Easy SSL for ScreenConnect with NGINX Reverse Proxy

On the topic of NGINX Reverse Proxy, it just so happens that the process for installing an SSL certificate onto your ScreenConnect server can be rather difficult, and a much more flexible approach is by using NGINX over SSL to reverse-proxy to the ScreenConnect instance.

This is how you can do it yourself.

Modify ScreenConnect settings:

To begin, we should change the port that ScreenConnect listens on for incoming web connections.

  • This is so NGINX can use ports 80 and 443.

On Linux, screen connect is in installed to /opt/screenconnect/

Open the web.config file:

Look for and modify the following lines to fit your specification.

  • Here, we are using port :10050 to access ScreenConnect WebUI now.
  • We are also adding the https:// before your domain which you access ScreenConnect with because we use SSL only now.

Now that you have taken care of that, we’re going to work on NGINX.

 

Generate a strong diffie-hellman group:

You need to define the path you choose for this in the NGINX config

  • Whether you use the default site config or create a new config, it’s up to you. This is the config I am using to proxy to the ScreenConnect server in the above example.

Nginx host file:

I hope you can use this to secure your ScreenConnect site. It is extremely important that we do not authenticate with remote-support software over unsecured HTTP.

Leave a Reply