Posts made by NashBrydges

@wirestyle22 No, meaning I wanted all transcoding to happen on the SSDs. Had I installed the VM on the R510, I would have had the VM's vhdx on rotating platters in RAID6 so I didn't want that to get in the way of potentially resource intensive activity like transcoding. By placing the VM on the host with the SSD array, I'm leveraging that additional speed without worrying about transcoding running into some bottleneck.

I'm running Plex as a Ubuntu VM on Hyper-V. It stores no media. Simply network access to a Dell R510 where I keep the media. The Plex VM is running on a different host because I wanted to leverage the all SSD setup. The only data on the Plex VM is the library metadata. Everything else streams over the network. It's absolutely rock solid. Transcodes X265 and X264 rips effortlessly on as many as 4 simultaneous local clients as well as 2 to 3 remote clients for family. The local playback devices are all currently Roku 4s while the remote devices are Roku 3s and Smart TVs with built-in Plex.

@DustinB3403 No I kept them. As Scott mentioned they work just fine without the app. I just can't get the fine-tuned EQ settings from the app so I have to use the phone settings.

This is going to be true for ANY app you install. C'mon people! I purchased a set of Jaybird X3 earbuds recently (btw best set of bluetooth earbuds I've ever used) and when I installed the mobile app, I took the time to read their privacy policy. I was about 2 chapters into the policy when I decided to remove the app from my iPhone. There's no way I'm allowing that kind of privacy invasion. I get that you want to get some information, but knowing my geo-location every time I use the earbuds, nah, not for me thanks.

@Richard_Cylance The issue is that you're fighting a problem of credibility. I read the Ars article a couple days ago and read through this thread and your responses to this tread's participants and while it feels like the folks here are asking some pretty direct questions, they are getting marketing speak in return. Sometimes, especially when credibility has taken such a hit, whether the stories are true or not, you have an uphill battle to climb and skirting questions with round-about answers won't get you where you need to be.

Having said this, I agree that a standardized approach to testing would be valuable. Problem is, malware is hardly "standard" with different variants behaving differently from one day to the next as these evolve. So as much as I'm with you on "let's get an open, public, standard way of measuring effectiveness", I don't think that's very realistic and I certainly don't believe this will address Cylance's credibility. The same would be true of any vendor in the same position.

My recommendation...stop...put away your marketing hat, and deal with questions head on. Failure to do so only casts further shadow and doubt.

@JaredBusch said in Looking for how-to on setting up a proxy:

server {
client_max_body_size 40M;
listen 80;
server_name support.bundystl.com;
rewrite ^ https://$server_name$request_uri? permanent;
}

Yep, got all that done and it's working well. What I was referring to was redirecting traffic to HTTPS. Essentially this is the part of the file I was missing...

server {
    client_max_body_size 40M;
    listen 80;
    server_name support.bundystl.com;
    rewrite        ^ https://$server_name$request_uri? permanent;
}

Only thing left to do now is to figure out how to redirect HTTP traffic to HTTPS and I'm done.

Thanks Scott. The error was because of the include ssl.conf; reference. I removed this line and now it connects and HTTPS is enabled. All seems to work. I'll have to test some more but...awesome! Thanks for your help!

@scottalanmiller said in Looking for how-to on setting up a proxy:

server {
listen 443 ssl http2;
server_name server.com www.server.com;

  ssl on;
  include ssl.conf;
  ssl_certificate      /etc/letsencrypt/live/server.com/fullchain.pem;
  ssl_certificate_key  /etc/letsencrypt/live/server.com/privkey.pem;

  location / {
    proxy_pass http://127.0.0.1/; }

}

When I use this simplified file, and modify only for my domain, Nginx won't restart. It appears I'm in an even worse spot with this file than before unfortunately.

@scottalanmiller Sure did. Restarted both Nginx and ScreenConnect services.

I should add that ScreenConnect is fully accessible at www.redacted.ca:8040 so I'm pretty sure I screwed something up somewhere.

