+6
Closed
nginx reverse proxy by default
For linux installation just default to a script that installs NGINX or APACHE as a reverse proxy since that seems to be the only way to have a compliant and secure server installation.
(Support Chat that lead to this feature request)
Please wait while I access your information
Mike Hulme
08:48 AMHello Cory. TLS is not disabled through ScreenConnect but done at the OS level. I found this post that may help you: http://forum.screenconnect.com/yaf_postst4574_Testing-and-Fixing-Poodle-on-Windows-Linux-ScreenConnect-servers.aspx#post18173
Mike Hulme
08:49 AMWas there anything else we could help with today?
Mike Hulme
08:49 AMUmm let me take a look at that link
Cory Silva
08:50 AMSure, no problem.
Mike Hulme
08:50 AMOh I see, reverse proxy is the answer. Okay okay I guess I will spin up a reverse proxy server...
Cory Silva
08:58 AMFor the suggestion box: The default installation on linux should just include nginx if that is the only way to be compliant.
Cory Silva
08:59 AMThanks man.
Cory Silva
08:59 AMNo problem! And an fyi for you: our feature request portal is here: http://screenconnect.userecho.com/ All feedback like that is very helpfl for our development team.
Customer support service by UserEcho
I remember this as being one of my first annoyances when I initially trialed ScreenConnect. I did this from day 1, because I wanted control over the SSL settings. Once I got it worked through, I've never had to mess with it, but it would have probably made my trial smoother to have had this.
(Also related to the Let's Encrypt request - http://product.screenconnect.com/topics/473-add-lets-encrypt-support-to-base-screenconnect-functonality/ )
Agreed. I use Nginx reverse proxy, but in my opinion it should be part of the installation. That Let's Encrypt related post is also brilliant idea.
I dislike the idea of SC pulling nginx/apache as default, but I'd not be against them including conf files/instructions.
People installing into existing setups would open up a can of worms if the setup had nginx/apache included.
It seems like the installer could offer this on a new installation thereby avoiding the problem it seems you're alluding to.
I think this issue can be closed since ScreenConnect updated its internal linux web server and it now supports modern TLS encryption algorithms.