Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?
-
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@JaredBusch said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Stop pushing your conspiracy theories without proof.
- This shows a misunderstanding of what a conspiracy is.
- The proof is in their software. There's gobs of proof. They 1) make crap that depends on legacy components and 2) go out of their way to push the Windows version when the Linux works really well and is easier to get working properly.
So neither a conspiracy, and loads of proof. Stop acting like it's crazy to point out the obvious.
Technical debt + starting using a Microsoft stack is a great way to vendor lock in without any kickbacks.
It's possible that it is simply the preference of their support team. -
@JaredBusch Thanks mate! Got it running with your export advice.
If I am moving an existing installation from Windows, do I just stop here without creating Admin password on the linux machine and move over the files as directed, which will then use my existing Administrator credentials?
Any JaredBusch guides for setting up Let's Encrypt with ScreenConnect?
I have tried (and have had people here try) to setup nginx but it never works and it just leads to sobbing. I must have some learning disability which prevents me from understanding reverse proxies.
-
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
I've never used Mono but from what I understand the later versions are on par with newer .Net
Mono is .NET, just an open source implementation of it. Mono isn't catching up with Microsoft's native .NET (although MS owns Mono I believe, so both are MS), but rather Microsoft long ago released their own .NET Core for Linux which is 100% identical to the one that they make for Windows. This modern .NET Core is cross platform and really, really good. Mono is only used for running legacy .NET code that isn't updated to Core and is Windows specific and never released for any other platform other than Windows by MS themselves (but is legacy and deprecated even on Windows.)
So the future of .NET on Linux is very bright, but not because Mono is improving, but because the need for it was eliminated.
Yeah, at our shop we would always call .Net Core by it's full name. By .Net I mean the "legacy" framework. I would have put .Net 4.5+, but I'm not 100% sure that's when full compatibily begins, but probably.
-
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
It's possible that it is simply the preference of their support team.
Which is what I assumed. A support team that goes out of their way to promote their preference. The product definitely works really well on Linux, so that it works great, and costs less without taking any money from them, means someone has to be pushing an agenda (likely personal) to get it on Linux.
Most obvious things are either a support team that feels Linux needs less support and that their jobs won't be needed, that lack basic support skills and Linux isn't something that they've been taught to support, or they just have fan boi problems like so many people in those positions do and are pushing a bizarre personal agenda for no personal benefit.
-
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Technical debt + starting using a Microsoft stack is a great way to vendor lock in without any kickbacks.
For sure, but that's didn't happen here. There is loads of technical debt, for sure. But there is no lock in. All of the "issues" come from support team statements, not the product or product teams.
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Any JaredBusch guides for setting up Let's Encrypt with ScreenConnect?
I have tried (and have had people here try) to setup nginx but it never works and it just leads to sobbing. I must have some learning disability which prevents me from understanding reverse proxies.Don't think of it as "for ScreenConnect." It's just standard Nginx. Nginx doesn't care what product is behind it. That might not seem like it makes it a lot easier, but it does because any research into how to do it with SC will lead to no results.
-
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
I've heard some bad reports about running screenconnect on Linux. Probably due to the fact it relies on Mono for .Net, rather than actually being initially developed for Linux.
No, the issue is more marketing than actual issues. We've run on both Windows and Linux and all things considered, it's been better on Linux. All the issues come from it being poorly written for legacy .NET and not updated to current .NET, but not really an issue. .NET itself is cross platform and no more Windows than Linux. But it's written for legacy, and needs Mono to deal with that, but Mono does so just fine.
But because of Nginx, SC is actually quite significantly better on Linux than on Windows. Lower cost, better performance (at the same price point.)
I think the issue I was thinking of was this one https://control.product.connectwise.com/communities/6/topics/1691-tls-13-seems-to-breaks-screenconnect-when-using-ssl-on-mono
So I think at this point reverse proxy ssl termination should probably be considered the best way to run it
on Linux, which is pretty standard for a lot of web apps.FTFY
Having SSL offloaded to a reverse proxy would be the expected way to run anything like this in production. If you aren't doing this on Windows, you aren't treating the Windows install as seriously as the Linux one. The expected deployment method for this on Windows would still be to have Nginx (or similar) in front of it, generally on Linux. So the parts that you are finding most challenging are identical regardless of how you install SC itself, the reverse proxy is equally standard, and equally likely to be on Linux.
That they have an issue with SSL on Mono is really neither here nor there. That's the wrong place for SSL termination to be. And I know people running SC on Windows that can't get SSL working too. It's not just a Mono issue, maybe a different issue, but SC support wasn't able to help. So they need Linux there, even for Windows installs. The SSL issue with Mono is like running something like NodeJS. You don't put SSL encryption in the app itself, you put it in front. Like you said, it's a standard pattern.
Good fix.
-
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Any JaredBusch guides for setting up Let's Encrypt with ScreenConnect?
I have tried (and have had people here try) to setup nginx but it never works and it just leads to sobbing. I must have some learning disability which prevents me from understanding reverse proxies.Don't think of it as "for ScreenConnect." It's just standard Nginx. Nginx doesn't care what product is behind it. That might not seem like it makes it a lot easier, but it does because any research into how to do it with SC will lead to no results.
But I do specifically mention ScreenConnect in one of my Nginx guides because of needing to inform SELinux about the port.
Let me go find it.
Edit: Here it is. -
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
It's possible that it is simply the preference of their support team.
Which is what I assumed. A support team that goes out of their way to promote their preference. The product definitely works really well on Linux, so that it works great, and costs less without taking any money from them, means someone has to be pushing an agenda (likely personal) to get it on Linux.
