ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?

    Scheduled Pinned Locked Moved IT Discussion
    45 Posts 6 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      flaxking
      last edited by

      Hmm, I thought screenconnect was trying to wind down on premises sales, was I wrong or did they switch directions? A Mono update is a good sign. I've never used Mono but from what I understand the later versions are on par with newer .Net

      scottalanmillerS 2 Replies Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @flaxking
        last edited by scottalanmiller

        @flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

        @scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

        @flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

        I've heard some bad reports about running screenconnect on Linux. Probably due to the fact it relies on Mono for .Net, rather than actually being initially developed for Linux.

        No, the issue is more marketing than actual issues. We've run on both Windows and Linux and all things considered, it's been better on Linux. All the issues come from it being poorly written for legacy .NET and not updated to current .NET, but not really an issue. .NET itself is cross platform and no more Windows than Linux. But it's written for legacy, and needs Mono to deal with that, but Mono does so just fine.

        But because of Nginx, SC is actually quite significantly better on Linux than on Windows. Lower cost, better performance (at the same price point.)

        I think the issue I was thinking of was this one https://control.product.connectwise.com/communities/6/topics/1691-tls-13-seems-to-breaks-screenconnect-when-using-ssl-on-mono

        So I think at this point reverse proxy ssl termination should probably be considered the best way to run it on Linux, which is pretty standard for a lot of web apps.

        FTFY

        Having SSL offloaded to a reverse proxy would be the expected way to run anything like this in production. If you aren't doing this on Windows, you aren't treating the Windows install as seriously as the Linux one. The expected deployment method for this on Windows would still be to have Nginx (or similar) in front of it, generally on Linux. So the parts that the OP is finding most challenging are identical regardless of how he would install SC itself, the reverse proxy is equally standard, and equally likely to be on Linux.

        That they have an issue with SSL on Mono is really neither here nor there. That's the wrong place for SSL termination to be. And I know people running SC on Windows that can't get SSL working too. It's not just a Mono issue, maybe a different issue, but SC support wasn't able to help. So they need Linux there, even for Windows installs. The SSL issue with Mono is like running something like NodeJS. You don't put SSL encryption in the app itself, you put it in front. Like you said, it's a standard pattern.

        F 1 Reply Last reply Reply Quote 3
        • scottalanmillerS
          scottalanmiller @flaxking
          last edited by

          @flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

          Hmm, I thought screenconnect was trying to wind down on premises sales, was I wrong or did they switch directions? A Mono update is a good sign.

          They were, I think that some amount of updates are just required so they are sticking with it. Surely it shares some code with their hosted app.

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @flaxking
            last edited by

            @flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

            I've never used Mono but from what I understand the later versions are on par with newer .Net

            Mono is .NET, just an open source implementation of it. Mono isn't catching up with Microsoft's native .NET (although MS owns Mono I believe, so both are MS), but rather Microsoft long ago released their own .NET Core for Linux which is 100% identical to the one that they make for Windows. This modern .NET Core is cross platform and really, really good. Mono is only used for running legacy .NET code that isn't updated to Core and is Windows specific and never released for any other platform other than Windows by MS themselves (but is legacy and deprecated even on Windows.)

            So the future of .NET on Linux is very bright, but not because Mono is improving, but because the need for it was eliminated.

            F 1 Reply Last reply Reply Quote 0
            • F
              flaxking @scottalanmiller
              last edited by

              @scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

              @JaredBusch said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

              Stop pushing your conspiracy theories without proof.

              1. This shows a misunderstanding of what a conspiracy is.
              2. The proof is in their software. There's gobs of proof. They 1) make crap that depends on legacy components and 2) go out of their way to push the Windows version when the Linux works really well and is easier to get working properly.

              So neither a conspiracy, and loads of proof. Stop acting like it's crazy to point out the obvious.

              Technical debt + starting using a Microsoft stack is a great way to vendor lock in without any kickbacks.
              It's possible that it is simply the preference of their support team.

              scottalanmillerS 2 Replies Last reply Reply Quote 1
              • S
                Scott Banned
                last edited by

                @JaredBusch Thanks mate! Got it running with your export advice.

                If I am moving an existing installation from Windows, do I just stop here without creating Admin password on the linux machine and move over the files as directed, which will then use my existing Administrator credentials?

                Any JaredBusch guides for setting up Let's Encrypt with ScreenConnect?

                I have tried (and have had people here try) to setup nginx but it never works and it just leads to sobbing. I must have some learning disability which prevents me from understanding reverse proxies.

                scottalanmillerS 2 Replies Last reply Reply Quote 0
                • F
                  flaxking @scottalanmiller
                  last edited by

                  @scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                  @flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                  I've never used Mono but from what I understand the later versions are on par with newer .Net

                  Mono is .NET, just an open source implementation of it. Mono isn't catching up with Microsoft's native .NET (although MS owns Mono I believe, so both are MS), but rather Microsoft long ago released their own .NET Core for Linux which is 100% identical to the one that they make for Windows. This modern .NET Core is cross platform and really, really good. Mono is only used for running legacy .NET code that isn't updated to Core and is Windows specific and never released for any other platform other than Windows by MS themselves (but is legacy and deprecated even on Windows.)

