On the topic of NGINX Reverse Proxy, it just so happens that the process for installing an SSL certificate onto your ScreenConnect server can be rather difficult, and a much more flexible approach is by using NGINX over SSL to reverse-proxy to the ScreenConnect instance.

This is how you can do it yourself.

Modify ScreenConnect settings:

To begin, we should change the port that ScreenConnect listens on for incoming web connections.

  • This is so NGINX can use ports 80 and 443.

On Linux, screen connect is in installed to /opt/screenconnect/

Open the web.config file:

Look for and modify the following lines to fit your specification.

  • Here, we are using port :10050 to access ScreenConnect WebUI now.
  • We are also adding the https:// before your domain which you access ScreenConnect with because we use SSL only now.

Now that you have taken care of that, we’re going to work on NGINX.

 

Generate a strong diffie-hellman group:

You need to define the path you choose for this in the NGINX config

  • Whether you use the default site config or create a new config, it’s up to you. This is the config I am using to proxy to the ScreenConnect server in the above example.

Nginx host file:

I hope you can use this to secure your ScreenConnect site. It is extremely important that we do not authenticate with remote-support software over unsecured HTTP.


5 Comments

Felix · February 12, 2019 at 10:52 pm

“BE MINDFUL THAT CLICKONCE/JNLP DEPLOYMENT MAY NOT WORK”

Click once stops working because the support client looks for ‘url:10050’. The initial support connection always fails for me.

The work around is to have your guest go back to the browser and click on “Having trouble? Try next option”

The fix I used to enable clickonce:

I may have made unrelated changes to the relays previously. I only include them here for reference. The key here is the “WebServerAlternateListenUri” key.

YMMV

GiowGiow · February 17, 2018 at 9:50 am

When downloading the app it can’t connect to the relay for some reason… Any help ?

GiowGiow · February 14, 2018 at 11:22 pm

Thank you!

Martyn Spencer · October 25, 2017 at 3:26 am

Thanks for taking the time to document this. It worked well.

Easy SSL for ScreenConnect with NGINX Reverse Proxy – Oskamp Tech · May 22, 2018 at 2:43 am

[…] Source: https://tylermade.net/2017/05/04/easy-ssl-for-screenconnect-with-nginx-reverse-proxy/ […]

Leave a Reply