logo

The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.

Notification

Icon
Error

Options
Go to last post Go to first unread
absolem_v2  
#1 Posted : Monday, June 15, 2015 5:06:11 PM(UTC)
absolem_v2


Rank: Newbie

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 6/14/2015(UTC)
Posts: 1
United States
Location: midwest

Was thanked: 1 time(s) in 1 post(s)
Recently I was able to get SC running through nginx without needing a secondary setup for the relay. I'm not sure what else to say so here's my configs. Special thanks to members of this community for getting me started & for posting your progress. I can't find the post I got the code from but if you recognize it and would like credit please let me know and I'll do what I can.

Nginx host file:
Quote:

server {
# REDIRECTS HTTP TO HTTPS
listen 80;
server_name <FQDN>;
rewrite ^ https://<FQDN> redirect;
}

server {
# DEFINE OUR PORTS (443) AND SET THIS AS OUR DEFAULT TLS CERTIFICATE
listen 443 default_server ssl;
server_name <FQDN>;

## WE'LL BE USING TLS, SO LET'S ENABLE IT.
ssl on;

## WHERE'S THE CERTIFICATE AND KEY?
ssl_certificate /etc/nginx/ssl/<Your_cert_name>.crt;
ssl_certificate_key /etc/nginx/ssl/<Your_Key_Name>.key;

## PERFORMANCE OPTIONS
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
keepalive_timeout 60;

## SSL/TLS PROTOCOL - POOR DESCRIPTION AS WE WON'T BE USING SSL, ONLY TLSv1.
# ssl_protocols TLSv1;

## TLSv1 AND TLSv1.1;
# ssl_protocols TLSv1 TLSv1.1;

## TLSv1 AND TLSv1.1 AND TLSv1.2;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

## ALWAYS SAFER TO DEFINE AN ORDER - THINK CAREFULLY IF YOU DISABLE THIS.
ssl_prefer_server_ciphers on;

## OUR SUPPORTED CIPHERS. GOOD FOR A QUALYS "A" RATING (100/95/80/90).
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";

## WANT A QUALYS "A" RATING (100/100/100/100)? BE SURE TO REMOVE/COMMENT ABOVE LINE, ENABLE TLSv1.2 ONLY AND BE MINDFUL THAT CLICKONCE/JNLP DEPLOYMENT MAY NOT WORK.
# ssl_ciphers "ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA";
## ENABLE IF YOU INTEND TO USE ELLIPTIC CURVE DHE
# ssl_ecdh_curve secp521r1;

## OPTIONS
## ENABLE HSTS - CHROME & FIREFOX ONLY. ONCE ENABLED, ALL SUBSEQUENT REQUESTS WILL BE DIRECTED TO HTTPS.
add_header Strict-Transport-Security max-age=86400;

location / {
## WHERE ARE WE PASSING OUR REQUEST TO?
# IN THIS EXAMPLE, THE NATIVE SCREENCONNECT UI IS NO LONGER ACCESSIBLE DIRECTLY. ALL REQUESTS MUST COME THROUGH NGINX PROXY.
# BE SURE TO SET SCREENCONNECT WEB.CONFIG FILE TO LISTEN ON 127.0.0.1:PORT.
proxy_pass http://127.0.0.1:10050/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 90;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
}
}



SC web.config file change/add these lines:

Quote:
<add key="WebServerListenUri" value="http://127.0.0.1:10050/">
</add>
<add key="WebServerAddressableUri" value="https://<FQDN/">
</add>
<add key="RelayListenUri" value="relay://0.0.0.0:8041">
</add>


Then make sure that you open ports 80, 443 & 8041 on your firwall & router (if behind NAT)
You also have to get legit SSL certficates, SC will deny self signed SSL certs.
When you go to your Admin tab everything should light up green except for External Accessibility Check. I'm not quite sure how to get rid of it yet.

The error I get:

Web Server Test URL: https://<FQDN>
Web Server Error: Unrecognized server. Not ScreenConnect Web Server.

I'm guessing this means SC is getting a response from nginx & not screenconnect so it throws this error.

This is my first time really posting to any forums or trying to help through this medium. If I did anything wrong please correct me so I can have proper etiquette in the future. Hope this works for you.

Cheers
thanks 1 user thanked absolem_v2 for this useful post.
dbsmith on 6/23/2015(UTC)

Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.