                  So the future of .NET on Linux is very bright, but not because Mono is improving, but because the need for it was eliminated.

                  Yeah, at our shop we would always call .Net Core by it's full name. By .Net I mean the "legacy" framework. I would have put .Net 4.5+, but I'm not 100% sure that's when full compatibily begins, but probably.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @flaxking
                    last edited by

                    @flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                    It's possible that it is simply the preference of their support team.

                    Which is what I assumed. A support team that goes out of their way to promote their preference. The product definitely works really well on Linux, so that it works great, and costs less without taking any money from them, means someone has to be pushing an agenda (likely personal) to get it on Linux.

                    Most obvious things are either a support team that feels Linux needs less support and that their jobs won't be needed, that lack basic support skills and Linux isn't something that they've been taught to support, or they just have fan boi problems like so many people in those positions do and are pushing a bizarre personal agenda for no personal benefit.

                    F 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @flaxking
                      last edited by

                      @flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                      Technical debt + starting using a Microsoft stack is a great way to vendor lock in without any kickbacks.

                      For sure, but that's didn't happen here. There is loads of technical debt, for sure. But there is no lock in. All of the "issues" come from support team statements, not the product or product teams.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @Scott
                        last edited by

                        @Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                        Any JaredBusch guides for setting up Let's Encrypt with ScreenConnect?
                        I have tried (and have had people here try) to setup nginx but it never works and it just leads to sobbing. I must have some learning disability which prevents me from understanding reverse proxies.

                        Don't think of it as "for ScreenConnect." It's just standard Nginx. Nginx doesn't care what product is behind it. That might not seem like it makes it a lot easier, but it does because any research into how to do it with SC will lead to no results.

                        JaredBuschJ S 2 Replies Last reply Reply Quote 1
                        • F
                          flaxking @scottalanmiller
                          last edited by

                          @scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                          @flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                          @scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                          @flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                          I've heard some bad reports about running screenconnect on Linux. Probably due to the fact it relies on Mono for .Net, rather than actually being initially developed for Linux.

                          No, the issue is more marketing than actual issues. We've run on both Windows and Linux and all things considered, it's been better on Linux. All the issues come from it being poorly written for legacy .NET and not updated to current .NET, but not really an issue. .NET itself is cross platform and no more Windows than Linux. But it's written for legacy, and needs Mono to deal with that, but Mono does so just fine.

                          But because of Nginx, SC is actually quite significantly better on Linux than on Windows. Lower cost, better performance (at the same price point.)

                          I think the issue I was thinking of was this one https://control.product.connectwise.com/communities/6/topics/1691-tls-13-seems-to-breaks-screenconnect-when-using-ssl-on-mono

                          So I think at this point reverse proxy ssl termination should probably be considered the best way to run it on Linux, which is pretty standard for a lot of web apps.

                          FTFY

                          Having SSL offloaded to a reverse proxy would be the expected way to run anything like this in production. If you aren't doing this on Windows, you aren't treating the Windows install as seriously as the Linux one. The expected deployment method for this on Windows would still be to have Nginx (or similar) in front of it, generally on Linux. So the parts that you are finding most challenging are identical regardless of how you install SC itself, the reverse proxy is equally standard, and equally likely to be on Linux.

                          That they have an issue with SSL on Mono is really neither here nor there. That's the wrong place for SSL termination to be. And I know people running SC on Windows that can't get SSL working too. It's not just a Mono issue, maybe a different issue, but SC support wasn't able to help. So they need Linux there, even for Windows installs. The SSL issue with Mono is like running something like NodeJS. You don't put SSL encryption in the app itself, you put it in front. Like you said, it's a standard pattern.

                          Good fix.

                          1 Reply Last reply Reply Quote 1
                          • JaredBuschJ
                            JaredBusch @scottalanmiller
                            last edited by JaredBusch

                            @scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                            @Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                            Any JaredBusch guides for setting up Let's Encrypt with ScreenConnect?
                            I have tried (and have had people here try) to setup nginx but it never works and it just leads to sobbing. I must have some learning disability which prevents me from understanding reverse proxies.

                            Don't think of it as "for ScreenConnect." It's just standard Nginx. Nginx doesn't care what product is behind it. That might not seem like it makes it a lot easier, but it does because any research into how to do it with SC will lead to no results.

                            But I do specifically mention ScreenConnect in one of my Nginx guides because of needing to inform SELinux about the port.

                            Let me go find it.
                            Edit: Here it is.

                            JaredBuschJ 1 Reply Last reply Reply Quote 2
                            • F
                              flaxking @scottalanmiller
                              last edited by

                              @scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                              @flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                              It's possible that it is simply the preference of their support team.

                              Which is what I assumed. A support team that goes out of their way to promote their preference. The product definitely works really well on Linux, so that it works great, and costs less without taking any money from them, means someone has to be pushing an agenda (likely personal) to get it on Linux.

