Prefer not to host it yourself? Our NetLock RMM Cloud offers a secure and hassle-free solution starting at just €30 per month. Check it out here: NetLock RMM Cloud. Additionally, we provide on-premises installation services for those who prefer that option.
In this guide, we will cover the basic server installation. If you are a larger company, consider opting for the advanced server installation.
The server and web console can be installed either in the cloud or in offline environments, depending on your specific requirements.
The network structure will be as follows:
The agents only perform outgoing connections, so port forwarding is not required on these machines. The web console renders the content server-sided and then sends it to the user’s browser. Therefore, a permanent connection between the web console and user is necessary for operation. The web console communicates either directly with the SQL server or contacts the NetLock remote server through SignalR in cases like using the remote shell and file browser. Ensure the connection between the web console and NetLock remote server is possible. The web console should only be accessible from trusted environments.
¶ Installation under Linux
¶ Video Tutorial
¶ System Requirements
Refer to supported operating systems: Supported OS/Distributions
- ASP.NET Core Runtime 8.0
- MySQL Server, minimum version 8.0
- SSL certificate (or use the built-in Let’s Encrypt integration to obtain one)
- 2 Cores (may vary depending on the number of agents you monitor)
- 2 GB RAM (may vary depending on the number of agents you monitor)
- SSD recommended
¶ Install .Net Framework 4.8
Reference: https://learn.microsoft.com/en-us/dotnet/core/install/linux
Depending on your Linux distribution, you may need to add Microsoft’s GPG key to your system before installing the required packages.
You can do that like that:
- Install the required tools.
sudo apt-get install gpg curl apt-transport-https
- Add the key.
curl -fsSL https://packages.microsoft.com/keys/microsoft.asc | sudo gpg --dearmor -o /usr/share/keyrings/microsoft-prod.gpg
Ubuntu 20.04
Run the following commands.Update your installation.
sudo apt update
Add the microsoft packet repository.
wget https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
Install .Net Framework 4.8 Runtime
sudo apt install -y aspnetcore-runtime-8.0
Ubuntu 22.04
Run the following commands.Update your installation & install ASP.NET Core-Runtime 4.8
sudo apt-get update && sudo apt-get install -y aspnetcore-runtime-8.0
Ubuntu 23.10
Run the following commands.Update your installation & install ASP.NET Core-Runtime 4.8
sudo apt-get update && sudo apt-get install -y aspnetcore-runtime-8.0
Ubuntu 24.04
Run the following commands.Update your installation & install ASP.NET Core-Runtime 4.8
sudo apt-get update && sudo apt-get install -y aspnetcore-runtime-8.0
RHEL 9 (9.1)
Run the following commands.Update your installation & install ASP.NET Core-Runtime 4.8
sudo dnf install aspnetcore-runtime-8.0
RHEL 8 (8.7)
Run the following commands.Update your installation & install ASP.NET Core-Runtime 4.8
sudo dnf install aspnetcore-runtime-8.0
CentOS Stream 9
Run the following commands.Update your installation & install ASP.NET Core-Runtime 4.8
sudo dnf install aspnetcore-runtime-8.0
CentOS Stream 8
Run the following commands.Update your installation & install ASP.NET Core-Runtime 4.8
sudo dnf install aspnetcore-runtime-8.0
Debian 12
Run the following commands.Add the microsoft packet repository.
wget https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
Update your installation & install ASP.NET Core-Runtime 4.8 & SDK
sudo apt-get update && sudo apt-get install -y dotnet-sdk-8.0 && sudo apt-get install -y aspnetcore-runtime-8.0
Debian 11
Run the following commands.Add the microsoft packet repository.
wget https://packages.microsoft.com/config/debian/11/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
Update your installation & install ASP.NET Core-Runtime 4.8
sudo apt-get update && sudo apt-get install -y aspnetcore-runtime-8.0
Fedora 40
Run the following commands.Update your installation & install ASP.NET Core-Runtime 4.8
sudo dnf install aspnetcore-runtime-8.0
Fedora 39
Run the following commands.Update your installation & install ASP.NET Core-Runtime 4.8
sudo dnf install aspnetcore-runtime-8.0
OpenSUSE 15.4 & higher
Run the following commands.
Add the Microsoft-Paketsignaturekey & repository
sudo zypper install libicu
sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
wget https://packages.microsoft.com/config/opensuse/15/prod.repo
sudo mv prod.repo /etc/zypp/repos.d/microsoft-prod.repo
sudo chown root:root /etc/zypp/repos.d/microsoft-prod.repo
Update your installation & install ASP.NET Core-Runtime 4.8
sudo zypper install aspnetcore-runtime-8.0
¶ Create MySQL Database
If you don’t already have a Netlock database, follow these steps:
- Connect to your MySQL server.
