In this guide, we will cover the basic server installation. If you are a larger company, consider opting for the advanced server installation.
The server and web console can be installed either in the cloud or in offline environments, depending on your specific requirements.
The network structure will be as follows:
NetLock RMM Basic Server Concept
The agents only perform outgoing connections, so port forwarding is not required on these machines. The web console renders the content server-sided and then sends it to the user’s browser. Therefore, a permanent connection between the web console and user is necessary for operation. The web console communicates either directly with the SQL server or contacts the NetLock remote server through SignalR in cases like using the remote shell and file browser. Ensure the connection between the web console and NetLock remote server is possible. The web console should only be accessible from trusted environments.
The NetLock server comes in six different roles:
Refer to supported operating systems: Supported OS/Distributions
If you already have a MySQL server prepared, you can skip this step.
If you don’t already have a Netlock database, follow these steps:
netlock
First, download the latest version from GitHub: Releases · 0x101-Cyber-Security/NetLock-RMM (github.com)
appsettings.json
file with a text editor of your choice.We strongly recommend enabling HTTPS. If you enable HTTPS, disable HTTP, enable HTTPS, and set force
to true. Also, enable HSTS.
"Kestrel": {
"Endpoint": {
"Http": {
"Enabled": false,
"Port": 80
},
"Https": {
"Enabled": true,
"Port": 443,
"Force": true,
"Hsts": {
"Enabled": true
},
"Certificate": {
"Path": "certificates/certificate.pfx",
"Password": "your-cert-password"
}
}
}
},
For SSL Encryption, add your own certificate, or use the Let’s Encrypt integration to easily retrieve one.
"LettuceEncrypt": {
"Enabled": true,
"AcceptTermsOfService": true,
"DomainNames": [ "demo.netlockrmm.com" ],
"EmailAddress": "nico.mak@0x101-cyber-security.de",
"AllowedChallengeTypes": "Http01, TlsAlpn01, Dns01"
},
Configure your MySQL Server. Ensure that the database exists; the Web Console will create the necessary tables itself. If your MySQL server is on the same machine, you may want to add AllowPublicKeyRetrieval=True;
to the AdditionalConnectionParameters
to prevent connection issues after your system has rebooted.
"MySQL": {
"Server": "127.0.0.1",
"Port": 3306,
"Database": "netlock",
"User": "root",
"Password": "Bochum234",
"SslMode": "None",
"AdditionalConnectionParameters": ""
},
Since the web console communicates with the NetLock RMM Server through SignalR, you need to ensure that the web console can connect to the remote & file server. Set UseSSL
to true
and change the port to the SSL port if the NetLock RMM Server uses SSL.
"NetLock_Remote_Server": {
"Server": "127.0.0.1",
"Port": 7433,
"UseSSL": true
},
"NetLock_File_Server": {
"Server": "127.0.0.1",
"Port": 7433,
"UseSSL": true
},
The web console currently supports de-DE
(German) and en-US
(English). In this example, en-US
is configured.
"Webinterface": {
"Title": "Your company name",
"Language": "en-US",
"Membership_Reminder": false,
"Default_Package_Configuration": {
"ssl": true,
"communication_servers": "ip/hostname:port",
"remote_servers": "ip/hostname:port",
"update_servers": "ip/hostname:port",
"trust_servers": "ip/hostname:port",
"file_servers": "ip/hostname:port",
"language": "en-US"
}
}
NetLock RMM automatically adds firewall rules to your Windows Firewall based on your configuration. Ensure that port forwarding on your router or firewall is set up correctly. Use tools like telnet
to verify that the ports are open.
Run NetLock_Web_Console.exe
as an administrator. If everything is configured correctly, the applications console output should look something like this:
Version: 1.0.0.0
Configuration loaded from appsettings.json
Http: False
Http Port: 80
Https: True
Https Port: 443
Https (force): True
Hsts: True
Hsts Max Age: 0
LetsEncrypt: True
Custom Certificate Path:
Custom Certificate Password:
MySQL Server: 127.0.0.1
MySQL Port: 3306
MySQL Database: netlock
MySQL User: root
MySQL Password: Bochum234
MySQL SSL Mode: None
MySQL additional parameters: AllowPublicKeyRetrieval=True;
Microsoft Defender Firewall is enabled.
Executed installation script.
Tables existing.
