New Options & Pricing from ScreenConnect
-
Any one have instructions on how to add Lets Encrypt SSL to "on-prem" SC install?
-
@jaredbusch said in New Options & Pricing from ScreenConnect:
@fateknollogee said in New Options & Pricing from ScreenConnect:
@JaredBusch Did you end up moving your SC install from 2012 R2 to Linux?
Yes.
You notice any performance difference or was it more of a licensing cost issue?
-
@fateknollogee said in New Options & Pricing from ScreenConnect:
Any one have instructions on how to add Lets Encrypt SSL to "on-prem" SC install?
Mine runs behind an Nginx proxy, so no.
-
@fateknollogee said in New Options & Pricing from ScreenConnect:
@jaredbusch said in New Options & Pricing from ScreenConnect:
@fateknollogee said in New Options & Pricing from ScreenConnect:
@JaredBusch Did you end up moving your SC install from 2012 R2 to Linux?
Yes.
You notice any performance difference or was it more of a licensing cost issue?
It was all because of licensing. Actually the performance is worse on Linux (I used CentOS 7 at the time) than it is on Windows. This is because they develop this product on Windows with ASP.net and then ported it to Linux using Mono.
-
@jaredbusch said in New Options & Pricing from ScreenConnect:
Mine runs behind an Nginx proxy, so no.
Is this the "preferred" way to run it?
-
@fateknollogee said in New Options & Pricing from ScreenConnect:
@jaredbusch said in New Options & Pricing from ScreenConnect:
Mine runs behind an Nginx proxy, so no.
Is this the "preferred" way to run it?
Well because I run a large number of things in a colo behind a single IP, I have to do it this way. If I was running this on a VPS like Vultr, I would not likely bother with the proxy unless adding SSL was complicated or something.
-
@FATeknollogee I knew ScreenConnect did not use Apache or Nginx, and so yeah using LE will not work out well.
So I just did a quick bit of looking, you have to use their tool to generate a CSR and such.
https://docs.connectwise.com/ConnectWise_Control_Documentation/On-premises/Advanced_setup/SSL_certificate_installation
This is a pain in the ass.So, here is what I would do.
- Install ScreenConnect and leave on default ports (8040 for HTTP and 8041 Relay).
- Remember the relay data is always encrypted by the app itself, there is no cert there.
- Run Certbot in standalone mode to get your LE cert
- Install Nginx on the same box and configure
- forward 80 to 443
- setup 443 to use the LE cert and forward 443 to http://127.0.0.1:8040
- Setup a cron job to run
certbot renew
daily.
- Install ScreenConnect and leave on default ports (8040 for HTTP and 8041 Relay).
-
@JaredBusch Thanks for the detailed info!!
-
I wish there was just a little more competition in this area...
-
@mike-davis me too