Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?
-
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
I've heard some bad reports about running screenconnect on Linux. Probably due to the fact it relies on Mono for .Net, rather than actually being initially developed for Linux.
No, the issue is more marketing than actual issues. We've run on both Windows and Linux and all things considered, it's been better on Linux. All the issues come from it being poorly written for legacy .NET and not updated to current .NET, but not really an issue. .NET itself is cross platform and no more Windows than Linux. But it's written for legacy, and needs Mono to deal with that, but Mono does so just fine.
But because of Nginx, SC is actually quite significantly better on Linux than on Windows. Lower cost, better performance (at the same price point.)
I think the issue I was thinking of was this one https://control.product.connectwise.com/communities/6/topics/1691-tls-13-seems-to-breaks-screenconnect-when-using-ssl-on-mono
So I think at this point reverse proxy ssl termination should probably be considered the best way to run it
on Linux, which is pretty standard for a lot of web apps.FTFY
Having SSL offloaded to a reverse proxy would be the expected way to run anything like this in production. If you aren't doing this on Windows, you aren't treating the Windows install as seriously as the Linux one. The expected deployment method for this on Windows would still be to have Nginx (or similar) in front of it, generally on Linux. So the parts that you are finding most challenging are identical regardless of how you install SC itself, the reverse proxy is equally standard, and equally likely to be on Linux.
That they have an issue with SSL on Mono is really neither here nor there. That's the wrong place for SSL termination to be. And I know people running SC on Windows that can't get SSL working too. It's not just a Mono issue, maybe a different issue, but SC support wasn't able to help. So they need Linux there, even for Windows installs. The SSL issue with Mono is like running something like NodeJS. You don't put SSL encryption in the app itself, you put it in front. Like you said, it's a standard pattern.
Good fix.
-
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Any JaredBusch guides for setting up Let's Encrypt with ScreenConnect?
I have tried (and have had people here try) to setup nginx but it never works and it just leads to sobbing. I must have some learning disability which prevents me from understanding reverse proxies.Don't think of it as "for ScreenConnect." It's just standard Nginx. Nginx doesn't care what product is behind it. That might not seem like it makes it a lot easier, but it does because any research into how to do it with SC will lead to no results.
But I do specifically mention ScreenConnect in one of my Nginx guides because of needing to inform SELinux about the port.
Let me go find it.
Edit: Here it is. -
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
It's possible that it is simply the preference of their support team.
Which is what I assumed. A support team that goes out of their way to promote their preference. The product definitely works really well on Linux, so that it works great, and costs less without taking any money from them, means someone has to be pushing an agenda (likely personal) to get it on Linux.
Most obvious things are either a support team that feels Linux needs less support and that their jobs won't be needed, that lack basic support skills and Linux isn't something that they've been taught to support, or they just have fan boi problems like so many people in those positions do and are pushing a bizarre personal agenda for no personal benefit.
I'd go with #2. They're probably not well enough trained to be able to support actual production environments, and so they want to support installs that are in production use but not actually being treated like a production environment.
-
@JaredBusch said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Any JaredBusch guides for setting up Let's Encrypt with ScreenConnect?
I have tried (and have had people here try) to setup nginx but it never works and it just leads to sobbing. I must have some learning disability which prevents me from understanding reverse proxies.Don't think of it as "for ScreenConnect." It's just standard Nginx. Nginx doesn't care what product is behind it. That might not seem like it makes it a lot easier, but it does because any research into how to do it with SC will lead to no results.
But I do specifically mention ScreenConnect in one of my Nginx guides because of needing to inform SELinux about the port.
Let me go find it.
Edit: Here it is.Mentioned because ScreenConnect talks on Port 8040 for HTTP(S). Obviously port 8041 (the session data) does not go through the proxy. That is port fowarded directly.
-
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
I'd go with #2. They're probably not well enough trained to be able to support actual production environments, and so they want to support installs that are in production use but not actually being treated like a production environment.
