Attention! This solution is temporary, new BitrixVA/BitrixEnv versions will have more convenient support for user SSL-certificates.
In case, if you have a site http://site1.bx, and we need to switch the operation of the site to a protected https protocol.
Your actions should be the following:
- First, you need to receive SSL-certificate from Certification authority, selected by you. You should have the following files:
- site1.bx.key - domain private key (created by you when sending a request for certificate or sent by a certification authority)
- site1.bx.crt - domain public certificate (sent by the certification authority)
If the default pasword-protected SSL-certifiate is modified in BitrixVA/BitrixEnv
, this will cause a problem in the operation of wizards and re-launching of services. Password input will be requested continuously. To avoid such problems, it is necessary to delete password from the certificate:
/path/to/openssl rsa -in /path/to/originalkeywithpass.key -out /path/to/newkeywithnopass.key
- After that, the certificates received from the authority should be uploaded, for example, in the
/etc/nginx/ssl/ directory or via any file manager as per sftp protocol (for example, WinSCP).
- Further commands are executed in the BitrixVA/BitrixEnv Virtual appliance console (0. Exit in the main menu) or via similar actions in the file manager, as per convenience.
- When updating the BitrixVA/BitrixEnv Virtual Appliance, an automatic rewrite of nginx standard files can occur, that is why the config file
ssl.conf shall be copied to a new file
site1.bx_ssl.conf (file can have any filename). This is done for convenience, for each site, if you have several:
cp /etc/nginx/bx/conf/ssl.conf /etc/nginx/bx/conf/site1.bx_ssl.conf
- Then, file
/etc/nginx/bx/conf/site1.bx_ssl.conf shall be edited and location
site1.bx.key (domain private key) shall be indicated as well as file
site1.bx.crt (domain public certificate) in nginx
ssl_certificate directive, respectively.
ssl_certificate /etc/nginx/ssl/site1.bx.crt; # domain public certificate
ssl_certificate_key /etc/nginx/ssl/site1.bx.key; # domain private key
- Open file
/etc/nginx/bx/site_avaliable/bx_ext_ssl_site1.bx.conf and search the line in it:
and modify to:
Note: For default site s1 (which is located in the
/home/bitrix/www directory) the file name will be
/etc/nginx/bx/site_avaliable/s1.ssl.conf, and for additional sites (which are created in the
/home/bitrix/ext_www/host_name directory) -
- Verify, if nginx configuration files do not contain errors:
- If everything is ok, restart nginx:
service nginx restart
systemctl restart nginx.service
- Then, site operation can be switched only as per the protocol https, as an option in the menu 6. Mange sites in the pool > 5. Change https settings on site. Description how to do it can be found here here.
Now, even if the standard nginx configuration files are modified, after the update of BitrixVA/BitrixEnv Virtual Appliance, the site will continue to work according https protocol.