Views: 6314 (Data available since 06.02.2017)

Attention! This solution is temporary, new BitrixVA/BitrixEnv versions will have more convenient support for user SSL-certificates.

In case, if you have a site http://site1.bx, and we need to switch the operation of the site to a protected https protocol.

Your actions should be the following:

  1. First, you need to receive SSL-certificate from Certification authority, selected by you. You should have the following files:
    • site1.bx.key - domain private key (created by you when sending a request for certificate or sent by a certification authority)
    • site1.bx.crt - domain public certificate (sent by the certification authority)
    Attention! If the default pasword-protected SSL-certifiate is modified in BitrixVA/BitrixEnv, this will cause a problem in the operation of wizards and re-launching of services. Password input will be requested continuously. To avoid such problems, it is necessary to delete password from the certificate:
    /path/to/openssl rsa -in /path/to/originalkeywithpass.key -out /path/to/newkeywithnopass.key
    
  2. After that, the certificates received from the authority should be uploaded, for example, in the /etc/nginx/ssl/ directory or via any file manager as per sftp protocol (for example, WinSCP).

  3. Further commands are executed in the BitrixVA/BitrixEnv Virtual appliance console (0. Exit in the main menu) or via similar actions in the file manager, as per convenience.

  4. When updating the BitrixVA/BitrixEnv Virtual Appliance, an automatic rewrite of nginx standard files can occur, that is why the config file ssl.conf shall be copied to a new file site1.bx_ssl.conf (file can have any filename). This is done for convenience, for each site, if you have several:
    cp /etc/nginx/bx/conf/ssl.conf /etc/nginx/bx/conf/site1.bx_ssl.conf
    
  5. Then, file /etc/nginx/bx/conf/site1.bx_ssl.conf shall be edited and location site1.bx.key (domain private key) shall be indicated as well as file site1.bx.crt (domain public certificate) in nginx ssl_certificate_key and ssl_certificate directive, respectively.
    ssl_certificate /etc/nginx/ssl/site1.bx.crt;		# domain public certificate
    ssl_certificate_key /etc/nginx/ssl/site1.bx.key;	# domain private key
    
  6. Open file /etc/nginx/bx/site_avaliable/bx_ext_ssl_site1.bx.conf and search the line in it:
    include bx/conf/ssl.conf;
    
    and modify to:
    include bx/conf/site1.bx_ssl.conf;
    

    Note: For default site s1 (which is located in the /home/bitrix/www directory) the file name will be /etc/nginx/bx/site_avaliable/s1.ssl.conf, and for additional sites (which are created in the /home/bitrix/ext_www/host_name directory) - /etc/nginx/bx/site_avaliable/bx_ext_ssl_host_name.conf.

  7. Verify, if nginx configuration files do not contain errors:
    nginx -t
    
  8. If everything is ok, restart nginx:

    CentOS 6:

    service nginx restart
    

    CentOS 7:

    systemctl restart nginx.service
    
  9. Then, site operation can be switched only as per the protocol https, as an option in the menu 6. Mange sites in the pool > 5. Change https settings on site. Description how to do it can be found here here.

Now, even if the standard nginx configuration files are modified, after the update of BitrixVA/BitrixEnv Virtual Appliance, the site will continue to work according https protocol.





Courses developed by «Bitrix», Inc.