Setting up Nginx on CentOS 7 as a reverse proxy

JaredBusch

@brandon220 said in Setting up Nginx on CentOS 7 as a reverse proxy:

Just an FYI - to get semanage to work on Fedora 27, I had to install policycoreutils-python-utils

Yeah, I really need to write a new guide.

Alex Sage

@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

As JB said you would name them your subdomain/domain name. subdomain.domain.conf <---not .com

I name mine subdomain.domain.tld.conf

JaredBusch

@aaronstuder said in Setting up Nginx on CentOS 7 as a reverse proxy:

@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

As JB said you would name them your subdomain/domain name. subdomain.domain.conf <---not .com

I name mine subdomain.domain.tld.conf

Yeah, mine are the full thing with a .conf at the end.

daerma.com.conf
obelisk.daerma.com.conf

wirestyle22

@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

@aaronstuder said in Setting up Nginx on CentOS 7 as a reverse proxy:

@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

As JB said you would name them your subdomain/domain name. subdomain.domain.conf <---not .com

I name mine subdomain.domain.tld.conf

Yeah, mine are the full thing with a .conf at the end.

daerma.com.conf
obelisk.daerma.com.conf

Yeah, when I was writing I typed in the actual web address accidentally.

nc.domain.com instead of nc.domain.conf or nc.domain.com.conf

dbeato

@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

@aaronstuder said in Setting up Nginx on CentOS 7 as a reverse proxy:

@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

As JB said you would name them your subdomain/domain name. subdomain.domain.conf <---not .com

I name mine subdomain.domain.tld.conf

Yeah, mine are the full thing with a .conf at the end.

daerma.com.conf
obelisk.daerma.com.conf

Yeah, when I was writing I typed in the actual web address accidentally.

nc.domain.com instead of nc.domain.conf or nc.domain.com.conf

I did the same today, total facepalm.

JaredBusch

@dbeato said in Setting up Nginx on CentOS 7 as a reverse proxy:

@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

@aaronstuder said in Setting up Nginx on CentOS 7 as a reverse proxy:

@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

As JB said you would name them your subdomain/domain name. subdomain.domain.conf <---not .com

I name mine subdomain.domain.tld.conf

Yeah, mine are the full thing with a .conf at the end.

daerma.com.conf
obelisk.daerma.com.conf

Yeah, when I was writing I typed in the actual web address accidentally.

nc.domain.com instead of nc.domain.conf or nc.domain.com.conf

I did the same today, total facepalm.

You can name them whatever you want. I just personally like this format.

dbeato

@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

@dbeato said in Setting up Nginx on CentOS 7 as a reverse proxy:

@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

@aaronstuder said in Setting up Nginx on CentOS 7 as a reverse proxy:

@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

As JB said you would name them your subdomain/domain name. subdomain.domain.conf <---not .com

I name mine subdomain.domain.tld.conf

Yeah, mine are the full thing with a .conf at the end.

daerma.com.conf
obelisk.daerma.com.conf

Yeah, when I was writing I typed in the actual web address accidentally.

nc.domain.com instead of nc.domain.conf or nc.domain.com.conf

I did the same today, total facepalm.

You can name them whatever you want. I just personally like this format.

Well, yeah but the configuration looks for all *.conf files which failed on loading the site at first.

JaredBusch

@dbeato said in Setting up Nginx on CentOS 7 as a reverse proxy:

@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

@dbeato said in Setting up Nginx on CentOS 7 as a reverse proxy:

@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

@aaronstuder said in Setting up Nginx on CentOS 7 as a reverse proxy:

@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

As JB said you would name them your subdomain/domain name. subdomain.domain.conf <---not .com

I name mine subdomain.domain.tld.conf

Yeah, mine are the full thing with a .conf at the end.

daerma.com.conf
obelisk.daerma.com.conf

Yeah, when I was writing I typed in the actual web address accidentally.

nc.domain.com instead of nc.domain.conf or nc.domain.com.conf

I did the same today, total facepalm.

You can name them whatever you want. I just personally like this format.

Well, yeah but the configuration looks for all *.conf files which failed on loading the site at first.

