logo

The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.

Notification

Icon
Error

Options
Go to last post Go to first unread
rnmixon  
#1 Posted : Tuesday, September 23, 2014 2:33:25 PM(UTC)
rnmixon


Rank: Newbie

Joined: 9/23/2014(UTC)
Posts: 1
United States
Location: Phoenix, AZ

I've read a number of posts on folks that used Apache reverse proxying to put the ScreenConnect server behind SSL. This approach eliminates the need to obtain an additional IP address from your ISP and keeps your SSL configuration in one place.

It seemed that the problems folks had were caused by a couple of issues:
  1. Not including a "ProxyTimeout 120" setting
  2. Trying to proxy the relay traffic, which is TCP but not HTTP(S), through Apache

So I configured it this way - thinking we would avoid the problems reported:

  1. On our router for IP address 98.xxx.xxx.83 we forwarded:

    1. Port 443 (HTTPS) to a Linux Centos 6.2 web server VM (web1) that has a wildcard cert installed (internal IP 192.168.xxx.47).
    2. Port 8041 (Relay) to a Windows Server 2008 R2 VM (SC1) that we are running Screen Connect on (internal IP 192.168.xxx.46)

  2. On the Linux web server web1 we have two virtual hosts:

    1. connect.acmeinc.com on port 80 - This just does a permanent redirect to the port 443 virtual host - we want everyone to use HTTPS.
    2. connect.acmeinc.com on port 443 - This virtual host, after un-encrypting the traffic, uses mod_proxy to direct requests to our ScreenConnect server SC1 on port 80. I'll include that proxy and reverse proxy config at the bottom.

  3. The following changes were made on the Screen Connect server web.config:
    1. <add key="WebServerListenUri" value="http://+:80/" />
    2. <add key="RelayListenUri" value="relay://+:8041/" />

Alas, although this tested out fine the first day, we are now having problems with the client being unable to connect. This first started happening when some of our support staff uninstalled and re-installed the ScreenConnect clienton their support workstation.

Any ideas on what might be causing this OR suggestions for the overall configuration? What am I missing? We've done this for other webapps before without a problem.

Here is the
Here is the Apache 2.2.15 virtual host configuration
Quote:
<VirtualHost *:443>
ServerName connect.acmeinc.com

SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/STAR_acmeinc_com.crt
SSLCertificateKeyFile /etc/pki/tls/private/STAR_acmeinc_com.key
SSLCertificateChainFile /etc/pki/tls/certs/STAR_acmeinc_com.ca-bundle
#SSLStrictSNIVHostCheck off

DocumentRoot /var/www/connect.acmeinc.com

ProxyRequests Off
ProxyPreserveHost On
ProxyTimeout 120

RewriteEngine On

#ProxyPass / http://SC1.acmeinc.local:80/
#ProxyPassReverse / http://SC1.acmeinc.local:80/

<Location />
ProxyPass http://SC1.acmeinc.local/
ProxyPassReverse http://SC1.acmeinc.local/
</Location>

<Proxy http://SC1.acmeinc.local/>
AllowOverride None
Order allow,deny
Allow from All
</Proxy>

</VirtualHost>


Thank you much!

Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.