As a side effect of recently becoming a Google Certified Associate Cloud Engineer I’ve been making an effort to migrate and consolidate all of my companies various web services into one space.
I couldn’t find a tutorial on how to do this, so, today we’re going to talk about ConnectWise Control or ScreenConnect.
Installing ScreenConnect is pretty simple ConnectWise offers basically fire and forget scripts to do so, installation of ConnectWise is outside of scope of this tutorial.
For our example our instance is running Debian 9, running in Google Compute Engine with HTTP and HTTPS traffic enabled.
- Step 1 Install ScreenConnect on Debian.
- Step 2 setup your DNS records to resolve something.yourdomain.com to your new ScreenConnect install.
As a note something.yourdomain.com will not actually run ScreenConnect you can find/use your install at something.yourdomain.com:8040 by default.
Here’s where the magic happens, we’re going to use nginx to behave as a proxy for something.yourdomain.com:8040
- Step 3 install certbot, certbots nginx tools and nginx
This is done by running the following commands
sudo apt install certbot
sudo apt install python-certbot-nginx
sudo apt install nginx- Step 4, adjust nginx’s default site, we’re going to delete it, add a new blank one, and then paste in our config.
To do this run the following commands
sudo rm /etc/nginx/sites-available/default
sudo touch /etc/nginx/sites-available/default
sudo nano /etc/nginx/sites-available/defaultNano will open an in terminal text editor, paste the following script, replacing something.yourdomain.com with what your actual DNS records are.
server {
listen 443 ssl default_server;
server_name something.yourdomain.com;
server_tokens off;
ssl on;
ssl_certificate /etc/letsencrypt/live/something.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/something.yourdomain.com/privkey.pem;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:8040;
proxy_redirect off;
}
}
Pressing CTRL+X and then Y when prompted will exit nano and save your changes.
Once your default file is updated, restart the nginx service by running
sudo systemctl reload nginxThe last step is to tell certbot to go out, get an SSL from Let’s Encrypt and set it up for something.yourdomain.com
sudo certbot --nginx -d something.yourdomain.comThat’s it! All done, navigate to something.yourdomain.com to see a fully functioning screen connect setup with SSL.