Sidebar Sidebar
  • V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

HTTPS not working

Status
Not open for further replies.

Frazer

Joined
Nov 22, 2017
Messages
24
Reaction score
1
Hi,
We have had a new install this week only to find out HTTPS is not working after all the extensions/phones have been configured and tested.

Looking at c:\program files\3cx phone system\bin\nginx\conf\nginx.conf it appears as though there is no port 443/SSL configuration.

My guess is that its due to a bad certificate import upon installation (custom domain).
If this is the case, then it really needs to be verified after uploading and let the user know as part of the initial setup, rather than to continue with no SSL without any error messages.

Is there a way we can add 443/SSL to our existing setup by modifying the nginx.conf?

Thanks
 
Thanks - The crt.pem and key.pem were missing - probably because the original import failed (without notification)
I added the 2 files using the link mentioned and restarted - no joy - the config didnt appear magically (was hoping 3CX would detect the certificate and update the nginx.conf)
I added the following to C:\Program Files\3CX Phone System\Bin\nginx\conf\nginx.conf underneath the existing 'server' entry for port 80, before the last closing bracket }
Code: 
    server {
        add_header X-Frame-Options "SAMEORIGIN";
        listen       443 ssl;
        listen [::]:443 ssl;
        server_name  YOUR.3CX.HOSTNAME.HERE;
        server_tokens off;

        access_log off;
        error_log nul crit;

        ssl_dhparam Instance1/dhparam.pem;
        ssl_session_cache shared:SSL:60m;
        ssl_session_timeout 1d;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

        ssl_certificate      Instance1/YOUR.CERTIFICATE.HERE-crt.pem;
        ssl_certificate_key  Instance1/YOUR.PRIVATE.KEY.HERE-key.pem;

        ssl_ciphers  'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-ECDSA-DES-CBC3-SHA';

        ssl_prefer_server_ciphers  on;

        client_max_body_size 300m;

        location /user_images {
            expires 1y;
            add_header Pragma public;
            add_header Cache-Control "public";
            root "C:/ProgramData/3CX/Data/Http/wwwroot";
        }

        location ~ /webclient/.*\.(js|css|woff|woff2|json|mp3)$ {
            expires 1y;
            add_header Pragma public;
            add_header Cache-Control "public";
            root "C:/ProgramData/3CX/Data/Http/wwwroot";
        }

        location ~ index\.html {
            add_header Cache-Control "no-cache, no-store, must-revalidate";
            add_header Pragma no-cache;
            expires 0;
            root "C:/ProgramData/3CX/Data/Http/wwwroot";
        }

        location / {
            index index.html;
            root "C:/ProgramData/3CX/Data/Http/wwwroot";
            try_files $uri $uri/ @proxy;
        }

        location /MyPhone {
            alias "C:/ProgramData/3CX/Instance1/Data/Http/Interface/MyPhone";
            try_files $uri $uri/ @proxy;
        }

        location @proxy {
            proxy_set_header    Upgrade $http_upgrade;
            proxy_set_header    Connection $connection_upgrade;
            proxy_set_header    Host $host;
            proxy_set_header    X-Real-IP   $remote_addr;
            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass  http://127.0.0.1:5004;
            proxy_buffering off;
        }

        location /management/Reports {
            alias "C:/ProgramData/3CX/Instance1/Data/Http/Reports";
        }

    }
Dont forget to change, server_name, listen port (mine is 443), SSL key/cert file names
This was installed on Windows 64-bit with default install paths, you may need to change others if you dont have a default install.
 
Status
Not open for further replies.

Getting Started - Admin

Latest Posts

Members Online Now

Total: 379 (members: 18, guests: 361)

Forum statistics

Threads
141,983
Messages
751,607
Members
145,458
Latest member
Basem Askar
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Top Bottom
Back