Most obvious things are either a support team that feels Linux needs less support and that their jobs won't be needed, that lack basic support skills and Linux isn't something that they've been taught to support, or they just have fan boi problems like so many people in those positions do and are pushing a bizarre personal agenda for no personal benefit.
I'd go with #2. They're probably not well enough trained to be able to support actual production environments, and so they want to support installs that are in production use but not actually being treated like a production environment.
-
@JaredBusch said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Any JaredBusch guides for setting up Let's Encrypt with ScreenConnect?
I have tried (and have had people here try) to setup nginx but it never works and it just leads to sobbing. I must have some learning disability which prevents me from understanding reverse proxies.Don't think of it as "for ScreenConnect." It's just standard Nginx. Nginx doesn't care what product is behind it. That might not seem like it makes it a lot easier, but it does because any research into how to do it with SC will lead to no results.
But I do specifically mention ScreenConnect in one of my Nginx guides because of needing to inform SELinux about the port.
Let me go find it.
Edit: Here it is.Mentioned because ScreenConnect talks on Port 8040 for HTTP(S). Obviously port 8041 (the session data) does not go through the proxy. That is port fowarded directly.
-
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
I'd go with #2. They're probably not well enough trained to be able to support actual production environments, and so they want to support installs that are in production use but not actually being treated like a production environment.
Which would be kind of the worst thing... they are being encouraged or even told outright to promote non-production ready installations!
-
@scottalanmiller Yes, well I can't get nginx working regardless of why, who, or what is involved. I do not understand it and cannot seem to learn it. Which is why I am pleading for help with an alternative. Like Let's Encrypt.
Telling me "it's just standard Nginx" makes me feel like more of a fool because I can't get "just standard nginx" working.
Right now I don't give a shit about whether this or that is the preferred way or if there is some conspiracy theory afoot regarding Windows and Linux.
I just need https functioning on my on-premises ScreenConnect server.
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@scottalanmiller Yes, well I can't get nginx working regardless of why, who, or what is involved. I do not understand it and cannot seem to learn it. Which is why I am pleading for help with an alternative. Like Let's Encrypt.
Telling me "it's just standard Nginx" makes me feel like more of a fool because I can't get "just standard nginx" working.
Right now I don't give a shit about whether this or that is the preferred way or if there is some conspiracy theory afoot regarding Windows and Linux.
I just need https functioning on my on-premises ScreenConnect server.
How about starting a thread asking for help with nginx?
Tell us your setup, show a sanitized nginx config file...
-
@Dashrender Because I am asking for help with Let's Encrypt.
My set up is a Fedora 30 machine that I want to get Let's Encrypt working for https on my ScreenConnect server.
nginx is not running because (I feel like I have said this before) I CANNOT GET IT TO WORK. I have had people on this forum help me via telephone, email and chat and they have not been able to get it running either.
There is no sanitized nginx file. Attempts to get it running by following Jared Busch's guide yield permissions errors. I cannot create a file where he suggest and I do not know enough about linux to make it work.
Is there anyone here running ScreenConnect with Let's Encrypt for https? (I will leave it on the Windows machine if I have to; moving to Linux was recommended because "it is easier.")
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Is there anyone here running ScreenConnect with Let's Encrypt for https? (I will leave it on the Windows machine if I have to; moving to Linux was recommended because "it is easier.")
I am sure someone does, but no. You will not find people doing it because it uses it's own self contained piece of shit based on IIS.
So stop complaining that shit doesn't work and figure out WTF you are doing wrong. I know for a fact that my guide for setting up Nginx works fine. I've done it a couple of times this year already for new setups.
-
Thank you all for your help.
I am obviously out of my league and do not belong here.
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Yes, well I can't get nginx working regardless of why, who, or what is involved. I do not understand it and cannot seem to learn it. Which is why I am pleading for help with an alternative. Like Let's Encrypt.
Lets Encrypt is not an alternative. Nginx is what you use to get Lets Encrypt. LE is your certification authority. Nginx is the service that utilizes that certificate.
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Telling me "it's just standard Nginx" makes me feel like more of a fool because I can't get "just standard nginx" working.
It should not make you feel like a fool, I'm trying to explain how to find the right resources. It was getting much harder for you because you were looking for the answer in the wrong place. The SSL process is handled by Nginx, not ScreenConnect, so the issue must be resolved in Nginx and searching for SC resources will lead you to believing that it is far harder than it is.
If Nginx is the issue, then ask for help with that and we will help. That's where we've been trying to get to on the thread, so that you'd know where to look for for the solution. Windows, Linux... they don't matter because the LE cert isn't on the SC server, which the piece that has Windows or Linux options.
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
My set up is a Fedora 30 machine that I want to get Let's Encrypt working for https on my ScreenConnect server.
This is the problem. That's not where LE goes. Hence why this seems so hard. You can't just state that you want it there and have it happen. You need something that can handle LE for you. None of us could make it do what you are trying to do either.
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Is there anyone here running ScreenConnect with Let's Encrypt for https?
Seems unlikely as this would be less safe, and way more work than doing it with Nginx. I know you are feeling frustrated with Nginx, but because you are doing something "harder" than the thing you are frustrated by, you are making yourself way more frustrated than you should be. Running your own SC server is a pain in the butt under regular conditions. We do this for other companies specifically because it is such a pain that MSPs regularly hire this out. It's several moving parts, many of which are undocumented (officially) and a bit complex and don't relate to one another.
If Nginx is proving to be too much to tackle, then there is no simpler alternative. That's the easiest approach. That's not a criticism, it's just "if the easiest option is too hard, harder options don't get easier." I understand that you don't want to keep pushing on Nginx, but in doing so, you are guaranteeing that you are going to spin your wheels and get frustrated because that's the only truly viable approach here.