- Create a new database. For example:
netlock
¶ NetLock RMM Web Console
Instead of compiling all binaries yourself, you can easily obtain them through our Members Portal. We offer free unsigned executables for home labs, as well as digitally code-signed executables for professionals. This option simplifies the setup process and ensures you have the latest and most secure versions of our software. For more details about our Members Portal and the available packages, visit: https://docs.netlockrmm.com/en/members-portal
- Download the packages.zip file from the Members Portal and extract it on your server. Inside, you’ll find the web_console.package. You can extract this package using board tools.
- Move the contents of the web_console.package to your desired location on the server.
- Example: Create a new folder with the following path/home/netlock/web_consoleand extract it in there. - Open the
appsettings.jsonfile with a text editor of your choice.
You can execute the same binaries on windows or linux. There is no seperation.
¶ SSL Encryption
We strongly recommend enabling HTTPS. If you enable HTTPS, disable HTTP, enable HTTPS, and set force to true. Also, enable HSTS.
"Kestrel": {
"Endpoint": {
"Http": {
"Enabled": false,
"Port": 80
},
"Https": {
"Enabled": true,
"Port": 443,
"Force": true,
"Hsts": {
"Enabled": true
},
"Certificate": {
"Path": "certificates/certificate.pfx",
"Password": "your-cert-password"
}
}
}
},
For SSL Encryption, add your own certificate, or use the Let’s Encrypt integration to easily retrieve one.
¶ Using Let’s Encrypt Certificate for SSL
- Go to LettuceEncrypt, enable it, and accept the terms of service.
- Enter the domain names through which the Web Console will be available (separate with commas).
- Set your email address and configure the allowed challenge types. By default, all supported challenges are active.
"LettuceEncrypt": {
"Enabled": true,
"AcceptTermsOfService": true,
"DomainNames": [ "demo.netlockrmm.com" ],
"EmailAddress": "nico.mak@0x101-cyber-security.de",
"AllowedChallengeTypes": "Http01, TlsAlpn01, Dns01"
},
¶ MySQL Configuration
Configure your MySQL Server. Ensure that the database exists; the Web Console will create the necessary tables itself. If your MySQL server is on the same machine, you may want to add AllowPublicKeyRetrieval=True; to the AdditionalConnectionParameters to prevent connection issues after your system has rebooted.
"MySQL": {
"Server": "127.0.0.1",
"Port": 3306,
"Database": "netlock",
"User": "root",
"Password": "Bochum234",
"SslMode": "None",
"AdditionalConnectionParameters": ""
},
¶ Prepare the Connection with the NetLock RMM Remote Server
Since the web console communicates with the NetLock RMM Server through SignalR, you need to ensure that the web console can connect to the server. Set UseSSL to true and change the port to the SSL port if the NetLock RMM Server uses SSL.
"NetLock_Remote_Server": {
"Server": "demo.netlockrmm.com",
"Port": 7433,
"UseSSL": true
},
"NetLock_File_Server": {
"Server": "demo.netlockrmm.com",
"Port": 7433,
"UseSSL": true
},
¶ Specify your Language Code
The web console currently supports de-DE (German) and en-US (English). In this example, en-US is configured.
"Webinterface": {
"Title": "Your company name",
"Language": "en-US",
"Membership_Reminder": true,
"Default_Package_Configuration": {
"ssl": true,
"main_communication_server": "ip/hostname:port",
"fallback_communication_server": "ip/hostname:port",
"main_update_server": "ip/hostname:port",
"fallback_update_server": "ip/hostname:port",
"main_trust_server": "ip/hostname:port",
"fallback_trust_server": "ip/hostname:port",
"language": "en-US"
}
}
¶ Firewall Configuration
If you are using ufw, make sure to add exceptions. Ensure that port forwarding on your router or firewall is set up correctly. Use tools like telnet to verify that the ports are open.
¶ Starting the Web Console
Navigate to your web console directory. Example:
cd /home/netlock/web_console
Run the web console by executing the NetLock_RMM_Web_Console.dll as follows:
sudo dotnet NetLock_RMM_Web_Console.dll
If everything is configured correctly, the applications console output should look something like this:
Version: 1.0.0.0
Configuration loaded from appsettings.json
Http: False
Http Port: 80
Https: True
Https Port: 443
Https (force): True
Hsts: True
Hsts Max Age: 0
LetsEncrypt: True
Custom Certificate Path:
Custom Certificate Password:
MySQL Server: 127.0.0.1
MySQL Port: 3306
MySQL Database: netlock
MySQL User: root
MySQL Password: Bochum234
MySQL SSL Mode: None
MySQL additional parameters: AllowPublicKeyRetrieval=True;
Microsoft Defender Firewall is enabled.
