Answer the question
In order to leave comments, you need to log in
How to deal with certificates?
Before me are two instructions
https://dev.1c-bitrix.ru/learning/course/?COURSE_I...
https://www.acrit-studio.ru/pantry-programmer/bitr...
they are talking about two files
.key and domain_ru.crt
Question - what other files are involved? These:
domain_ru.ca-bundle and .csr
In chrome, everything works, in Mozilla it swears.
It is not clear, the key and csr file in the name are numbers, should they be renamed?
And it's not entirely clear whether some files need to be combined in a text editor?
now entered like this:
bx/conf/site1.bx_ssl.conf
# If they come here using HTTP, bounce them to the correct scheme
# Nginx internal code used for the plain HTTP requests
# that are sent to HTTPS port to distinguish it from 4XX in a log and an error page redirection.
error_page 497 https://$host$request_uri;
# Increase keepalive connection lifetime
keepalive_timeout 70;
keepalive_requests 150;
# SSL encryption parameters
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
#ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate /etc/nginx/ssl/domain_ru.crt;
#ssl_certificate_key /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/6817054.key;
# performance
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
server {
listen 443 ssl;
server_name domain.ru www.domain.ru;
# Enable SSL connection
include bx/conf/site1.bx_ssl.conf;
server_name_in_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:443;
proxy_set_header HTTPS YES;
set $proxyserver "http://127.0.0.1:8888";
set $docroot "/home/bitrix/www";
index index.php;
root /home/bitrix/www;
# Include parameters common to all websites
include bx/conf/bitrix.conf;
# Include server monitoring API's
include bx/server_monitor.conf;
}
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question