Which would be kind of the worst thing... they are being encouraged or even told outright to promote non-production ready installations!
-
@scottalanmiller Yes, well I can't get nginx working regardless of why, who, or what is involved. I do not understand it and cannot seem to learn it. Which is why I am pleading for help with an alternative. Like Let's Encrypt.
Telling me "it's just standard Nginx" makes me feel like more of a fool because I can't get "just standard nginx" working.
Right now I don't give a shit about whether this or that is the preferred way or if there is some conspiracy theory afoot regarding Windows and Linux.
I just need https functioning on my on-premises ScreenConnect server.
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@scottalanmiller Yes, well I can't get nginx working regardless of why, who, or what is involved. I do not understand it and cannot seem to learn it. Which is why I am pleading for help with an alternative. Like Let's Encrypt.
Telling me "it's just standard Nginx" makes me feel like more of a fool because I can't get "just standard nginx" working.
Right now I don't give a shit about whether this or that is the preferred way or if there is some conspiracy theory afoot regarding Windows and Linux.
I just need https functioning on my on-premises ScreenConnect server.
How about starting a thread asking for help with nginx?
Tell us your setup, show a sanitized nginx config file...
-
@Dashrender Because I am asking for help with Let's Encrypt.
My set up is a Fedora 30 machine that I want to get Let's Encrypt working for https on my ScreenConnect server.
nginx is not running because (I feel like I have said this before) I CANNOT GET IT TO WORK. I have had people on this forum help me via telephone, email and chat and they have not been able to get it running either.
There is no sanitized nginx file. Attempts to get it running by following Jared Busch's guide yield permissions errors. I cannot create a file where he suggest and I do not know enough about linux to make it work.
Is there anyone here running ScreenConnect with Let's Encrypt for https? (I will leave it on the Windows machine if I have to; moving to Linux was recommended because "it is easier.")
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Is there anyone here running ScreenConnect with Let's Encrypt for https? (I will leave it on the Windows machine if I have to; moving to Linux was recommended because "it is easier.")
I am sure someone does, but no. You will not find people doing it because it uses it's own self contained piece of shit based on IIS.
So stop complaining that shit doesn't work and figure out WTF you are doing wrong. I know for a fact that my guide for setting up Nginx works fine. I've done it a couple of times this year already for new setups.
-
Thank you all for your help.
I am obviously out of my league and do not belong here.
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Yes, well I can't get nginx working regardless of why, who, or what is involved. I do not understand it and cannot seem to learn it. Which is why I am pleading for help with an alternative. Like Let's Encrypt.
Lets Encrypt is not an alternative. Nginx is what you use to get Lets Encrypt. LE is your certification authority. Nginx is the service that utilizes that certificate.
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Telling me "it's just standard Nginx" makes me feel like more of a fool because I can't get "just standard nginx" working.
It should not make you feel like a fool, I'm trying to explain how to find the right resources. It was getting much harder for you because you were looking for the answer in the wrong place. The SSL process is handled by Nginx, not ScreenConnect, so the issue must be resolved in Nginx and searching for SC resources will lead you to believing that it is far harder than it is.
If Nginx is the issue, then ask for help with that and we will help. That's where we've been trying to get to on the thread, so that you'd know where to look for for the solution. Windows, Linux... they don't matter because the LE cert isn't on the SC server, which the piece that has Windows or Linux options.
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
My set up is a Fedora 30 machine that I want to get Let's Encrypt working for https on my ScreenConnect server.
This is the problem. That's not where LE goes. Hence why this seems so hard. You can't just state that you want it there and have it happen. You need something that can handle LE for you. None of us could make it do what you are trying to do either.
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Is there anyone here running ScreenConnect with Let's Encrypt for https?
