Link to home
Start Free TrialLog in
Avatar of Sergio Ordaz
Sergio Ordaz

asked on

Remote desktop gateway behind NGINX

Hi!!

I'm implementing a new RDS deployment bihind a NGINX, I already made the RDWeb works, but I am having troubles with the gateway,
I am always getting this issue:

User generated image
I made a test forwarding the traffic from the firewall  directly to the gateway and it works perfectly. Here is it the configuration of the NGINX.



    server {
        listen      80;
        server_name  ##.#####.##;
        return 301 https://$host$request_uri;
       root         /usr/share/nginx/html;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

upstream gateway.####.## {
    server gateway.###.##:443;
   }

     server {
        listen  443 ssl;
        server_name  gateway.##.##;

        ssl_certificate "/etc/letsencrypt/live/##.####.##/fullchain.pem";
        ssl_certificate_key "/etc/letsencrypt/live/##.###.##/privkey.pem";
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        ssl_prefer_server_ciphers on;
        ssl on;
        # Load configuration files for the default server block.
        # include /etc/nginx/default.d/*.conf;

        location / {
        proxy_set_header x-real-IP       $remote_addr;
        proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header host            $host;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass $scheme://####.###.##$request_uri;
}

Please help!
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image

RDGateway verifies traffic end to end. Configuring nginx to provide its own cert like you will break RDG, but web pages like rdweb wouldn't care.
Avatar of Sergio Ordaz
Sergio Ordaz

ASKER

Can you help me how can I do that please?
those not are the certificates ?

 ssl_certificate "/etc/letsencrypt/live/##.####.##/fullchain.pem";
        ssl_certificate_key "/etc/letsencrypt/live/##.###.##/privkey.pem";
Why are you trying to pass this through nginx? Knowing your goal will help provide a right sized solution.
Becouse I wanna use one ip for RDWeb and Gateway.
Are both roles on the same server?
No there are in diffrents host
ASKER CERTIFIED SOLUTION
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thx Cliff for the information, do you have the link where did you get it please?
Thx