Hello,
maybe this question has already been written on this forum but I don't find any information shortly to change my configuration.

Actually I use port 80 for web server and 443 for relay, I know strange cofinguration but at the time of installation only this two ports were available and I did not have a certificate at that time.


Now I want to implement the SSL could I use 80 for relay and 443 for web ?
What have to be done on clients ?

Thanks for a reply-

Mike

M1ke, with todays Google Chrome HTTP/HTTPS change (Chrome 68) I had a very similar configuration and needed to make changes as well.

I stumbled across the following post, and encounter a number of different problems with different implementation types. Finally I landed on one that worked very well for us.

• https://controlforum.con...P-redirect-to-HTTPS.aspx
  
• https://blog.roushtech.n...reenconnect-setup-nginx/
  

What we ended up doing, is running Web on Port 8040 (the default), and Relay on 443 still. We used our load balancer to perform an HTTP (port 80) redirect to HTTPS (port 443) and were using the load balancer to "proxy" or provide the web page externally on port 443, and it was using the source port of 8040 from the server itself. The second post I linked, they ended up using Nginx essentially as their "load balancer" or "proxy" to display the content on port 443. We ended up hardcoding a separate URL / Public IP for the Relay service, as we had IPs to spare and creating another DNS record and IP was easy for us.

Here are some pros/cons to our configuration:

Pros-

• We can manage SSL certificates centrally (via load balancer), so don't need to update SSL on that box itself
  
• This gives us HTTP to HTTPS redirect. I would argue this is important, but if you update all URLs otherwise or tell users to go just to HTTPS could work around it.
  
• Minimal "hacking" to the web.config on the box itself with a more standard configuration, which hopefully will make it more compatible in the future for upgrades
  

Cons or potential deal breakers-

• This configuration requires additional resources (A Load Balancer, or a separate server to act as one/proxy such as Nginx)
  
• An additional Public IP for your relay
  
• An additional DNS record (just for the relay, example screenconnectrelay.contoso.com)
  

You won't be able to do an HTTP to HTTPS redirect and run port 443 for web and 80 for relay, since the port 80 http to https redirect will use port 80 on the server, and you will not be able to use port 80 for the relay. This is why our config ended up with Port 8040 for Web (handled via external proxy) and then Port 443 for Relay.

All in all I am very happy with this setup. I went down the rabbit hole of doing the SSL Configurator at first and having SSL terminated on the box itself, but being able to use our Load Balancer to handle SSL termination and doing the 80 to 443 redirect, all while running on port 8040 on the server itself turned out to be a great implementation but it took a lot of trial and error of different implementations to find out that worked best for us, and what worked best for us may not work best for you - but I do hope it helps!

Edited by user Tuesday, July 24, 2018 6:29:17 PM(UTC)  | Reason: Not specified

Using the router service that's built in will let you have http > https redirect and keep all traffic going to port 443 (web and relay) with a single IP address. You just need to enable the service:

https://controlforum.con...st4621_Shared-Relay.aspx

Edited by user Monday, July 30, 2018 12:11:24 PM(UTC)  | Reason: Not specified