https://training.bitrix24.

com/support/training/course…

Adding SSL-certificates in BitrixVA/BitrixEnv

Captura Web

e-Learning Select course Authorization

Bitrix Virtual Appliance

Adding SSL-certificates in BitrixVA/BitrixEnv 78  /  186

Course description Views: 11616

Last Modified: 22.09.2017
Bitrix Virtual Appliance v7.x

What's New
Attention! This solution is temporary, new BitrixVA/BitrixEnv versions will have more convenient support for user SSL-certificates.
Installation of Bitrix Environment
In case, if you have a site http://site1.bx, and we need to switch the operation of the site to a protected https protocol.
(BitrixEnv) for Linux
Your actions should be the following:
Launching Bitrix Virtual Appliance
1. First, you need to receive SSL-certificate from Certification authority, selected by you. You should have the following files:
VMBitrix.CRM
site1.bx.key - domain private key (created by you when sending a request for certificate or sent by a certification authority)
Installation and Migration of
Bitrix24 Products to site1.bx.crt - domain public certificate (sent by the certification authority)
BitrixVA/BitrixEnv
Attention! If the default pasword-protected SSL-certifiate is modified in BitrixVA/BitrixEnv, this will cause a problem in the operation of wizards and re-launching of
1. Manage servers in the pool
services. Password input will be requested continuously. To avoid such problems, it is necessary to delete password from the certificate:
2. Manage localhost
/path/to/openssl rsa -in /path/to/originalkeywithpass.key -out /path/to/newkeywithnopass.key
3. Configure MySQL servers

4. Configure Memcached Servers

5. Background Tasks in the pool 2. After that, the certificates received from the authority should be uploaded, for example, in the /etc/nginx/ssl/ directory or via any file manager as per sftp protocol (for
6. Configure pool sites example, WinSCP).

7. Manage Sphinx in the pool 3. Further commands are executed in the BitrixVA/BitrixEnv Virtual appliance console (0. Exit in the main menu) or via similar actions in the file manager, as per convenience.

8. Manage Web Nodes in the pool 4. When updating the BitrixVA/BitrixEnv Virtual Appliance, an automatic rewrite of nginx standard files can occur, that is why the config file ssl.conf shall be copied to a

9. Monitoring in the pool new file site1.bx_ssl.conf (file can have any filename). This is done for convenience, for each site, if you have several:

10. Configure Push/RTC Service

cp /etc/nginx/bx/conf/ssl.conf /etc/nginx/bx/conf/site1.bx_ssl.conf
11. Configure Transformer service

Additional Settings for

5. Then, file /etc/nginx/bx/conf/site1.bx_ssl.conf shall be edited and location site1.bx.key (domain private key) shall be indicated as well as file site1.bx.crt
BitrixAV/BitrixEnv
(domain public certificate) in nginx ssl_certificate_key and ssl_certificate directive, respectively.
Modification of BitrixVA Standard
Settings without Disabling
ssl_certificate /etc/nginx/ssl/site1.bx.crt; # domain public certificate
Autotuning ssl_certificate_key /etc/nginx/ssl/site1.bx.key; # domain private key
Adding SSL-certificates in
BitrixVA/BitrixEnv
6. Open file /etc/nginx/bx/site_avaliable/bx_ext_ssl_site1.bx.conf and search the line in it:
Expanding BitrixVA Disk Space

Connecting Swap Partition include bx/conf/ssl.conf;

Fixing issues in old sites with

windows-1251 encoding and modify to:

Manual Configuration of
include bx/conf/site1.bx_ssl.conf;
Memcached

Correct Mounting of Windows-

Resources Note: For default site s1 (which is located in the /home/bitrix/www directory) the file name will be /etc/nginx/bx/site_avaliable/s1.ssl.conf , and for

Execution of All Agents via Cron additional sites (which are created in the /home/bitrix/ext_www/host_name directory) - /etc/nginx/bx/site_avaliable/bx_ext_ssl_host_name.conf .

Mounting Options
7. Verify, if nginx configuration files do not contain errors:
Connecting IDE

Packet Source Codes (starting nginx -t

from version 7.3.0!)

Beta version of 8. If everything is ok, restart nginx:

BitrixEnv/VMBitrix.CRM CentOS 6:
PHP-Extensions Manual Enabling
service nginx restart
BitrixVA proxying settings

BitrixVA API for Providers CentOS 7:

How to create BitrixVM image for
cloning systemctl restart nginx.service

Bitrix Virtual Appliance Contents

Archive 9. Then, site operation can be switched only as per the protocol https, as an option in the menu 6. Mange sites in the pool > 5. Change https settings on site. Description how to
do it can be found here here.

Now, even if the standard nginx configuration files are modified, after the update of BitrixVA/BitrixEnv Virtual Appliance, the site will continue to work according https protocol.

Courses developed by «Bitrix», Inc.

Course description

prev Modification of BitrixVA Standard S… Back to top ↑ Expanding BitrixVA Disk Space next