If issuing the Let’s Encrypt certificate or any other step fails, an error message will appear, and the Web Console window will close. Make sure to capture the content by pressing Ctrl+A
and then Ctrl+C
to request help. Non-members can request assistance on our Discord server. If you have a membership, it’s best to open a support ticket.
Open your browser and navigate to the Web Console’s IP address, hostname, or domain. You should see the login page that looks something like this:
The default username and password are admin
. After logging in, you will be prompted to configure a new password. If you lose your new password for any reason, connect to the database, go to the accounts
table, and set reset_password
to 1
for the user.
The package provider URL must be set so that the NetLock RMM server backend can obtain the agent packages. The packages can either be packaged and deployed yourself, or alternatively and quickly directly via the NetLock Members Portal (https://members.netlockrmm.com), which we recommend.
NetLock RMM Web Console
.NetLock_Web_Console.exe
.Done. Test by rebooting your system. You will not see the Web Console process window, but you can verify its operation through Task Manager or by accessing the URL.
Follow the same procedure.
First, download the latest version from GitHub: Releases · 0x101-Cyber-Security/NetLock-RMM (github.com)
appsettings.json
with a text editor of your choice.We strongly recommend enabling HTTPS. If you enable HTTPS, disable HTTP, enable HTTPS, and set force
to enabled
. Also, enable HSTS.
"Kestrel": {
"Endpoint": {
"Http": {
"Enabled": false,
"Port": 7080
},
"Https": {
"Enabled": true,
"Port": 7443,
"Force": true,
"Hsts": {
"Enabled": true
},
"Certificate": {
"Path": "certificates/certificate.pfx",
"Password": "your-cert-password"
}
}
},
For SSL encryption, add your own certificate or use the Let’s Encrypt integration to easily obtain one.
"LettuceEncrypt": {
"Enabled": true,
"AcceptTermsOfService": true,
"DomainNames": [ "demo.netlockrmm.com" ],
"EmailAddress": "nico.mak@0x101-cyber-security.de",
"AllowedChallengeTypes": "Http01, TlsAlpn01, Dns01"
},
Configure your MySQL Server. If your MySQL server is on the same machine, you may want to add AllowPublicKeyRetrieval=True;
to the AdditionalConnectionParameters
to prevent connection issues after your system reboots.
"MySQL": {
"Server": "127.0.0.1",
"Port": 3306,
"Database": "netlock",
"User": "root",
"Password": "Bochum234",
"SslMode": "None",
"AdditionalConnectionParameters": ""
},
Since the basic server installation covers only one server, ensure that all server roles are set to true
.
"Roles": {
"Comm": true,
"Update": true,
"Trust": true,
"Remote": true,
"Notification": true,
"File": true,
"LLM": true
}
NetLock RMM automatically adds firewall rules to your Windows Firewall based on your configuration. Ensure that port forwarding on your router or firewall is correctly set up. Use tools like telnet
to verify that the ports are open.
Run NetLock_RMM_Server.exe
as an administrator. If everything is configured correctly, it’s application console output should look something like this:
Version: 1.0.0.0
Configuration loaded from appsettings.json
Http: False
Http Port: 80
Https: True
Https Port: 443
Https (force): True
Hsts: True
Hsts Max Age: 0
LetsEncrypt: True
Custom Certificate Path:
Custom Certificate Password:
MySQL Server: 127.0.0.1
MySQL Port: 3306
MySQL Database: netlock
MySQL User: root
MySQL Password: Bochum234
MySQL SSL Mode: None
MySQL additional parameters: AllowPublicKeyRetrieval=True;
Microsoft Defender Firewall is enabled.
If issuing the Let’s Encrypt certificate or any other step fails, an error message will appear, and the servers window will close. Make sure to capture the content by pressing Ctrl+A
and then Ctrl+C
to request help. Non-members can request assistance on our Discord server. If you have a membership, it’s best to open a support ticket.
That’s it. You are ready to go. Now you might want to add your first tenant.
NetLock RMM Server
.NetLock_RMM_Server.exe
.Done.
