How to proxy RDP via Nginx

Asked 21/3, 2018 at 19:19 Answered 22/3, 2018 at 13:37

I'm using the below config in nginx to proxy RDP connection:

  server { 
    listen          80;
    server_name     domain.com;

    location / {
      proxy_pass      http://192.168.0.100:3389;
    }
  }

but the connection doesn't go through. My guess is that the problem is http in proxy_pass. Googling "Nginx RDP" didn't yield much.

Anyone knows if it's possible and if yes how?

Trinatte answered 21/3, 2018 at 19:19 Comment(0)

Well actually you are right the http is the problem but not exactly that one in your code block. Lets explain it a bit:

In your nginx.conf file you have something similar to this:

http {  
    ...
    ...
    ...

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

So everything you write in your conf files are inside this http block/scope. But rdp is not http is a different protocol.

The only workaround I know for nginx to handle this is to work on tcp level.

So inside in your nginx.conf and outside the http block you have to declare the stream block like this:

stream {
    # ...
    server {
        listen     80;
        proxy_pass 192.168.0.100:3389;
    }
}

With the above configuration just proxying your backend on tcp layer with a cost of course. As you may notice its missing the server_name attribute you can't use it in the stream scope, plus you lose all the logging functionality that comes on the http level.

For more info on this topic check the docs

Husband answered 21/3, 2018 at 20:32 Comment(4)

Appreciate your answer. I read that RDP can now be used in combination with HTTPS. That gives me the impression that we can use it inside http block as SSL connection. But cuz of my limited knowledge on this matter, I can't see how that's potentially possible. What are your thoughts? – Trinatte 22/3, 2018 at 10:45

This is the line in the below article that made me think this way: "Essentially, standard RPC traffic is wrapped in HTTPS at the client" brianmadden.com/opinion/… – Trinatte 22/3, 2018 at 10:45

Well the line you quoted is referring to an application (outlook) which wraps the RPC in HTTPS and on the other side you have another software which can handle the unpacked message. Microsoft has developed software with which packs and unpacks RDP on https traffic, of course nginx can't do this. You need a different implementation for this you can't deliver directly to port 3389 you need a RD Gateway check this turbofuture.com/computers/… – Husband 22/3, 2018 at 14:14

For what its worth, if you change the ports this syntax works for VNC as well – Ganesha 29/7, 2019 at 20:7

For anyone who is looking to load balance RDP connection using Nginx, here is what I did:

Configure nginx as you normally would, to reroute HTTP(S) traffic to your desired server.

On that server, install myrtille (it needs IIS and .Net 4.5) and you'll be able to RDP into your server from a browser!

Trinatte answered 22/3, 2018 at 13:37 Comment(0)

Recommended topics

Hot tags