this is an OPNsense box.
I’ve tried forwarding Port 8989 to (ReverseProxy) and directly to (Mesh), both did not work.


I changed this:


Opensense forwards ports 80, 443, 8989 to, which in turn forwards the ports required to

I get the correct login page for MeshCentral, however, I can’t login anymore.
It always says wrong login / password…

I corrected the sevice by addind a service and setting the originam meshcentral back to localhost (removing red & green solves that). Still no login.


My 2 cents


Finally got MongoDB monitoring in Zabbix to work, now I need some “traffic” there… :slight_smile:

1 Like

I think it’s enough to have one meshcentral service entry opening the port 8989 to green.

You may try to create an account to login, the following example creates an admin account testuser with password secret:

cd /opt/meshcentral/node_modules/

Create user:

scl enable rh-nodejs10 'node meshcentral --createaccount testuser --pass "secret"'

Enable admin permissions:

scl enable rh-nodejs10 'node meshcentral --adminaccount testuser'

Restart service:

systemctl restart meshcentral

No, as you use reverse proxy, no port forwarding is needed.

You don’t need to open 8989 as it’s just used internal.

I have the same config.
My opnsense port forwards 80 and 443 and to Neth 1.
Neth1 reverse proxies to Neth 2 port 8989.
Neth2 provides Meshcentral and has open port 8989.

Great, thanks for sharing!

1 Like

MongoDB gives a lot of data for Zabbix… :slight_smile:


Thamks, the testuser worked…

Now to get AD Backend working. Correct SSLs are ready… :slight_smile:

1 Like



A slight detail cropped up:

An external PC can’t register to that Mesh… :frowning:

I tried:

Logging into a test PC via VPN/RDP.
From there via Browser to https://mesh.domain.tld and logging on as admin (AD now working).
Installing an Agent on the PC - no issues.

On the WebInterface of MeshCentral, nothing shows up?

Where you able to connect an external PC in your Setup?

My 2 cents

Yes, I was able to connect a VPS, I didn’t test a PC behind a firewall.


Did you allow the agent IP?

config setprop AgentAllowedIP,

See also Neth wiki (under Security)

1 Like