Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?
-
As the title suggests, I would like to install ScreenConnect on-premises 2019.2 on Fedora 30 and enable Let's Encrypt for SSL.
I am moving from an existing on-premises installation running on Windows for which I was never able to get SSL working.
Does anyone have a guide for this? ScreenConnect support says they will not give support for Let's Encrypt. They also say it is easier to stay on Windows.
I tried installing ScreenConnect server on Fedora 30 only to get myriad unhandled exception errors for which ScreenConnect support suggests I create a ticket on Fedora forums.
Surely, someone has got ScreenConnect with Let's Encrypt running on Fedora 30?
-
People probably use nginx for the ssl termination instead in order to use Let's Encrypt.
I've heard some bad reports about running screenconnect on Linux. Probably due to the fact it relies on Mono for .Net, rather than actually being initially developed for Linux.
-
@ flaxking
Thanks mate. I have tried nginx and just don't understand it and can't get it to work.
And I have heard it is easier to run this whole shebang on Linux. Which in my experience isn't true either.
Either way, without proper SSL, ScreenConnect can't be anything more than a hobby application for me.
-
Correct. I use Nginx in front of ScreenConnect
-
It's just the web portal that's not encrypted without an ssl certificate, so it depends on how you're using screenconnect to determine what kind of risk that is.
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
They also say it is easier to stay on Windows.
They seem to get a kickback. They go SO far out of their way to push Windows, even though it doesn't directly help them. And we've seen more issues with customers running it on Windows than on Linux.
-
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
It's just the web portal that's not encrypted without an ssl certificate, so it depends on how you're using screenconnect to determine what kind of risk that is.
Also correct. All agent to server communications is encrypted always.
-
It is super simple to install on Fedora. There was a single
EXPORTcommand needed (still is). -
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
I've heard some bad reports about running screenconnect on Linux. Probably due to the fact it relies on Mono for .Net, rather than actually being initially developed for Linux.
No, the issue is more marketing than actual issues. We've run on both Windows and Linux and all things considered, it's been better on Linux. All the issues come from it being poorly written for legacy .NET and not updated to current .NET, but not really an issue. .NET itself is cross platform and no more Windows than Linux. But it's written for legacy, and needs Mono to deal with that, but Mono does so just fine.
But because of Nginx, SC is actually quite significantly better on Linux than on Windows. Lower cost, better performance (at the same price point.)
-
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
And I have heard it is easier to run this whole shebang on Linux. Which in my experience isn't true either.
What we've found is that it is easier to get limping along in Windows, but easier to get to production on Linux. Until you've had both to 100% functionality, you can't really compare
We've done both several times (we do SC hosting for clients) and while neither is great, we've found Linux to be consistently the better option. We have both Fedora and CentOS in production, but recommend Fedora. -
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
It's just the web portal that's not encrypted without an ssl certificate, so it depends on how you're using screenconnect to determine what kind of risk that is.
Which includes your username and password, though. So not great.
-
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
I've heard some bad reports about running screenconnect on Linux. Probably due to the fact it relies on Mono for .Net, rather than actually being initially developed for Linux.
No, the issue is more marketing than actual issues. We've run on both Windows and Linux and all things considered, it's been better on Linux. All the issues come from it being poorly written for legacy .NET and not updated to current .NET, but not really an issue. .NET itself is cross platform and no more Windows than Linux. But it's written for legacy, and needs Mono to deal with that, but Mono does so just fine.
But because of Nginx, SC is actually quite significantly better on Linux than on Windows. Lower cost, better performance (at the same price point.)
I think the issue I was thinking of was this one https://control.product.connectwise.com/communities/6/topics/1691-tls-13-seems-to-breaks-screenconnect-when-using-ssl-on-mono
So I think at this point reverse proxy ssl termination should probably be considered the best way to run it on Linux, which is pretty standard for a lot of web apps.
-
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@Scott said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
They also say it is easier to stay on Windows.
They seem to get a kickback. They go SO far out of their way to push Windows, even though it doesn't directly help them. And we've seen more issues with customers running it on Windows than on Linux.
Stop pushing your conspiracy theories without proof.
Additionally the latest update has a lot of Linux/Mono enhancements according to the release notes. I have not installed it yet.
Their are finally upping their price by 15%. But it has not changed in years and years.
-
@JaredBusch said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Stop pushing your conspiracy theories without proof.