Seems unlikely as this would be less safe, and way more work than doing it with Nginx. I know you are feeling frustrated with Nginx, but because you are doing something "harder" than the thing you are frustrated by, you are making yourself way more frustrated than you should be. Running your own SC server is a pain in the butt under regular conditions. We do this for other companies specifically because it is such a pain that MSPs regularly hire this out. It's several moving parts, many of which are undocumented (officially) and a bit complex and don't relate to one another.
If Nginx is proving to be too much to tackle, then there is no simpler alternative. That's the easiest approach. That's not a criticism, it's just "if the easiest option is too hard, harder options don't get easier." I understand that you don't want to keep pushing on Nginx, but in doing so, you are guaranteeing that you are going to spin your wheels and get frustrated because that's the only truly viable approach here.
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
I just need https functioning on my on-premises ScreenConnect server.
Then listen to the advice. There is one and just one way to get this reasonably working.... Nginx. Every time you mention LE on SC, or not wanting to use Nginx what you are actually saying is "I am going to intentionally making this unreasonably hard just because I want to." There is no magic "make it work" button. You are acting like we are pushing an agenda to promote a product, but we are not. We are all telling you the same, unified message: that there is one surmountable means of doing this and it is by using Nginx. Alternatives exist, but they are much harder.
All attempted to circumvent doing this the "known way" are guaranteed to make this way harder than necessary. So, if your statement is true, you should be focused on Nginx and nothing else. Your questions and attempts have to be there, and only there.
So to us, we are getting conflicting messages. You can't have it both ways "just getting it working" and "don't want to use Nginx". You have to choose one.
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
I have tried (and have had people here try) to setup nginx but it never works and it just leads to sobbing.
This is something you can hire out really easily. People like @JaredBusch do this for people all of the time. It's the kind of thing you can just pay someone to do once and it's done for you. Having a reverse proxy up and running is quick for someone who knows the system and then you have a system that really maintains itself, just set it for automatic updates.
No one is claiming that Nginx is easy. Just have someone take care of this one little piece for you.
-
To ask has anyone here wrote a guide on how to setup nginx and SC from the ground up?
I think the biggest problem is the lack of concise documentation for nginx. So why not have someone who's familiar with the process write a how-to?
-
@DustinB3403 said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
To ask has anyone here wrote a guide on how to setup nginx and SC from the ground up?
I think Jared has, but both pieces are definitely documented in the community. What's been followed or tried hasn't been mentioned. That makes it really hard because there doesn't seem to be any questions asked until frustration set it and the documented process was abandoned. So by the time the community tried to help, it was already too late.
-
@DustinB3403 said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
So why not have someone who's familiar with the process write a how-to?
There you go.
-
@Scott I went through all of your questions historically and never once have you asked for help with Nginx in this context, or any other. I'm confused as to how we got to the point of abandoning the stock approach to start down a path that was guaranteed to lead to despair, when you didn't even ask for casual community assistance. Had you asked, any number of us could have just posted our "just works" configuration files; which we just did.
I'm not trying to be overly harsh, but it feels like you sabotaged this process from the beginning. You didn't ask the community for guidance on the best approach to take, nor ask how those of us have it working got it working, you didn't ask for help on how to make that process work, and only asked for help once you had decided you wouldn't accept help and "demanded" that only approaches that are extra hard and/or impossible would be considered. You also claimed that getting this working on Windows was easier than Linux, which can only be stated if you at least got it fully working on Windows, but you implied that you could not get it working at all.
So this feels like you posted to disparage the Linux and/or Nginx approaches, but didn't even really try with any earnest. Not even the most casual first step of asking how others had done it. If you were really trying to make this work, why didn't you ask for advice and help? This would have been a really easy thing to have helped with, had you wanted us to find a solution for you. And you glommed really quickly onto the discussion on Linux or Windows, which was unrelated to your issue and affected you not at all, as if it was core to your problem and some kind of frustration - which makes it doubly feel like you were setting us up to look unhelpful, when you never really gave us the slightest option to be of assistance.