MeshCentral – NGINX Reverse Proxy

Explanation and demonstration of MeshCentral running behind the NGINX reverse proxy. We look at why we do this, the configuration files, certificates and HTTP headers required to make it all work. More information at: https://meshcentral.com

0:00 – Introduction
0:20 – Why use a reverse proxy?
1:10 – Multiple services sharing a single IP address
1:59 – DNS setup, many names to the same IP
2:35 – How does the reverse proxy forward connections?
2:53 – TLS offloading and certificate selection
3:30 – Single public IP address, lower cost
4:05 – MeshCentral and NGINX relationship
4:35 – Agent authentication
5:40 – MeshCentral certificate query
6:00 – Demonstration setup
6:35 – NGINX configuration
7:50 – Extra headers with the real IP address
9:05 – MeshCentral trusted headers from the reverse proxy
9:40 – NGINX configuration review
9:53 – MeshCentral port configuration
10:50 – TLS offload configuration and trusted headers
11:46 – Intel AMT MPS port and alias
12:25 – CertURL, loading the NGINX certificate
13:43 – Starting MeshCentral with new config file
14:55 – Getting ready to start NGINX
15:52 – First connection from an agent
16:40 – Starting NGINX
17:26 – Browsing to the MeshCentral web site
17:58 – Checking the IP address of the agent and browser
18:56 – Review of using a reverse proxy
19:38 – Dynamically changing the TLS certificate
20:22 – Conclusion

Music | “I Need You” by LiQWYD