- This shows a misunderstanding of what a conspiracy is.
- The proof is in their software. There's gobs of proof. They 1) make crap that depends on legacy components and 2) go out of their way to push the Windows version when the Linux works really well and is easier to get working properly.
So neither a conspiracy, and loads of proof. Stop acting like it's crazy to point out the obvious.
-
@JaredBusch said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Additionally the latest update has a lot of Linux/Mono enhancements according to the release notes. I have not installed it yet.
Yes, finally. But not updating it to current .NET which would just fix their issues, they are keeping it back on legacy stuff still. Good that they are updating something, but in reality just updating for Windows updates for Linux. Nothing that they are doing suggests that they are doing it for Linux, they are just no longer being as outdated as they were before and Linux gets the obvious benefits of that. Yes, they could have actively blocked it on Linux, but that's what it would have taken.
-
Hmm, I thought screenconnect was trying to wind down on premises sales, was I wrong or did they switch directions? A Mono update is a good sign. I've never used Mono but from what I understand the later versions are on par with newer .Net
-
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
I've heard some bad reports about running screenconnect on Linux. Probably due to the fact it relies on Mono for .Net, rather than actually being initially developed for Linux.
No, the issue is more marketing than actual issues. We've run on both Windows and Linux and all things considered, it's been better on Linux. All the issues come from it being poorly written for legacy .NET and not updated to current .NET, but not really an issue. .NET itself is cross platform and no more Windows than Linux. But it's written for legacy, and needs Mono to deal with that, but Mono does so just fine.
But because of Nginx, SC is actually quite significantly better on Linux than on Windows. Lower cost, better performance (at the same price point.)
I think the issue I was thinking of was this one https://control.product.connectwise.com/communities/6/topics/1691-tls-13-seems-to-breaks-screenconnect-when-using-ssl-on-mono
So I think at this point reverse proxy ssl termination should probably be considered the best way to run it
on Linux, which is pretty standard for a lot of web apps.FTFY
Having SSL offloaded to a reverse proxy would be the expected way to run anything like this in production. If you aren't doing this on Windows, you aren't treating the Windows install as seriously as the Linux one. The expected deployment method for this on Windows would still be to have Nginx (or similar) in front of it, generally on Linux. So the parts that the OP is finding most challenging are identical regardless of how he would install SC itself, the reverse proxy is equally standard, and equally likely to be on Linux.
That they have an issue with SSL on Mono is really neither here nor there. That's the wrong place for SSL termination to be. And I know people running SC on Windows that can't get SSL working too. It's not just a Mono issue, maybe a different issue, but SC support wasn't able to help. So they need Linux there, even for Windows installs. The SSL issue with Mono is like running something like NodeJS. You don't put SSL encryption in the app itself, you put it in front. Like you said, it's a standard pattern.
-
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Hmm, I thought screenconnect was trying to wind down on premises sales, was I wrong or did they switch directions? A Mono update is a good sign.
They were, I think that some amount of updates are just required so they are sticking with it. Surely it shares some code with their hosted app.
-
@flaxking said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
I've never used Mono but from what I understand the later versions are on par with newer .Net
Mono is .NET, just an open source implementation of it. Mono isn't catching up with Microsoft's native .NET (although MS owns Mono I believe, so both are MS), but rather Microsoft long ago released their own .NET Core for Linux which is 100% identical to the one that they make for Windows. This modern .NET Core is cross platform and really, really good. Mono is only used for running legacy .NET code that isn't updated to Core and is Windows specific and never released for any other platform other than Windows by MS themselves (but is legacy and deprecated even on Windows.)
So the future of .NET on Linux is very bright, but not because Mono is improving, but because the need for it was eliminated.
-
@scottalanmiller said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
@JaredBusch said in Has anyone got a guide to installing ScreenConnect on Fedora 30 with Let's Encrypt?:
Stop pushing your conspiracy theories without proof.
- This shows a misunderstanding of what a conspiracy is.
- The proof is in their software. There's gobs of proof. They 1) make crap that depends on legacy components and 2) go out of their way to push the Windows version when the Linux works really well and is easier to get working properly.
So neither a conspiracy, and loads of proof. Stop acting like it's crazy to point out the obvious.
Technical debt + starting using a Microsoft stack is a great way to vendor lock in without any kickbacks.
It's possible that it is simply the preference of their support team.