Refer to supported operating systems: Supported OS/Distributions
Reference: https://learn.microsoft.com/en-us/dotnet/core/install/linux
Update your installation.
sudo apt update
Add the microsoft packet repository.
wget https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
Install .Net Framework 4.8 Runtime
sudo apt install -y aspnetcore-runtime-8.0
Update your installation & install ASP.NET Core-Runtime 4.8
sudo apt-get update && sudo apt-get install -y aspnetcore-runtime-8.0
Update your installation & install ASP.NET Core-Runtime 4.8
sudo apt-get update && sudo apt-get install -y aspnetcore-runtime-8.0
Update your installation & install ASP.NET Core-Runtime 4.8
sudo apt-get update && sudo apt-get install -y aspnetcore-runtime-8.0
Update your installation & install ASP.NET Core-Runtime 4.8
sudo dnf install aspnetcore-runtime-8.0
Update your installation & install ASP.NET Core-Runtime 4.8
sudo dnf install aspnetcore-runtime-8.0
Update your installation & install ASP.NET Core-Runtime 4.8
sudo dnf install aspnetcore-runtime-8.0
Update your installation & install ASP.NET Core-Runtime 4.8
sudo dnf install aspnetcore-runtime-8.0
Add the microsoft packet repository.
wget https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
Update your installation & install ASP.NET Core-Runtime 4.8
sudo apt-get update && sudo apt-get install -y aspnetcore-runtime-8.0
Add the microsoft packet repository.
wget https://packages.microsoft.com/config/debian/11/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
Update your installation & install ASP.NET Core-Runtime 4.8
sudo apt-get update && sudo apt-get install -y aspnetcore-runtime-8.0
Update your installation & install ASP.NET Core-Runtime 4.8
sudo dnf install aspnetcore-runtime-8.0
Update your installation & install ASP.NET Core-Runtime 4.8
sudo dnf install aspnetcore-runtime-8.0
Run the following commands.
Add the Microsoft-Paketsignaturekey & repository
sudo zypper install libicu
sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
wget https://packages.microsoft.com/config/opensuse/15/prod.repo
sudo mv prod.repo /etc/zypp/repos.d/microsoft-prod.repo
sudo chown root:root /etc/zypp/repos.d/microsoft-prod.repo
Update your installation & install ASP.NET Core-Runtime 4.8
sudo zypper install aspnetcore-runtime-8.0
If you don’t already have a Netlock database, follow these steps:
netlock
First, download the latest version from GitHub: Releases · 0x101-Cyber-Security/NetLock-RMM (github.com)
wget https://github.com/0x101-Cyber-Security/NetLock-RMM/releases/download/release/web_console.zip
You can execute the same binaries either on windows or linux. There is no seperation.
/home/netlock/web_console
and extract it in there./var
directory as it will store it’s logs in there.appsettings.json
file with a text editor of your choice.We strongly recommend enabling HTTPS. If you enable HTTPS, disable HTTP, enable HTTPS, and set force
to true. Also, enable HSTS.
"Kestrel": {
"Endpoint": {
"Http": {
"Enabled": false,
"Port": 80
},
"Https": {
"Enabled": true,
"Port": 443,
"Force": true,
"Hsts": {
"Enabled": true
},
"Certificate": {
"Path": "certificates/certificate.pfx",
"Password": "your-cert-password"
}
}
}
},
For SSL Encryption, add your own certificate, or use the Let’s Encrypt integration to easily retrieve one.
"LettuceEncrypt": {
"Enabled": true,
"AcceptTermsOfService": true,
"DomainNames": [ "demo.netlockrmm.com" ],
"EmailAddress": "nico.mak@0x101-cyber-security.de",
"AllowedChallengeTypes": "Http01, TlsAlpn01, Dns01"
},
Configure your MySQL Server. Ensure that the database exists; the Web Console will create the necessary tables itself. If your MySQL server is on the same machine, you may want to add AllowPublicKeyRetrieval=True;
to the AdditionalConnectionParameters
to prevent connection issues after your system has rebooted.
"MySQL": {
"Server": "127.0.0.1",
"Port": 3306,
"Database": "netlock",
"User": "root",
"Password": "Bochum234",
"SslMode": "None",
"AdditionalConnectionParameters": ""
},
Since the web console communicates with the NetLock RMM Server through SignalR, you need to ensure that the web console can connect to the server. Set UseSSL
to true
and change the port to the SSL port if the NetLock RMM Server uses SSL.
"NetLock_Remote_Server": {
"Server": "127.0.0.1",
"Port": 7433,
"UseSSL": true
},
The web console currently supports de-DE
(German) and en-US
(English). In this example, en-US
is configured.
