Bitrix24 behind proxy

by
  1. Inputs data
  2. Configuration front-end server with nginx
  3. Configuration back-end server / bitrix

Inputs data

There was a need to place a boxed version of Bitrix24 behind proxy server on nginx. And so that we have:

192.168.88.20 – ip server with nginx, for which there is an A-record with the domain name bx24.corp. The server listens on standard ports 80 and 443.
192.168.88.24 – ip box version bitrix24, which is available on port 80.

Configuration front-end server with nginx

Create a separate file for configuration /etc/nginx/conf.d/bx.conf:

server {
    listen        80;
    server_name   bx24.corp;
    return 301 https://bx24.corp$request_uri;
}

server {
	listen 443 ssl;
        server_name bx24.corp;
        ssl on;
        ssl_certificate /etc/pki/tls/certs/bx.crt;
        ssl_certificate_key /etc/pki/tls/private/bx.key;
        ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

location / {
	proxy_pass http://192.168.88.24:80;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

In the first server block, we redirect from http to https: we accept requests on port 80 on bx24.corp and redirect them to port 443.

In the second server block, we specify the settings for bx24.corp: 443. Here you need to specify the certificate and private key for the domain name: ssl_certificate and ssl_certificate_key.

In the location in proxy_pass the back-end server is indicated, in our case it is bitrix. The proxy_set_header parameter is required to transmit the real IP addresses of visitors.

To apply the new settings, we tell nginx to re-read the configuration files:

service nginx reload

Configuration back-end server / bitrix behind proxy

Open the nginx configuration file for bitrix. By default, this is /etc/nginx/bx/site_avaliable/s1.conf:

# Default website
    server {
            listen 80 default_server;
            server_name _;
            server_name_in_redirect off;

	    access_log /var/log/nginx/access.log main;
	    error_log /var/log/nginx/error.log warn;

            proxy_set_header        X-Real-IP        $remote_addr;
            proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header        Host $host:443;

	    set_real_ip_from 192.168.88.0/24;
	    real_ip_header X-Forwarded-For;

            set $proxyserver        "http://127.0.0.1:8888";
            set $docroot            "/home/bitrix/www";

            index index.php;
            root /home/bitrix/www;

            # Redirect to ssl if need
            if (-f /home/bitrix/www/.htsecure) { rewrite ^(.*)$ https://$host$1 permanent; }

            # Include parameters common to all websites
            include bx/conf/bitrix.conf;

            # Include server monitoring locations
            include bx/server_monitor.conf;
    }

Here we only changed proxy_set_header Host $ host: 80; on proxy_set_header Host $ host: 443; so that nginx substitutes port 443 in the headers and adds two new parameters in order to get real IP addresses of visitors:

set_real_ip_from 192.168.88.20; and real_ip_header X-Forwarded-For;, where set_real_ip_from specifies the IP address of the proxy nginx server from which it is allowed to receive real addresses. That’s all, the setup is complete. Reload configs:

service nginx reload

Related article: Bitrix24 not work push

Leave a Comment