Views: 3514
Last Modified: 10.03.2021
It is recommended to use a fully pre-configured
BitrixVM
Bitrix Virtual Appliance is a free-of-charge, off-the-shelf software product, a fully preconfigured and tested virtual server adapted for an immediate use for both Bitrix24 products and any PHP applications. Available versions of Bitrix Virtual Appliance support both Windows and Unix systems.
Learn more...
for Bitrix24 Self-hosted. When due to some reasons, you cannot use BitrixVM, a Push server must be configured in the deployed environment. The examples below are specifically provided for CentOs.
Push server configuration
- Enable the connected bitrix-env repository:
cat /etc/yum.repos.d/bitrix.repo
[bitrix]
name=$OS $releasever - $basearch
failovermethod=priority
baseurl=http://repos.bitrix24.com/yum/el/$releasever/$basearch
enabled=1
gpgcheck=1
gpgkey=http://repos.bitrix24.com/yum/RPM-GPG-KEY-BitrixEnv
Note: In case of Centos 6, a connected nodejs repository is required
curl --silent --location https://rpm.nodesource.com/setup_6.x | bash - >/dev/null 2>&1
- Install the packages.
Note: Due to ongoing issue with Centos 7.3, install http-parser package manually:
rpm -Uvh https://kojipkgs.fedoraproject.org//packages/http-parser/2.7.1/3.el7/x86_64/http-parser-2.7.1-3.el7.x86_64.rpm
Затем
yum -y install nodejs push-server
Redis server setup
- Update group for Redis user. In case of Bitrix environment - it is a bitrix group. In the rest of cases, the group corresponds to the group with permissions handled by apache or php-fpm services.
usermod -g bitrix redis
- Update config file for Redis service:
cat /etc/redis.conf
# Ansible managed
unixsocket /tmp/redis.sock
pidfile /var/run/redis_6379.pid
logfile /var/log/redis/redis.log
dir /var/lib/redis
bind 127.0.0.1
protected-mode yes
port 6379
tcp-backlog 511
unixsocketperm 770
timeout 0
tcp-keepalive 300
daemonize yes
supervised no
loglevel notice
databases 16
save 86400 1
save 7200 10
save 3600 10000
stop-writes-on-bgsave-error no
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
slave-serve-stale-data yes
slave-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-disable-tcp-nodelay no
slave-priority 100
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes
maxmemory 459mb
maxmemory-policy allkeys-lru
The maxmemory value depends on capabilities server with installed push-server. In case of BitrixVM, for example, this parameter equals to 1/4 from installed memory.
Note: In case of Centos 7, update Redis service settings:
cat /etc/systemd/system/redis.service.d/custom.conf
[Service]
Group=bitrix
When Bitrix environment is not used, insert group value as you require.
- Re-launch Redis service and enable automatic launch for it.
Command for Centos 7:
systemctl enable redis && systemctl restart redis
Command for Centos 6:
chkconfig redis on && /etc/init.d/redis restart
Push server configuration
- Update the settings file
/etc/sysconfig/push-server-multi, by adding the option WS_HOST -
host IP address
You can use localhost or 127.0.0.1 for Push server. When an external address is used, make sure that network firewall settings allowed access to required web servers.
, use for launching the service. When required, update the settings, responsible for number of nodejs processes, handling get and publishing messages:
ID_SUB=5 # max ID for sub service
ID_PUB=1 # max ID for pub service
- Create configuration files for launched processes. Simultaneously, the key
SECURITY_KEY will be created in the config:
/etc/init.d/push-server-multi reset
This process creates config files in the catalog:
ls -al /etc/push-server/push-server-*
-rw-r--r-- 1 bitrix root 685 Aug 25 14:52 /etc/push-server/push-server-pub-9010.json
-rw-r--r-- 1 bitrix root 685 Aug 25 14:52 /etc/push-server/push-server-pub-9011.json
-rw-r--r-- 1 bitrix root 635 Aug 25 14:52 /etc/push-server/push-server-sub-8010.json
-rw-r--r-- 1 bitrix root 635 Aug 25 14:52 /etc/push-server/push-server-sub-8011.json
-rw-r--r-- 1 bitrix root 635 Aug 25 14:52 /etc/push-server/push-server-sub-8012.json
-rw-r--r-- 1 bitrix root 635 Aug 25 14:52 /etc/push-server/push-server-sub-8013.json
-rw-r--r-- 1 bitrix root 635 Aug 25 14:52 /etc/push-server/push-server-sub-8014.json
-rw-r--r-- 1 bitrix root 635 Aug 25 14:52 /etc/push-server/push-server-sub-8015.json
Number of files depends on the options, specified above.
- Launch the processes.
Command for Centos 7:
systemctl enable push-server && systemctl start push-server
Command for Centos 6:
chkconfig push-server-multi on && /etc/init.d/push-server-multi start
NGINX Configuration
- Setup server upstream for Push server:
#/etc/nginx/bx/settings/rtc-im_settings.conf
log_format simple '$time_local $status $request';
# if connection ti not set
map $http_upgrade $connection_upgrade {
default upgrade;
'' 'close';
}
map $http_upgrade $replace_upgrade {
default $http_upgrade;
'' "websocket";
}
# sub services
upstream nodejs_sub {
ip_hash;
keepalive 1024;
server vm04.ksh.bx:8010;
server vm04.ksh.bx:8011;
server vm04.ksh.bx:8012;
server vm04.ksh.bx:8013;
server vm04.ksh.bx:8014;
server vm04.ksh.bx:8015;
}
# pub services
upstream nodejs_pub {
ip_hash;
keepalive 1024;
server vm04.ksh.bx:9010;
server vm04.ksh.bx:9011;
}
Use the installed Push server name or IP address with as the server name.