"Webinterface": {
"Title": "Your company name",
"Language": "en-US",
"Accept_License": false,
"Membership_Reminder": true,
"Default_Package_Configuration": {
"ssl": true,
"main_communication_server": "ip/hostname:port",
"fallback_communication_server": "ip/hostname:port",
"main_update_server": "ip/hostname:port",
"fallback_update_server": "ip/hostname:port",
"main_trust_server": "ip/hostname:port",
"fallback_trust_server": "ip/hostname:port",
"language": "en-US"
}
}
If you are using ufw, make sure to add exceptions. Ensure that port forwarding on your router or firewall is set up correctly. Use tools like telnet
to verify that the ports are open.
Navigate to your web console directory. Example:
cd /home/netlock/web_console
Run the web console by executing the NetLock_Web_Console.dll as follows:
sudo dotnet NetLock_Web_Console.dll
If everything is configured correctly, the applications console output should look something like this:
Version: 1.0.0.0
Configuration loaded from appsettings.json
Http: False
Http Port: 80
Https: True
Https Port: 443
Https (force): True
Hsts: True
Hsts Max Age: 0
LetsEncrypt: True
Custom Certificate Path:
Custom Certificate Password:
MySQL Server: 127.0.0.1
MySQL Port: 3306
MySQL Database: netlock
MySQL User: root
MySQL Password: Bochum234
MySQL SSL Mode: None
MySQL additional parameters: AllowPublicKeyRetrieval=True;
Microsoft Defender Firewall is enabled.
Executed installation script.
Tables existing.
If issuing the Let’s Encrypt certificate or any other step fails, an error message will appear, and the Web Console window will close. Make sure to capture the content by pressing Ctrl+A
and then Ctrl+C
to request help. Non-members can request assistance on our Discord server. If you have a membership, it’s best to open a support ticket.
Open your browser and navigate to the Web Console’s IP address, hostname, or domain. You should see the login page that looks something like this:
The default username and password are admin
. After logging in, you will be prompted to configure a new password. If you lose your new password for any reason, connect to the database, go to the accounts
table, and set reset_password
to 1
for the user.
Create .dotnet folder.
sudo mkdir -p /home/netlock/.dotnet
Create a new user called netlock:
sudo adduser netlock
Edit the users permissions:
sudo chown -R netlock:netlock /home/netlock/.dotnet
sudo chmod -R 700 /home/netlock/.dotnet
sudo chown -R netlock:netlock /home/netlock/web_console/
sudo chmod -R 755 /home/netlock/web_console/
Get your .Net path:
readlink -f /usr/bin/dotnet
Output should look like this:
/usr/share/dotnet/dotnet
Allow the user to bind ports. Make sure the .Net path is correct:
sudo setcap 'cap_net_bind_service=+ep' /usr/share/dotnet/dotnet
Create a new service:
sudo nano /etc/systemd/system/netlock_rmm_web_console.service
Paste in the following configuration. If you have another user or path, make sure to adjust it in the configuration.
[Unit]
Description=NetLock RMM Web Console
[Service]
WorkingDirectory=/home/netlock/web_console/
ExecStart=/usr/share/dotnet/dotnet /home/netlock/web_console/NetLock_RMM_Web_Console.dll
Restart=always
RestartSec=10
SyslogIdentifier=dotnet-netlock_rmm_web_console
User=netlock
Environment=ASPNETCORE_ENVIRONMENT=Production
[Install]
WantedBy=multi-user.target
Reload your deamon:
sudo systemctl daemon-reload
Enable the service:
sudo systemctl enable netlock_rmm_web_console.service
Restart the service:
sudo systemctl restart netlock_rmm_web_console.service
Verify it’s status:
sudo journalctl -u netlock_rmm_web_console.service -f
Wait a little for error messages. If after about one minute no error occurred, everything should be fine. Otherwise get the error message and request support.
Same procedure.
First, download the latest version from GitHub: Releases · 0x101-Cyber-Security/NetLock-RMM (github.com)
wget https://github.com/0x101-Cyber-Security/NetLock-RMM/releases/download/release/server.zip
You can execute the same binaries either on windows or linux. There is no seperation.
/home/netlock/server
and extract it in there./var
directory as it will store it’s logs in there.appsettings.json
file with a text editor of your choice.We strongly recommend enabling HTTPS. If you enable HTTPS, disable HTTP, enable HTTPS, and set force
to enabled
. Also, enable HSTS.
