HTTPS not working

Discussion in '3CX Phone System - General' started by Frazer, Feb 14, 2018.

Thread Status:
Not open for further replies.
  1. Frazer

    Joined:
    Nov 22, 2017
    Messages:
    20
    Likes Received:
    1
    Hi,
    We have had a new install this week only to find out HTTPS is not working after all the extensions/phones have been configured and tested.

    Looking at c:\program files\3cx phone system\bin\nginx\conf\nginx.conf it appears as though there is no port 443/SSL configuration.

    My guess is that its due to a bad certificate import upon installation (custom domain).
    If this is the case, then it really needs to be verified after uploading and let the user know as part of the initial setup, rather than to continue with no SSL without any error messages.

    Is there a way we can add 443/SSL to our existing setup by modifying the nginx.conf?

    Thanks
     
  2. saqqara16

    Joined:
    Jan 13, 2016
    Messages:
    43
    Likes Received:
    5
  3. Frazer

    Joined:
    Nov 22, 2017
    Messages:
    20
    Likes Received:
    1
    Thanks - The crt.pem and key.pem were missing - probably because the original import failed (without notification)
    I added the 2 files using the link mentioned and restarted - no joy - the config didnt appear magically (was hoping 3CX would detect the certificate and update the nginx.conf)
    I added the following to C:\Program Files\3CX Phone System\Bin\nginx\conf\nginx.conf underneath the existing 'server' entry for port 80, before the last closing bracket }
    Code:
        server {
            add_header X-Frame-Options "SAMEORIGIN";
            listen       443 ssl;
            listen [::]:443 ssl;
            server_name  YOUR.3CX.HOSTNAME.HERE;
            server_tokens off;
    
            access_log off;
            error_log nul crit;
    
            ssl_dhparam Instance1/dhparam.pem;
            ssl_session_cache shared:SSL:60m;
            ssl_session_timeout 1d;
            ssl_stapling on;
            ssl_stapling_verify on;
            add_header Strict-Transport-Security max-age=15768000;
    
            ssl_certificate      Instance1/YOUR.CERTIFICATE.HERE-crt.pem;
            ssl_certificate_key  Instance1/YOUR.PRIVATE.KEY.HERE-key.pem;
    
            ssl_ciphers  'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-ECDSA-DES-CBC3-SHA';
    
            ssl_prefer_server_ciphers  on;
    
            client_max_body_size 300m;
    
            location /user_images {
                expires 1y;
                add_header Pragma public;
                add_header Cache-Control "public";
                root "C:/ProgramData/3CX/Data/Http/wwwroot";
            }
    
            location ~ /webclient/.*\.(js|css|woff|woff2|json|mp3)$ {
                expires 1y;
                add_header Pragma public;
                add_header Cache-Control "public";
                root "C:/ProgramData/3CX/Data/Http/wwwroot";
            }
    
            location ~ index\.html {
                add_header Cache-Control "no-cache, no-store, must-revalidate";
                add_header Pragma no-cache;
                expires 0;
                root "C:/ProgramData/3CX/Data/Http/wwwroot";
            }
    
            location / {
                index index.html;
                root "C:/ProgramData/3CX/Data/Http/wwwroot";
                try_files $uri $uri/ @proxy;
            }
    
            location /MyPhone {
                alias "C:/ProgramData/3CX/Instance1/Data/Http/Interface/MyPhone";
                try_files $uri $uri/ @proxy;
            }
    
            location @proxy {
                proxy_set_header    Upgrade $http_upgrade;
                proxy_set_header    Connection $connection_upgrade;
                proxy_set_header    Host $host;
                proxy_set_header    X-Real-IP   $remote_addr;
                proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass  http://127.0.0.1:5004;
                proxy_buffering off;
            }
    
            location /management/Reports {
                alias "C:/ProgramData/3CX/Instance1/Data/Http/Reports";
            }
    
        }
    
    Dont forget to change, server_name, listen port (mine is 443), SSL key/cert file names
    This was installed on Windows 64-bit with default install paths, you may need to change others if you dont have a default install.
     
Thread Status:
Not open for further replies.