On the topic of NGINX Reverse Proxy, it just so happens that the process for installing an SSL certificate onto your ScreenConnect server can be rather difficult, and a much more flexible approach is by using NGINX over SSL to reverse-proxy to the ScreenConnect instance.

This is how you can do it yourself.

Modify ScreenConnect settings:

To begin, we should change the port that ScreenConnect listens on for incoming web connections.

  • This is so NGINX can use ports 80 and 443.

On Linux, screen connect is in installed to /opt/screenconnect/

Open the web.config file:

Look for and modify the following lines to fit your specification.

  • Here, we are using port :10050 to access ScreenConnect WebUI now.
  • We are also adding the https:// before your domain which you access ScreenConnect with because we use SSL only now.

Now that you have taken care of that, we’re going to work on NGINX.

 

Generate a strong diffie-hellman group:

You need to define the path you choose for this in the NGINX config

  • Whether you use the default site config or create a new config, it’s up to you. This is the config I am using to proxy to the ScreenConnect server in the above example.

Nginx host file:

I hope you can use this to secure your ScreenConnect site. It is extremely important that we do not authenticate with remote-support software over unsecured HTTP.


1 Comment

Martyn Spencer · October 25, 2017 at 3:26 am

Thanks for taking the time to document this. It worked well.

Leave a Reply