"Kestrel": {
"Endpoint": {
"Http": {
"Enabled": false,
"Port": 7080
},
"Https": {
"Enabled": true,
"Port": 7443,
"Force": true,
"Hsts": {
"Enabled": true
},
"Certificate": {
"Path": "certificates/certificate.pfx",
"Password": "your-cert-password"
}
}
},
For SSL encryption, add your own certificate or use the Let’s Encrypt integration to easily obtain one.
"LettuceEncrypt": {
"Enabled": true,
"AcceptTermsOfService": true,
"DomainNames": [ "demo.netlockrmm.com" ],
"EmailAddress": "nico.mak@0x101-cyber-security.de",
"AllowedChallengeTypes": "Http01, TlsAlpn01, Dns01"
},
Configure your MySQL Server. If your MySQL server is on the same machine, you may want to add AllowPublicKeyRetrieval=True;
to the AdditionalConnectionParameters
to prevent connection issues after your system reboots.
"MySQL": {
"Server": "127.0.0.1",
"Port": 3306,
"Database": "netlock",
"User": "root",
"Password": "Bochum234",
"SslMode": "None",
"AdditionalConnectionParameters": ""
},
Since the basic server installation covers only one server, ensure that all server roles are set to true
.
"Roles": {
"Comm": true,
"Update": true,
"Trust": true,
"Remote": true,
"Notification": true,
"File": true
}
If you are using ufw, make sure to add exceptions. Ensure that port forwarding on your router or firewall is set up correctly. Use tools like telnet
to verify that the ports are open.
Navigate to your servers directory. Example:
cd /home/netlock/server
Run the server by executing the NetLock_Web_Console.dll as follows:
sudo dotnet NetLock_RMM_Server.dll
If everything is configured correctly, it’s application console output should look something like this:
Version: 1.0.0.0
Configuration loaded from appsettings.json
Http: False
Http Port: 80
Https: True
Https Port: 443
Https (force): True
Hsts: True
Hsts Max Age: 0
LetsEncrypt: True
Custom Certificate Path:
Custom Certificate Password:
MySQL Server: 127.0.0.1
MySQL Port: 3306
MySQL Database: netlock
MySQL User: root
MySQL Password: Bochum234
MySQL SSL Mode: None
MySQL additional parameters: AllowPublicKeyRetrieval=True;
Microsoft Defender Firewall is enabled.
If issuing the Let’s Encrypt certificate or any other step fails, an error message will appear, and the servers window will close. Make sure to capture the content by pressing Ctrl+A
and then Ctrl+C
to request help. Non-members can request assistance on our Discord server. If you have a membership, it’s best to open a support ticket.
That’s it. You are ready to go. Now you might want to add your first tenant.
Create .dotnet folder & set permissions.
sudo mkdir -p /home/netlock/.dotnet
Create a new user called netlock:
sudo adduser netlock
Edit the users permissions:
sudo chown -R netlock:netlock /home/netlock/.dotnet
sudo chmod -R 700 /home/netlock/.dotnet
sudo chown -R netlock:netlock /home/netlock/server/
sudo chmod -R 755 /home/netlock/server/
Get your .Net path:
readlink -f /usr/bin/dotnet
Output should look like this:
/usr/share/dotnet/dotnet
Allow the user to bind ports. Make sure the .Net path is correct:
sudo setcap 'cap_net_bind_service=+ep' /usr/share/dotnet/dotnet
Create a new service:
sudo nano /etc/systemd/system/netlock_rmm_server.service
Paste in the following configuration. If you have another user or path, make sure to adjust it in the configuration.
[Unit]
Description=NetLock RMM Server
[Service]
WorkingDirectory=/home/netlock/server/
ExecStart=/usr/share/dotnet/dotnet /home/netlock/server/NetLock_RMM_Server.dll
Restart=always
RestartSec=10
SyslogIdentifier=dotnet-netlock_rmm_server
User=netlock
Environment=ASPNETCORE_ENVIRONMENT=Production
[Install]
WantedBy=multi-user.target
Reload your deamon:
sudo systemctl daemon-reload
Enable the service:
sudo systemctl enable netlock_rmm_server.service
Restart the service:
sudo systemctl restart netlock_rmm_server.service
Verify it’s status:
sudo journalctl -u netlock_rmm_server.service -f
Wait a little for error messages. If after about one minute no error occurred, everything should be fine. Otherwise get the error message and request support.