                              Most obvious things are either a support team that feels Linux needs less support and that their jobs won't be needed, that lack basic support skills and Linux isn't something that they've been taught to support, or they just have fan boi problems like so many people in those positions do and are pushing a bizarre personal agenda for no personal benefit.

                              I'd go with #2. They're probably not well enough trained to be able to support actual production environments, and so they want to support installs that are in production use but not actually being treated like a production environment.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • JaredBuschJ
                                JaredBusch @JaredBusch
                                last edited by JaredBusch

                                @JaredBusch said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                                @scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                                @Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                                Any JaredBusch guides for setting up Let's Encrypt with ScreenConnect?
                                I have tried (and have had people here try) to setup nginx but it never works and it just leads to sobbing. I must have some learning disability which prevents me from understanding reverse proxies.

                                Don't think of it as "for ScreenConnect." It's just standard Nginx. Nginx doesn't care what product is behind it. That might not seem like it makes it a lot easier, but it does because any research into how to do it with SC will lead to no results.

                                But I do specifically mention ScreenConnect in one of my Nginx guides because of needing to inform SELinux about the port.

                                Let me go find it.
                                Edit: Here it is.

                                Mentioned because ScreenConnect talks on Port 8040 for HTTP(S). Obviously port 8041 (the session data) does not go through the proxy. That is port fowarded directly.

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @flaxking
                                  last edited by

                                  @flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                                  I'd go with #2. They're probably not well enough trained to be able to support actual production environments, and so they want to support installs that are in production use but not actually being treated like a production environment.

                                  Which would be kind of the worst thing... they are being encouraged or even told outright to promote non-production ready installations!

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    Scott Banned @scottalanmiller
                                    last edited by

                                    @scottalanmiller Yes, well I can't get nginx working regardless of why, who, or what is involved. I do not understand it and cannot seem to learn it. Which is why I am pleading for help with an alternative. Like Let's Encrypt.

                                    Telling me "it's just standard Nginx" makes me feel like more of a fool because I can't get "just standard nginx" working.

                                    Right now I don't give a shit about whether this or that is the preferred way or if there is some conspiracy theory afoot regarding Windows and Linux.

                                    I just need https functioning on my on-premises ScreenConnect server.

                                    DashrenderD scottalanmillerS 4 Replies Last reply Reply Quote -2
                                    • DashrenderD
                                      Dashrender @Scott
                                      last edited by

                                      @Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                                      @scottalanmiller Yes, well I can't get nginx working regardless of why, who, or what is involved. I do not understand it and cannot seem to learn it. Which is why I am pleading for help with an alternative. Like Let's Encrypt.

                                      Telling me "it's just standard Nginx" makes me feel like more of a fool because I can't get "just standard nginx" working.

                                      Right now I don't give a shit about whether this or that is the preferred way or if there is some conspiracy theory afoot regarding Windows and Linux.

                                      I just need https functioning on my on-premises ScreenConnect server.

                                      How about starting a thread asking for help with nginx?

                                      Tell us your setup, show a sanitized nginx config file...

                                      S 1 Reply Last reply Reply Quote 2
                                      • S
                                        Scott Banned @Dashrender
                                        last edited by

                                        @Dashrender Because I am asking for help with Let's Encrypt.

                                        My set up is a Fedora 30 machine that I want to get Let's Encrypt working for https on my ScreenConnect server.

                                        nginx is not running because (I feel like I have said this before) I CANNOT GET IT TO WORK. I have had people on this forum help me via telephone, email and chat and they have not been able to get it running either.

                                        There is no sanitized nginx file. Attempts to get it running by following Jared Busch's guide yield permissions errors. I cannot create a file where he suggest and I do not know enough about linux to make it work.

                                        Is there anyone here running ScreenConnect with Let's Encrypt for https? (I will leave it on the Windows machine if I have to; moving to Linux was recommended because "it is easier.")

                                        JaredBuschJ scottalanmillerS 3 Replies Last reply Reply Quote -2
                                        • JaredBuschJ
                                          JaredBusch @Scott
                                          last edited by

                                          @Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:

                                          Is there anyone here running ScreenConnect with Let's Encrypt for https? (I will leave it on the Windows machine if I have to; moving to Linux was recommended because "it is easier.")

                                          I am sure someone does, but no. You will not find people doing it because it uses it's own self contained piece of shit based on IIS.

                                          https://docs.connectwise.com/ConnectWise_Control_Documentation/On-premises/On-premises_knowledge_base/Server_architecture

                                          So stop complaining that shit doesn't work and figure out WTF you are doing wrong. I know for a fact that my guide for setting up Nginx works fine. I've done it a couple of times this year already for new setups.

                                          1 Reply Last reply Reply Quote 1
                                          • S
                                            Scott Banned
                                            last edited by

                                            Thank you all for your help.

                                            I am obviously out of my league and do not belong here.

                                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 2 / 3
                                            • First post
                                              Last post