RPort - Remote Machine Management

What Is It?

RPort is an RMM (Remote Machine Management) tool. It's a server based system where you install a client access application on each client machine you want to manage. That client then connects to the server, and becomes accessible in many ways.

What Can I Do With It?

You can view the status and metrics of the client machines / servers.

  • CPU Usage
  • RAM Usage
  • Disk Usage
  • Network Usage
  • Historical Graphs of I/O and Machine Diagnostic Information
  • Audits of actions taken on the client machines
  • and more...

You can also create tunnels to these machines for connection via SSH, RDP, VNC, HTTP, HTTPS, Custom Service connections, and Service Forwarding connections.

These tunnels can be set to self-destroy after a certain amount of time, or inactivity, which lends to additional security.

Users can be limited to only working with certain clients or client groups.

This is a very nice, clean, and fairly robust RMM in my opinion.

What Do I Need?

A server to run the RPort Server software on. Their site specifies

  • Debian 10 or 11
  • Ubuntu 20.04 or later
  • Rasbian 9 (so, yes, it will run on a Raspberry PI)
  • Alma
  • Centos
  • Rocky
  • Fedora
  • and more ...

From their documentation (and I highly recommend you always check their documentation, as it will be updated eventually).

Supported operating systems:
The server installer only support the following Linux versions.
Debian 10 & 11
Rasbian 9 or newer
Ubuntu 20.04 or newer
RedHat
CentOS
Alma
Rocky
Oracle Linux 8
For all supported operating systems, the following architectures are supported: armv6, armv7, aarch64, X86_64.
CentOS Stream 9 is not yet supported due to a missing certbot package.

You Also Need

  • Curl installed on your host
  • About 10 minutes time.
  • Access to your Router / Firewall in order to forward ports 80, 443, 5000, 8000, 20000 - 20050 to your host machine. NOTE: you may need to forward 80 and 443 to your reverse proxy if you are running one.
  • (Optional) A FQDN (Fully Qualified Domain Name / URL).
           - This can be your own domain / subdomain, or
           - a dynamic DNS (e.g. duckdns, dyndns, cloudflare ddns, etc).
  • (Optional) A reverse proxy (e.g. NGinX Proxy Manager, Traefik, Caddy, HAProxy, etc.), and familiarity with proxy configuration.

Installing the RPort Server

Log into your host machine (preferably with a non-root user that has sudo privileges).

Download the Installer script for your server. I highly recommend checking the official RPort for any updated scripts / instructions! The RPort page is at https://kb.rport.io/install-the-rport-server/install-on-premises.

You can use the first set of commands on this page to run inside your home network, like I will do in the video and the rest of these instructions, or you can use the second script on this page to run in a VPS like Digital Ocean, or Linode.

First, download the software from RPort:

curl -o rportd-installer.sh https://get.rport.io

If you don't have curl installed, you can install it on your system via the package manager of your chosen OS. For Ubuntu / Debian install it with:

sudo apt install curl -y

I like to just install wget and git as well, just to make it easy. If you want to do that too, you can do it all in one command with:

sudo apt install curl wget git -y

After this is done, use the command above to download the RPort server software install script.

curl -o rportd-installer.sh https://get.rport.io

Now, we need to run the script, and provide a few flags (arguments) in order to make sure we get everything running the way we want.

sudo bash rportd-installer.sh \
 --email [email protected] \
 --client-port 8000 \
 --api-port 5000 \
 --fqdn rport.localnet \
 --port-range 20000-20050

The above command is directly from the RPort site, but I modified mine to change the 2-factor authentication method from "email" to "totp", so I can use BitWarden to get my One Time Pin instead of email. I also changed the fqdn, to be one on a domain I own, so I can access the RPort server from outside my network (as well, clients from outside can connect to my rport server).

Below is my version:

sudo bash rportd-installer.sh \
 --totp \
 --client-port 8000 \
 --api-port 5000 \
 --fqdn rport-new.yourcooldomain.org \
 --port-range 20000-20050

In the above we specify that we want to authenticate via totp, and our url will be https://rport-new.yourcooldomain.org. Of course, change the domain to your own domain / sub-domain.

Now, we can run this command, and RPort server will be installed an started on our server.

Make note of the URL, username, and password shown in the command line after the server is up and running. You'll need these in order to login for the first time.

We need an A Record, or a CNAME Reocrd in our DNS.

In order for the url we setup to point to our server, we need to setup a special DNS record to point to our public IP address. If you aren't sure what your public IP is, you can go to http://ipchicken.com to see what yours is.

Once you have that, you'll want to go to your domain registar's DNS settings page, and add an A Record DNS entry. Make sure to enter your public IP in the IP address field, and enter the sub-domain (the first part before the primary domain) in the "points to" field.

Domains are generally formatted:

sub-domain.primary-domain.domainextension

so the domain billsboxes.boxcentral.nu would be

sub-domain: "billsboxes"
primary-domain: "boxcentral"
domain-extension: "nu"

I can't tell you specifically how your registrar's DNS settings look, or may be worded, as there are hundreds, if not thousands, of domain regsitrars; and they can all do things their own way. They should be very close to what I've described above though.

Setting Up our Reverse Proxy

Now, if you have a reverse proxy (like I do), then you'll want to make sure ports 80 and 443 are forwarded from the outside internet, through your router / firewall, to your proxy host. If you aren't using a reverse proxy, then you want to forward those ports to your RPort server's internal IP address (usualy something like 192.168.x.x, or 10.x.x.x, or 172.x.x.x).

In your reverse proxy, you'll want to proxy any request for https://yourrport.yourcooldomain.org (using your domain, of course) on port 5000 to your server for the Web UI access. You'll want to create an SSL certificate, but a self sigend certificate is also created.

Port Forwarding Needs

Additionally, regardless of whether you run a reverse proxy, you'll want to forward the ports 8000, 20000 - 20050 to your RPort Server's private IP.

Check Out Your Fresh RPort Server Web UI

Now, we've got all of our routing setup. Hopefully, it's all set correctly.

You should now be able to navigate in a modern browser to your domain / dubdomain.

https://yourrport.yourcooldomain.org , and you shouldn't have to add the 5000 port.

You may be greeted with a server certificate warning. Feel free to accept the risk, as this is your server.

Next, you'll want to use the username / password combination provided in the terminal when you created the server, to login for the first time. Also, if you set the TOTP option, make sure to have a TOTP app ready to scan the QR code during setup.

Initial Settings

Once you log in for the first time, you'll want to head to the settings (gear icon) and set the General system settings to your liking.

You'll also want to change the password for the admin user from the password generated during install.  You can now add more users, and start adding client machines.

Check out the video to see how to add clients, and more great info on the RPort user interface.

Support my Channel and ongoing efforts through Patreon:
https://www.patreon.com/bePatron?u=234177