logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
M1ke  
#1 Posted : Monday, July 23, 2018 2:04:02 PM(UTC)
M1ke


Rank: Member

Joined: 2/25/2015(UTC)
Posts: 13
Italy

Hello,
maybe this question has already been written on this forum but I don't find any information shortly to change my configuration.

Actually I use port 80 for web server and 443 for relay, I know strange cofinguration but at the time of installation only this two ports were available and I did not have a certificate at that time.


Now I want to implement the SSL could I use 80 for relay and 443 for web ?
What have to be done on clients ?

Thanks for a reply-

Mike
evputten  
#2 Posted : Monday, July 23, 2018 8:39:21 PM(UTC)
evputten


Rank: Member

Medals: ScreenConnect Advisor: Focus Group MemberLevel 1: Random Act of Kindness! Received One Thanks!

Joined: 7/25/2015(UTC)
Posts: 78
Netherlands
Location: Moerkapelle

Thanks: 3 times
Was thanked: 4 time(s) in 4 post(s)
Hi M1ke, the post you are looking for is this one :

https://controlforum.con...y-and-web-interface.aspx

Regards,
Erik
KeeganJacobsonStryker  
#3 Posted : Tuesday, July 24, 2018 6:07:49 PM(UTC)
KeeganJacobsonStryker


Rank: Guest

Joined: 7/19/2018(UTC)
Posts: 5
United States
Location: Duluth, MN

M1ke, with todays Google Chrome HTTP/HTTPS change (Chrome 68) I had a very similar configuration and needed to make changes as well.

I stumbled across the following post, and encounter a number of different problems with different implementation types. Finally I landed on one that worked very well for us.

What we ended up doing, is running Web on Port 8040 (the default), and Relay on 443 still. We used our load balancer to perform an HTTP (port 80) redirect to HTTPS (port 443) and were using the load balancer to "proxy" or provide the web page externally on port 443, and it was using the source port of 8040 from the server itself. The second post I linked, they ended up using Nginx essentially as their "load balancer" or "proxy" to display the content on port 443. We ended up hardcoding a separate URL / Public IP for the Relay service, as we had IPs to spare and creating another DNS record and IP was easy for us.

Here are some pros/cons to our configuration:

Pros-

  • We can manage SSL certificates centrally (via load balancer), so don't need to update SSL on that box itself
  • This gives us HTTP to HTTPS redirect. I would argue this is important, but if you update all URLs otherwise or tell users to go just to HTTPS could work around it.
  • Minimal "hacking" to the web.config on the box itself with a more standard configuration, which hopefully will make it more compatible in the future for upgrades

Cons or potential deal breakers-

  • This configuration requires additional resources (A Load Balancer, or a separate server to act as one/proxy such as Nginx)
  • An additional Public IP for your relay
  • An additional DNS record (just for the relay, example screenconnectrelay.contoso.com)

You won't be able to do an HTTP to HTTPS redirect and run port 443 for web and 80 for relay, since the port 80 http to https redirect will use port 80 on the server, and you will not be able to use port 80 for the relay. This is why our config ended up with Port 8040 for Web (handled via external proxy) and then Port 443 for Relay.

All in all I am very happy with this setup. I went down the rabbit hole of doing the SSL Configurator at first and having SSL terminated on the box itself, but being able to use our Load Balancer to handle SSL termination and doing the 80 to 443 redirect, all while running on port 8040 on the server itself turned out to be a great implementation but it took a lot of trial and error of different implementations to find out that worked best for us, and what worked best for us may not work best for you - but I do hope it helps!

Edited by user Tuesday, July 24, 2018 6:29:17 PM(UTC)  | Reason: Not specified

M1ke  
#4 Posted : Friday, July 27, 2018 2:41:21 PM(UTC)
M1ke


Rank: Member

Joined: 2/25/2015(UTC)
Posts: 13
Italy

Thank you all guys for your reply.

At the end I decided to move port 80 for the relay and 443 for web but obviously all client are disconnected. I prepared for this and nothing could change unless reinstall or change the registry key manually or via group policy.
Now I push a policy that change the registry key of the service, in a couple of day I should have the clients back again.

Michael L  
#5 Posted : Monday, July 30, 2018 12:10:37 PM(UTC)
Michael L


Rank: Administration

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 8/18/2015(UTC)
Posts: 94
Man
United States

Thanks: 9 times
Was thanked: 13 time(s) in 11 post(s)
Using the router service that's built in will let you have http > https redirect and keep all traffic going to port 443 (web and relay) with a single IP address. You just need to enable the service:

https://controlforum.con...st4621_Shared-Relay.aspx

Edited by user Monday, July 30, 2018 12:11:24 PM(UTC)  | Reason: Not specified

ConnectWise Control (ScreenConnect) Support Team
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.