Webrdp and websockets not working with Nginx Reverse Proxy

Webrdp and websockets not working with Nginx Reverse Proxy

Hi,

It seems like i am having some issues getting WebRDP and Websockets to work in general. I am using Nginx reverse proxy and i do not get notifications, chats do not work correctly most of the time and worst of all. WebRDP does not work at all. 
it is not a major issue as i have Endpoint Central for RDP. But as it is rather unreliable, it would be great to have a second option!.

I was hoping someone might have figured it out and could spot the mistakes in my Nginx conf or maybe even just give a few performance tips for the config?




  1. #SDP WebRDP port = 8083
  2. #SDP Server = 10.100.200.200
  3. #SDP Server HTTPS Port = 8080

  5. ################################################################################
  6. #HTTP to HTTPS Forward
  7. server {
  8.     listen 80;
  9.     server_name servicedesk.domain.com; 
  10.     return 301 https://servicedesk.domain.com$request_uri;
  11. }

  13. ################################################################################
  14. #Vhost for port 443 HTTPS forward to port 8080
  15. server {
  16.         listen  443 ssl http2;
  17.         server_name  servicedesk.domain.com;

  19.         #SSL Config    
  20.         ssl_certificate /etc/ssl/domain.com.bundle.pem;
  21.         ssl_certificate_key /etc/ssl/private.key;
  22.         ssl_session_cache  builtin:1000  shared:SSL:10m;
  23.         ssl_session_timeout 10m;
  24.         add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
  25.         ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  26.         ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!3DES:!CAMELLIA;
  27.         ssl_prefer_server_ciphers on;


  30.         #Additional settings
  31.         client_max_body_size    50M;
  32.         keepalive_timeout       70;
  33.         port_in_redirect        off;
  34.         include /etc/nginx/mime.types;

  36.         #Log Files for port 443
  37.         access_log      /var/log/nginx/sdp443.access.log;
  38.         error_log       /var/log/nginx/sdp443.error.log;



  42.                 #Location for port 443 forward to 8080
  43.                 location / {
  44.                 proxy_set_header        Host $host;
  45.                 proxy_set_header        X-Real-IP $remote_addr;
  46.                 proxy_set_header        X-Real-Host $host;
  47.                 proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  48.                 proxy_set_header        X-Forwarded-Proto $scheme;
  49.                 proxy_pass              https://10.100.200.200:8080;
  50.                 proxy_read_timeout      120;

  52.                 
  53.             # WebSocket support
  54.               proxy_http_version      1.1;
  55.             proxy_set_header        Upgrade $http_upgrade;
  56.             proxy_set_header        Connection "upgrade";

  58.                           }

  60. }


  63. ################################################################################
  64. #Vhost port 8083 for WebRDP
  65. server{
  66.       listen 8083 ssl http2;
  67.       server_name servicedesk.domain.com;

  69.       #SSL Config for port 8083 WEBRDP
  70.       ssl_certificate /etc/ssl/domain.com.bundle.pem;
  71.       ssl_certificate_key /etc/ssl/private.key;
  72.       ssl_session_timeout 20m;
  73.       ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  74.       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  75.       ssl_prefer_server_ciphers on;
  76.       ssl_verify_client off;

  78.       #Additional settings
  79.       client_max_body_size    50M;
  80.       keepalive_timeout       70;
  81.       port_in_redirect        off;
  82.       include /etc/nginx/mime.types;


  85.       #Location for 8083
  86.       location /{
  87.       proxy_http_version 1.1;
  88.       proxy_pass https://10.100.200.200:8083; 
  89.       proxy_set_header Host $host;   
  90.       proxy_set_header Upgrade $http_upgrade;
  91.       proxy_set_header Connection "upgrade";  
  92.  
  93.                 }
  94. }


























      • Topic Participants

      • jna

        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                        Related Products