- Configuration file for virtual servers:
# /etc/nginx/bx/site_enabled/rtc-server.conf
server {
listen 8895 default_server;
server_name _;
# access_log /var/log/nginx/access.log main buffer=64k;
# access_log /dev/shm/access.log simple;
# error_log /var/log/nginx/error.log warn;
access_log off;
add_header "X-Content-Type-Options" "nosniff";
location /server-stat {
access_log off;
proxy_pass http://nodejs_pub;
}
location /nginx_status {
stub_status on;
}
location /bitrix/pub/ {
# IM doesn't wait
proxy_ignore_client_abort on;
proxy_pass http://nodejs_pub;
}
include bx/conf/im_subscrider.conf;
location / {
deny all;
}
}
server {
listen 8893;
listen 8894 default_server ssl;
access_log off;
add_header Access-Control-Allow-Origin *;
server_name _;
# ssl settings
include bx/conf/ssl.conf;
# Include error handlers
include bx/conf/errors.conf;
# Include im subscrider handlers
include bx/conf/im_subscrider.conf;
location ^~ / { deny all; }
}
Note: Access to server, servicing the /pub can be opened only for web servers, executing the publishing. When all settings are locked on a single host, it's better to use 127.0.0.1 address for this server.
- The config file
bx/conf/im_subscrider.conf contains settings for public entry points /bitrix/subws, /bitrix/sub and /bitrix/rest.
When they must be used directly on a site and not by separate virtual server, this file must be connected directly into site config.
# cat /etc/nginx/bx/conf/im_subscrider.conf
# Ansible managed
location ~* ^/bitrix/subws/ {
access_log off;
proxy_pass http://nodejs_sub;
# http://blog.martinfjordvald.com/2013/02/websockets-in-nginx/
# 12h+0.5
proxy_max_temp_file_size 0;
proxy_read_timeout 43800;
proxy_http_version 1.1;
proxy_set_header Upgrade $replace_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location ~* ^/bitrix/sub/ {
access_log off;
rewrite ^/bitrix/sub/(.*)$ /bitrix/subws/$1 break;
proxy_pass http://nodejs_sub;
proxy_max_temp_file_size 0;
proxy_read_timeout 43800;
}
location ~* ^/bitrix/rest/ {
access_log off;
proxy_pass http://nodejs_pub;
proxy_max_temp_file_size 0;
proxy_read_timeout 43800;
}
- Connect the configs:
# /etc/nginx/nginx.conf
include /etc/nginx/bx/site_enabled/rtc-server.conf;
include /etc/nginx/bx/settings/rtc-im_settings.conf;
- In case of a Virtual Appliance, delete old server configuration (push-stream-module)
/etc/nginx/bx/conf/im_subscrider.conf and /etc/nginx/bx/site_enabled/push.conf.
- Re-launch NGINX server.
Site setup
Add the following settings in the config file
bitrix/.settings.php
Settings in the new kernel are contained in the file /bitrix/.settings.php. Please, be advised that the old kernel contained such settings in the file /bitrix/php_interface/dbconn.php. The file .settings.php structurally differs significantly from the previous dbconn.php.
Learn more...
as follows:
'pull' => Array(
'value' => array(
'path_to_listener' => 'http://#DOMAIN#/bitrix/sub/',
'path_to_listener_secure' => 'https://#DOMAIN#/bitrix/sub/',
'path_to_modern_listener' => 'http://#DOMAIN#/bitrix/sub/',
'path_to_modern_listener_secure' => 'https://#DOMAIN#/bitrix/sub/',
'path_to_mobile_listener' => 'http://#DOMAIN#:8893/bitrix/sub/',
'path_to_mobile_listener_secure' => 'https://#DOMAIN#:8894/bitrix/sub/',
'path_to_websocket' => 'ws://#DOMAIN#/bitrix/subws/',
'path_to_websocket_secure' => 'wss://#DOMAIN#/bitrix/subws/',
'path_to_publish' => 'http://vm04.ksh.bx:8895/bitrix/pub/',
'nginx_version' => '3',
'nginx_command_per_hit' => '100',
'nginx' => 'Y',
'nginx_headers' => 'N',
'push' => 'Y',
'websocket' => 'Y',
'signature_key' => 'ANzCW8X3ui4GokEqAh8fwinrSBnWj3dU1V0O3knHlwc224vBdIA8Yg1PhPU1G3tQaTcnorGO9skoWPbLiDV5eqnVcH2RgbKCP65yAHjiFfP4RJh60W9sxqISkcQxWQ0U',
'signature_algo' => 'sha1',
'guest' => 'N',
),
),
Indicate settings from /etc/sysconfig/push-server-multi as a signature_key.
grep SECURITY_KEY /etc/sysconfig/push-server-multi
SECURITY_KEY=ANzCW8X3ui4GokEqAh8fwinrSBnWj3dU1V0O3knHlwc224vBdIA8Yg1PhPU1G3tQaTcnorGO9skoWPbLiDV5eqnVcH2RgbKCP65yAHjiFfP4RJh60W9sxqISkcQxWQ0U