Views: 9970
Last Modified: 22.09.2017
Attention! This solution is temporary, new BitrixVA/BitrixEnv versions will have more convenient support for user SSL-certificates.
In case, if you have a site http://site1.bx, and we need to switch the operation of the site to a protected https protocol.
Your actions should be the following:
- First, you need to receive SSL-certificate from Certification authority, selected by you. You should have the following files:
- site1.bx.key - domain private key (created by you when sending a request for certificate or sent by a certification authority)
- site1.bx.crt - domain public certificate (sent by the certification authority)
Attention! If the default pasword-protected SSL-certifiate is modified in
BitrixVA/BitrixEnv, this will cause a problem in the operation of wizards and re-launching of services. Password input will be requested continuously. To avoid such problems, it is necessary to delete password from the certificate:
/path/to/openssl rsa -in /path/to/originalkeywithpass.key -out /path/to/newkeywithnopass.key
- After that, the certificates received from the authority should be uploaded, for example, in the
/etc/nginx/ssl/
directory or via any file manager as per sftp protocol (for example, WinSCP).
- Further commands are executed in the BitrixVA/BitrixEnv Virtual appliance console (0. Exit in the main menu) or via similar actions in the file manager, as per convenience.
- When updating the BitrixVA/BitrixEnv Virtual Appliance, an automatic rewrite of nginx standard files can occur, that is why the config file
ssl.conf
shall be copied to a new file site1.bx_ssl.conf
(file can have any filename). This is done for convenience, for each site, if you have several:
cp /etc/nginx/bx/conf/ssl.conf /etc/nginx/bx/conf/site1.bx_ssl.conf
- Then, file
/etc/nginx/bx/conf/site1.bx_ssl.conf
shall be edited and location site1.bx.key
(domain private key) shall be indicated as well as file site1.bx.crt
(domain public certificate) in nginx ssl_certificate_key
and ssl_certificate
directive, respectively.
ssl_certificate /etc/nginx/ssl/site1.bx.crt; # domain public certificate
ssl_certificate_key /etc/nginx/ssl/site1.bx.key; # domain private key
- Open file
/etc/nginx/bx/site_avaliable/bx_ext_ssl_site1.bx.conf
and search the line in it:
include bx/conf/ssl.conf;
and modify to:
include bx/conf/site1.bx_ssl.conf;
Note: For default site s1 (which is located in the /home/bitrix/www
directory) the file name will be /etc/nginx/bx/site_avaliable/s1.ssl.conf
, and for additional sites (which are created in the /home/bitrix/ext_www/host_name
directory) - /etc/nginx/bx/site_avaliable/bx_ext_ssl_host_name.conf
.
- Verify, if nginx configuration files do not contain errors:
nginx -t
- If everything is ok, restart nginx:
CentOS 6:
service nginx restart
CentOS 7:
systemctl restart nginx.service
- Then, site operation can be switched only as per the protocol https, as an option in the menu 6. Mange sites in the pool > 5. Change https settings on site. Description how to do it can be found here here.
Now, even if the standard nginx configuration files are modified, after the update of BitrixVA/BitrixEnv Virtual Appliance, the site will continue to work according https protocol.