So I finally got around to giving this a try and I'm getting a bad gateway error.

I am running ScreenConnect on Ubuntu 16.04.2 and installed Nginx (sudo apt-get install nginx). Nginx is installed on the same host as ScreenConnect.

I adapted your file details for ScreenConnect as follows (hope this is correct)...

• created a file named redacted.ca.conf and saved it in /etc/nginx/conf.d/

Content of the file is...

server {
	client_max_body_size 40M;
	listen 443 ssl;
	server_name www.redacted.ca redacted.ca;
	ssl          on;
	ssl_certificate /etc/letsencrypt/live/redacted.ca/cert.pem;
	ssl_certificate_key /etc/letsencrypt/live/redacted.ca/privkey.pem;

	location / {
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header Host $http_host;
		proxy_set_header X-NginX-Proxy true;
		proxy_pass https://127.0.0.1:8040;
		proxy_redirect off;
	}
}

I've confirmed that Nginx and ScreenConnect services are running after restarting both.

When I try to access ScreenConnect, I get a secured HTTPS connection but a bad gateway error. The Nginx error log shows this...

2017/04/17 19:50:30 [error] 13586#13586: *10 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: xxx.xxx.xxx.xxx, server: www.redacted.ca, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8040/favicon.ico", host: "redacted.ca", referrer: "https://redacted.ca/"

Any hints on what I'm doing wrong?

I could blow away the server altogether and rebuild using CentOS to follow the how-to exactly but I'd obviously prefer not having to recreate the proverbial wheel.

@Tim_G I recently used this to install a Let's Encrypt cert on a IIS server and worked flawlessly. The one thing that isn't mentioned in that SW post is that you MUST have your domain name entered in the port 80 binding setup which isn't always the case.

These are the steps I followed...
1- Forward port 80 from external WAN IP to IP address of IIS server on the router/firewall
2- Forward port 443 from external WAN IP to IP address of the IIS server on the router/firewall
3- Ensure that DNS record points to the correct WAN IP and that it is reachable
4- Log into the server as Administrator
5- Go to IIS Manager, select the site, and from the Actions pane, select “Bindings” under Edit Site
6- Click on the http site binding and then click “Edit”
7- Under the “Host name”, please ensure that the full domain is entered (domainname.com) then click OK and Close
8- Download the Let’s Encrypt executable from https://github.com/Lone-Coder/letsencrypt-win-simple/releases/download/v1.9.3/letsencrypt-win-simple.V1.9.3.zip
9- Unzip the file and save contents to a folder on the server (I simply saved it in c:\new)
10- Open a command prompt as administrator and change command prompt directory to match where you saved the Let’s Encrypt client (in my case that was c:\new)
11- Type in “letsencrypt” and press ENTER
12- If this is the first time the client runs, you will be prompted to enter an email address and press ENTER
13- You will be asked to agree to the ToS of Let’s Encrypt, Enter “y” and press ENTER.
14- The command prompt will then show a list of available IIS sites as well as a number of other options. If this is the only site configured, it should appear under #1. It will ask you which option you would like to run. Simply select #1 and press ENTER
15- It will then automatically register the domain name and create and bind the SSL certificate.
16- You will be asked if you want to create a scheduled task to automatically renew the certificate in Windows Task Manager. If asked if you want to specify the user, select No and press ENTER
17- Once complete, go back to Edit Site Bindings and you will see that a new entry has been made for “https”. If you select it and press “Edit”, you’ll see the new SSL certificate named in the SSL box.
18- Test that you can now reach your server via HTTPS. Once you’ve confirmed, disable port forwarding for port 80 on your router/firewall and only keep port 443 active. This will ensure you don’t need to worry about redirection from http to https

As the title suggests, I recently bought a "retired" school that I'll be converting to rental units over the coming months where, when all is said and done, I should have 25 rental units. I've scheduled fiber install at the building and will be getting a 1 Gbps connection within a couple weeks. My first order of business before construction starts is that I need to install a security system, maglock doors and video surveillance.

