Help with NGINX config Flarum and ScreenConnect

0E800

I would like to host Flarum (www.mydomain.com) and also provide a self hosted remote desktop type support tool called ScreenConnect. (www.mydomain.com/support)

This is my current site-enabled config:

server {
       listen 80;

        server_name keys-daggers.org www.keys-daggers.org;
        location / {
      return https://$host$request_uri;
  }


       }
        server {
        server_name  keys-daggers.org www.keys-daggers.org;
        root /var/www/keysndaggers;

add_header Content-Security-Policy
"default-src 'self' https://www.google.com https://*.youtube.com;
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.keys-daggers.org https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com;
style-src 'self' 'unsafe-inline' https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com;
img-src 'self' https://*.ssl-images-amazon.com https://*.imgur.com https://cdn.jsdelivr.net data:;
font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com;
connect-src 'self';
media-src 'self';
object-src 'self';
form-action 'self';
upgrade-insecure-requests;
block-all-mixed-content;
report-uri https://keysdaggers.report-uri.io/r/default/csp/enforce;";

index index.php index.html index.htm;

    # SSL configuration

    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/snakeoil.conf;
    include snippets/ssl-params.conf;



    location / { try_files $uri $uri/ /index.php?$query_string;}

    location /api { try_files $uri $uri/ /api.php?$query_string; }
    location /admin { try_files $uri $uri/ /admin.php?$query_string; }
    location /analytics { try_files $uri $uri/ /index.php?$query_string; }

    location /flarum {
        deny all;
        return 404;
    }
location /flarum/analytics {
                index index.php index.html index.htm;
                try_files $uri $uri/ /index.php?q=$uri&$args;
}


    location ~ .php$ {
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_pass unix:/var/run/php7-fpm.keysdaggers.sock;
        fastcgi_index index.php;
        include fastcgi_params;



        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    location ~* \.html$ {
        expires -1;
    }
   location ~* \.(css|js|gif|jpe?g|png)$ {
        expires 1M;
        add_header Pragma public;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    }

    gzip on;
    gzip_http_version 1.1;
    gzip_vary on;
    gzip_comp_level 6;
    gzip_proxied any;
    gzip_types application/atom+xml
               application/javascript
  application/json
               application/vnd.ms-fontobject
               application/x-font-ttf
               application/x-web-app-manifest+json
               application/xhtml+xml
               application/xml
               font/opentype
               image/svg+xml
               image/x-icon
               text/css
               text/plain
               text/xml;
    gzip_buffers 16 8k;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";


}

This is what ScreenConnect wants:

server {
	# DEFINE OUR PORTS (443) AND SET THIS AS OUR DEFAULT TLS CERTIFICATE
	listen       443 default_server ssl;
    server_name  insert_your_domain_name_here;
    
	## WE'LL BE USING TLS, SO LET'S ENABLE IT.
	ssl on;
	
	## WHERE'S THE CERTIFICATE AND KEY?
	ssl_certificate      /etc/nginx/tls/domainname.crt;
    ssl_certificate_key  /etc/nginx/tls/domainname.key;
	
	## PERFORMANCE OPTIONS
    ssl_session_cache    shared:SSL:10m;
    ssl_session_timeout  5m;
    keepalive_timeout 60;
	
	## SSL/TLS PROTOCOL - POOR DESCRIPTION AS WE WON'T BE USING SSL, ONLY TLSv1.
	ssl_protocols TLSv1;
	
	## TLSv1 AND TLSv1.1;
	# ssl_protocols TLSv1 TLSv1.1;
	
	## TLSv1 AND TLSv1.1 AND TLSv1.2;
	# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ## ALWAYS SAFER TO DEFINE AN ORDER - THINK CAREFULLY IF YOU DISABLE THIS.
	ssl_prefer_server_ciphers on;
	
	## OUR SUPPORTED CIPHERS.  GOOD FOR A QUALYS "A" RATING (100/95/80/90).
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
    
	## WANT A QUALYS "A" RATING (100/100/100/100)? BE SURE TO REMOVE/COMMENT ABOVE LINE, ENABLE TLSv1.2 ONLY AND BE MINDFUL THAT CLICKONCE/JNLP DEPLOYMENT MAY NOT WORK.
	# ssl_ciphers "ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA";
	## ENABLE IF YOU INTEND TO USE ELLIPTIC CURVE DHE
	# ssl_ecdh_curve secp521r1;
	
	## OPTIONS
	## ENABLE HSTS - CHROME & FIREFOX ONLY. ONCE ENABLED, ALL SUBSEQUENT REQUESTS WILL BE DIRECTED TO HTTPS.
	# add_header Strict-Transport-Security max-age=86400;

    location / {
		## WHERE ARE WE PASSING OUR REQUEST TO?
		# IN THIS EXAMPLE, THE NATIVE SCREENCONNECT UI IS NO LONGER ACCESSIBLE DIRECTLY.  ALL REQUESTS MUST COME THROUGH NGINX PROXY.
		# BE SURE TO SET SCREENCONNECT WEB.CONFIG FILE TO LISTEN ON 127.0.0.1:PORT.
		proxy_pass http://127.0.0.1:10050/;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_max_temp_file_size 0;
        client_max_body_size 50m;
        client_body_buffer_size 256k;
        proxy_connect_timeout 180;
        proxy_send_timeout 180;
        proxy_read_timeout 90;
        proxy_buffer_size 16k;
        proxy_buffers 4 64k;
        proxy_busy_buffers_size 128k;
        proxy_temp_file_write_size 128k;
        }
}

What I would like to do is to hit Flarum forum by going to www.mydomian.com.
Get to ScreenConnect by going to www.mydomain.com/support.

Any help would be greatly appreciated.

What I have tried:
Adding below to my current site-enabled. I end up receiving a 404 error message but it is trying to hit the default installation site of: https://keys-daggers.org/SetupWizard.aspx

location /support {
        ## WHERE ARE WE PASSING OUR REQUEST TO?
        # IN THIS EXAMPLE, THE NATIVE SCREENCONNECT UI IS NO LONGER ACCESSIBLE DIRECTLY. ALL REQUESTS MUST COME THROUGH NGINX PROXY.
        # BE SURE TO SET SCREENCONNECT WEB.CONFIG FILE TO LISTEN ON 127.0.0.1:PORT.
        proxy_pass http://127.0.0.1:10050/;

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 90;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
}

Should I create a separate config in /etc/nginx/sites-enabled?

References:
http://forum.screenconnect.com/yaf_postst2745_-Step-by-Step--Linux--SSL-and-Nginx.aspx
https://github.com/watchmanmonitoring/screenconnect-theme/blob/master/screenconnect-nginx.conf

Thanks again.

0E800

I was able to solve my own issue. Will update post when I have a conclusion.

To solve the issue I added more server blocks to support a subdomain.

Thank you.