Executed installation script.
Tables existing.
If issuing the Let’s Encrypt certificate or any other step fails, an error message will appear, and the Web Console window will close. Make sure to capture the content by pressing Ctrl+A and then Ctrl+C to request help. Non-members can request assistance on our Discord server. If you have a membership, it’s best to open a support ticket.
¶ Verify Access to Your Web Console
Open your browser and navigate to the Web Console’s IP address, hostname, or domain. You should see the login page that looks something like this:
The default username and password are admin. After logging in, you will be prompted to configure a new password. If you lose your new password for any reason, connect to the database, go to the accounts table, and set reset_password to 1 for the user.
¶ Set package provider URL for the NetLock RMM Server
The package provider URL must be set to enable the NetLock RMM server backend to retrieve agent packages. You can either package and deploy these yourself or use the NetLock Members Portal, which is a faster and recommended option. For more details about the free Members Portal, visit: https://docs.netlockrmm.com/en/members-portal
To set the Package Provider URL, navigate to Settings -> System in the left navigation bar. Scroll down to the bottom of the System settings, where you can enter the Package Provider URL. This setting ensures your server backend can access the necessary packages for managing and updating the NetLock RMM agents.
¶ Configure the Web Console to Start with Linux via Systemd
Create .dotnet folder.
sudo mkdir -p /home/netlock/.dotnet
Create a new user called netlock:
sudo adduser netlock
Edit the users permissions:
sudo chown -R netlock:netlock /home/netlock/.dotnet
sudo chmod -R 700 /home/netlock/.dotnet
sudo chown -R netlock:netlock /home/netlock/web_console/
sudo chmod -R 755 /home/netlock/web_console/
sudo chown -R netlock:netlock /var/0x101\ Cyber\ Security/
Get your .Net path:
readlink -f /usr/bin/dotnet
Output should look like this:
/usr/share/dotnet/dotnet
Allow the user to bind ports. Make sure the .Net path is correct:
sudo setcap 'cap_net_bind_service=+ep' /usr/share/dotnet/dotnet
Create a new service:
sudo nano /etc/systemd/system/netlock_rmm_web_console.service
Paste in the following configuration. If you have another user or path, make sure to adjust it in the configuration.
[Unit]
Description=NetLock RMM Web Console
[Service]
WorkingDirectory=/home/netlock/web_console/
ExecStart=/usr/share/dotnet/dotnet /home/netlock/web_console/NetLock_RMM_Web_Console.dll
Restart=always
RestartSec=10
SyslogIdentifier=dotnet-netlock_rmm_web_console
User=netlock
Environment=ASPNETCORE_ENVIRONMENT=Production
[Install]
WantedBy=multi-user.target
Reload your deamon:
sudo systemctl daemon-reload
Enable the service:
sudo systemctl enable netlock_rmm_web_console.service
Restart the service:
sudo systemctl restart netlock_rmm_web_console.service
Verify it’s status:
sudo journalctl -u netlock_rmm_web_console.service -f
Wait a little for error messages. If after about one minute no error occurred, everything should be fine. Otherwise get the error message and request support.
¶ NetLock RMM Server
Instead of compiling all binaries yourself, you can easily obtain them through our Members Portal. We offer free unsigned executables for home labs, as well as digitally code-signed executables for professionals. This option simplifies the setup process and ensures you have the latest and most secure versions of our software. For more details about our Members Portal and the available packages, visit: https://docs.netlockrmm.com/en/members-portal
Same procedure.
- Download the packages.zip file from the Members Portal and extract it on your server. Inside, you’ll find the server.package. You can extract this package using board tools.
- Move the contents of the server.package to your desired location on the server.
- Example: Create a new folder with the following path/home/netlock/serverand extract it in there. - Open the
appsettings.jsonfile with a text editor of your choice.
You can execute the same binaries on windows or linux. There is no seperation.
¶ SSL Encryption
We strongly recommend enabling HTTPS. If you enable HTTPS, disable HTTP, enable HTTPS, and set force to enabled. Also, enable HSTS.
"Kestrel": {
"Endpoint": {
"Http": {
"Enabled": false,
"Port": 7080
},
"Https": {
"Enabled": true,
"Port": 7443,
"Force": true,
"Hsts": {
"Enabled": true
},
"Certificate": {
"Path": "certificates/certificate.pfx",
"Password": "your-cert-password"
}
}
},
For SSL encryption, add your own certificate or use the Let’s Encrypt integration to easily obtain one.