Hoping to get some recommendations on what you use for video. I've been a big fan of Ubiquiti APs and switches but I've never used their video products. I am a fan of the pricing on their cameras. Has anyone used them and if so, any feedback/suggestions/things to keep in mind? I know their bullet cameras are on PAssive PoE while their dome cameras support both Passive and 802.3af.

If you use something else, I'd love to hear what product and why. What are your favourite features and which features do you wish your system had.

I'd also like to understand how much space the video stream recording will take-up. I get that this is based on fps, compression, motion detection, length of retention, number of cameras...etc, but if you can share what your current setup is like and how much space you are using, this would be extremely helpful in proper-sizing the NVR VM.

I'm looking for minimum 720P, preferaby 1080P @ 30fps capability, IP cameras only, PoE, built-in IR with decent range, preferably something with software based NVR that I can run in a VM.

My initial setup would likely consist of ~15 - 20 cameras, and expanding to ~40 - 50 once construction nears a state where I can start renting. I'll be wanting to cover all of the common areas and entrances.

A nice to have would be to have the ability to stream a live view of the primary entrance to either small monitors mounted in each unit, or to residents' laptops or mobile devices. I know the UBNT NVR software has the ability to create "live views" but not sure about sharing these with as many as 20-25 screens at once.

Any kind of recommendations based on experience would be much appreciated.

@JaredBusch Awesome, thanks. I'll give this a try this weekend.

@JaredBusch Thanks for this, I'll have a look. Seeing as it is from 2015, has anything changed with the process since then or would this still apply with the current version of Nginx?

@dafyre said in Looking for how-to on setting up a proxy:

I like this article: https://blog.roushtech.net/2014/02/19/pci-compliant-screenconnect-setup-nginx/

note: It's from 2014, so the config options and recommendations may not be the same today. It also assumes that your NGINX Proxy and the ScreenConnect bits are on the same server.

I like the article because it goes into a little detail on the why of some of the settings.

The thing is he suggests you need 2 public IPs which is rediculous. The services are on different ports so that wouldn't be necessary. And you're right, it is very very old.

Hi All,

I am one of the (un)lucky bunch to have used StartSSL certs to secure my ScreenConnect webserver. Now that Google no longer recognizes those, I have clients who are getting a message that this website is insecure. I'd like to use Let's Encrypt but ConnectWise hasn't bothered to get off their ass to allow this so I'd like to setup either Nginx or Apache to serve as a proxy so that I can leverage Let's Encrypt.

I have no experience in this setup and much of the documentation I find online (my google-fu is failing me) seems to be woefully outdated, not to mention that not having done this before, I'm hoping to find something pretty detailed. Here's what I'd like to do...

I have a new, fresh install of ScreenConnect setup on a Ubuntu server. I've tested it in its native config and everything works using the standard 8040 and 8041 ports.

Can anyone point me to good documentation on how to setup Apache or Nginx as a reverse proxy? The aim here is that it will only serve to allow the use of Let's Encrypt for certs so the plan is that I only need to secure the web portal. If I understand this correctly, the certs will secure the proxy on port 443 and it will redirect traffic to the standard port 8040 internally.

Btw I'm really hoping to find documentation that will describe the process in enough detail for a newbie. I like to figure these things out for myself a bit. It's one thing to have someone give you a step by step instruction manual but I also would like to understand what's happening so I can reproduce this later if needed.

I've been using Synology for years as a backup target for many clients and have never seen these kinds of errors. And from the looks of the screen capture, looks like you're experiencing problems across many disks. Wonder if there's some kind of underlying hardware problem unrelated to the disks.

The one thing I still haven't been able to figure out just yet is how to create task dependancies so that setting one task's start time is dependant on its predecessor. This would let me properly display the Gantt chart with timelines aligned with expected completion. I know I've seen something once about how to set it up but I couldn't get it figured out and haven't had much time to get back to it.