Right, you can name it wtf.conf if you want is what I mean.I just personally like the fqdn.conf structure, so that is how I wrote the guide.

dbeato

@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

@dbeato said in Setting up Nginx on CentOS 7 as a reverse proxy:

@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

@dbeato said in Setting up Nginx on CentOS 7 as a reverse proxy:

@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

@jaredbusch said in Setting up Nginx on CentOS 7 as a reverse proxy:

@aaronstuder said in Setting up Nginx on CentOS 7 as a reverse proxy:

@wirestyle22 said in Setting up Nginx on CentOS 7 as a reverse proxy:

As JB said you would name them your subdomain/domain name. subdomain.domain.conf <---not .com

I name mine subdomain.domain.tld.conf

Yeah, mine are the full thing with a .conf at the end.

daerma.com.conf
obelisk.daerma.com.conf

Yeah, when I was writing I typed in the actual web address accidentally.

nc.domain.com instead of nc.domain.conf or nc.domain.com.conf

I did the same today, total facepalm.

You can name them whatever you want. I just personally like this format.

Well, yeah but the configuration looks for all *.conf files which failed on loading the site at first.

Right, you can name it wtf.conf if you want is what I mean.I just personally like the fqdn.conf structure, so that is how I wrote the guide.

The guide was awesome and worked perfectly.

zenbu

@JaredBusch I setup a reverse proxy with nginx for ScreenConnect, but the relay port isn't working. Can you provide your setup for how your relay is setup? Does it require two different IPs?

flaxking

@zenbu said in Setting up Nginx on CentOS 7 as a reverse proxy:

@JaredBusch I setup a reverse proxy with nginx for ScreenConnect, but the relay port isn't working. Can you provide your setup for how your relay is setup? Does it require two different IPs?

That's not HTTP traffic. You would have to set Nginx up for TCP/UDP load balancing

scottalanmiller

@zenbu said in Setting up Nginx on CentOS 7 as a reverse proxy:

@JaredBusch I setup a reverse proxy with nginx for ScreenConnect, but the relay port isn't working. Can you provide your setup for how your relay is setup? Does it require two different IPs?

First, do you need a revere proxy for that? It's not web traffic. If you do, I'd recommend HA-Proxy.

Second, don't use CentOS 7 today. This guide is very old.

JaredBusch

@scottalanmiller said in Setting up Nginx on CentOS 7 as a reverse proxy:

@zenbu said in Setting up Nginx on CentOS 7 as a reverse proxy:

@JaredBusch I setup a reverse proxy with nginx for ScreenConnect, but the relay port isn't working. Can you provide your setup for how your relay is setup? Does it require two different IPs?

First, do you need a revere proxy for that? It's not web traffic. If you do, I'd recommend HA-Proxy.

Right, you port forward the relay traffic. It is encrypted by the clients on each end. You SSL certificates do not apply to it anyway.

JaredBusch

@scottalanmiller said in Setting up Nginx on CentOS 7 as a reverse proxy:

Second, don't use CentOS 7 today. This guide is very old.

Well the new guide is old already too. But at least it is still the same on Fedora 31 as it was on Fedora 27...

https://www.mangolassi.it/topic/16651/install-nginx-as-a-reverse-proxy-on-fedora-27

zenbu

@flaxking Good point, I found out about that and have been reading up on it. Using ngx_stream_ssl_preread_module seems like it may be the solution. It will let you differentiate between HTTP SSL traffics and non HTTP ssl traffic. That way I'm hoping to use port 443 for both the web portal and the ScreenConnect relay.

scottalanmiller

@zenbu said in Setting up Nginx on CentOS 7 as a reverse proxy:

That way I'm hoping to use port 443 for both the web portal and the ScreenConnect relay.

I don't believe that there is any possible way to do that. Because you'd need a host header or something to differentiate and SC doesn't work that way.

The traffic is designed to be on different ports. They can be any ports that you want, but not the same one.

scottalanmiller

@zenbu

You have two issues... the first is what we call "being weird." This is a bizarre thing to be trying to do. It's not wrong, it's just "weird"... that kind of thing that hard to describe but it's clearly strange and trying to invent a wheel that already works really well.

The second issue is your goal: what goal are you trying to accomplish by doing this? There's not normally any reason to have the proxy of the SC control port traffic. What problem are you trying to solve by doing this?

JaredBusch

@scottalanmiller said in Setting up Nginx on CentOS 7 as a reverse proxy:

What problem are you trying to solve by doing this?

If I had to guess, outbound traffic controls blocking port 8041 (the default relay port).

I run in to this sometimes.

JaredBusch

If the above is your problem, then you should look at a different solution. @scottalanmiller's current favorite is MeshCentral.

It is not as good as ConnectWise Control yet, IMO, but close.