¶ Using Let’s Encrypt Certificate for SSL
- Go to LettuceEncrypt, enable it, and accept the terms of service.
- Enter the domain names through which the Web Console will be accessible (separate with commas).
- Set your email address and configure the allowed challenge types. By default, all supported challenges are active.
"LettuceEncrypt": {
"Enabled": true,
"AcceptTermsOfService": true,
"DomainNames": [ "demo.netlockrmm.com" ],
"EmailAddress": "nico.mak@0x101-cyber-security.de",
"AllowedChallengeTypes": "Http01, TlsAlpn01, Dns01"
},
¶ MySQL Configuration
Configure your MySQL Server. If your MySQL server is on the same machine, you may want to add AllowPublicKeyRetrieval=True; to the AdditionalConnectionParameters to prevent connection issues after your system reboots.
"MySQL": {
"Server": "127.0.0.1",
"Port": 3306,
"Database": "netlock",
"User": "root",
"Password": "Bochum234",
"SslMode": "None",
"AdditionalConnectionParameters": ""
},
¶ Roles
Since the basic server installation covers only one server, ensure that all server roles are set to true.
"Roles": {
"Comm": true,
"Update": true,
"Trust": true,
"Remote": true,
"Notification": true,
"File": true,
"LLM": true
}
¶ Firewall Configuration
If you are using ufw, make sure to add exceptions. Ensure that port forwarding on your router or firewall is set up correctly. Use tools like telnet to verify that the ports are open.
¶ Starting the Server
Navigate to your servers directory. Example:
cd /home/netlock/server
Run the server by executing the NetLock_RMM_Server.dll as follows:
sudo dotnet NetLock_RMM_Server.dll
If everything is configured correctly, it’s application console output should look something like this:
Version: 1.0.0.0
Configuration loaded from appsettings.json
Http: False
Http Port: 80
Https: True
Https Port: 443
Https (force): True
Hsts: True
Hsts Max Age: 0
LetsEncrypt: True
Custom Certificate Path:
Custom Certificate Password:
MySQL Server: 127.0.0.1
MySQL Port: 3306
MySQL Database: netlock
MySQL User: root
MySQL Password: Bochum234
MySQL SSL Mode: None
MySQL additional parameters: AllowPublicKeyRetrieval=True;
Microsoft Defender Firewall is enabled.
If issuing the Let’s Encrypt certificate or any other step fails, an error message will appear, and the servers window will close. Make sure to capture the content by pressing Ctrl+A and then Ctrl+C to request help. Non-members can request assistance on our Discord server. If you have a membership, it’s best to open a support ticket.
That’s it. You are ready to go. Now you might want to add your first tenant.
¶ Configure the Server to Start with Linux via Systemd
Create .dotnet folder & set permissions.
sudo mkdir -p /home/netlock/.dotnet
Create a new user called netlock:
sudo adduser netlock
Edit the users permissions:
sudo chown -R netlock:netlock /home/netlock/.dotnet
sudo chmod -R 700 /home/netlock/.dotnet
sudo chown -R netlock:netlock /home/netlock/server/
sudo chmod -R 755 /home/netlock/server/
sudo chown -R netlock:netlock /var/0x101\ Cyber\ Security/
Get your .Net path:
readlink -f /usr/bin/dotnet
Output should look like this:
/usr/share/dotnet/dotnet
Allow the user to bind ports. Make sure the .Net path is correct:
sudo setcap 'cap_net_bind_service=+ep' /usr/share/dotnet/dotnet
Create a new service:
sudo nano /etc/systemd/system/netlock_rmm_server.service
Paste in the following configuration. If you have another user or path, make sure to adjust it in the configuration.
[Unit]
Description=NetLock RMM Server
[Service]
WorkingDirectory=/home/netlock/server/
ExecStart=/usr/share/dotnet/dotnet /home/netlock/server/NetLock_RMM_Server.dll
Restart=always
RestartSec=10
SyslogIdentifier=dotnet-netlock_rmm_server
User=netlock
Environment=ASPNETCORE_ENVIRONMENT=Production
[Install]
WantedBy=multi-user.target
Reload your deamon:
sudo systemctl daemon-reload
Enable the service:
sudo systemctl enable netlock_rmm_server.service
Restart the service:
sudo systemctl restart netlock_rmm_server.service
Verify it’s status:
sudo journalctl -u netlock_rmm_server.service -f
Wait a little for error messages. If after about one minute no error occurred, everything should be fine.
Everything is now set up! If you encounter any issues, feel free to ask for help on Discord. If you have a membership, we’re happy to assist remotely as well—just get in touch with us.
