The Perfect Reverse Proxy (NGINX, SSL, WebUI Management)

Reverse Proxy.  I’ve been implementing reverse-proxy solutions in lab and in production for some time now, but I always come across the same problem; It’s not the easiest type of a system to manage, especially when there are SSL certificates involved. Now, before I started looking for an easy-to-manage SSL solution, I figured I’d find some sort of web interface for the NGINX config files and other basic server management. After some searching and testing, I decided on Ajenti. Ajenti is a python-based linux control panel that makes installing packages…

Read More

Easy SSL for ScreenConnect with NGINX Reverse Proxy

On the topic of NGINX Reverse Proxy, it just so happens that the process for installing an SSL certificate onto your ScreenConnect server can be rather difficult, and a much more flexible approach is by using NGINX over SSL to reverse-proxy to the ScreenConnect instance. This is how you can do it yourself. Modify ScreenConnect settings: To begin, we should change the port that ScreenConnect listens on for incoming web connections. This is so NGINX can use ports 80 and 443. On Linux, screen connect is in installed to /opt/screenconnect/ Open…

Read More

NGINX Security Hardening

 After setting up an NGINX webserver with a GoDaddy-issued SSL certificate, I did an SSL test and saw that I was graded a C. That’s average! I want a secure site. So I looked around at a couple of things, and decided to put together a small list of things you can add to your NGINX configuration/server block for enhancing security. I’m going to assume you’re already using an SSL certificate. If you aren’t, start there, and THEN look into how you can improve security 😉   1. Redirect all…

Read More

How to install NGINX, get a free SSL certificate, and configure a reverse proxy (part two)

This is part two, the final part of configuring NGINX with SSL as a reverse proxy. Now that you have successfully installed NGINX and obtained a free SSL cert, you can proceed.   There is one important thing to note when configuring reverse proxy: For each “subfolder” you want to act as a proxy to another server, you must have that server configured to listen on that subfolder.   This makes little sense in plain english so let’s review briefly, using CouchPotato as our example: Say I run CouchPotato on…

Read More

How to install NGINX, get a free SSL certificate, and configure a reverse proxy (part one)

This is part one of a two-part series for using NGINX as a reverse proxy for microservices on the same server or hosted on other servers/ports Click here for part two. In this article, we will: Install NGINX Install LetsEncrypt CertBot Obtain free SSL certificate Configure NGINX for SSL In part two, we will go over how to turn the basic HTTPS encrypted NGINX site into a reverse proxy for your other services. Installing NGINX and CertBot Auto We are using Ubuntu 14.04.5 Download certbot-auto to the /usr/local/sbin directory

Make sure…

Read More