How do I set SSL certificate for Plesk installed inside a Virtuozzo container?

Article ID: 1090 
Last Review: Oct,6 2008
Author: Vitaly Filatov APPLIES TO:
  • Virtuozzo for Linux 3.x

Resolution

If Plesk is installed inside a Virtuozzo container and offline management is turned on for that container then all requests to Plesk port 8443 are being intercepted by a Service Container and default SSL certificate installed inside a Service Container is used.

Please note: this article applies to Virtuozzo 3.x/2.6.x only. If you want to set up a separate SSL certificate into a container with Plesk for Virtuozzo 4.x version please contact Support Team to obtain solution for feature #44867.

For Virtuozzo 3.x version you may use the following instructions:

Let assume we have the container #101 with IP address 192.168.1.1 and hostname plesk.example.com.

1. Take SSL certificate from the container #101, it is accessible as /vz/root/101/usr/local/psa/admin/conf/httpsd.pem file on a hardware node and split it to separate files 192.168.1.1.crt and 192.168.1.1.key files which contain certificate and private key parts accordingly. Place these files into a Service Container in /vz/root/1/etc/vzcp directory.

2. Add the following section in the end of /vz/root/1/etc/vzcp/httpd.conf file for the Virtuozzo 3.x:

<VirtualHost 192.168.1.1:8443>
ServerName "plesk.example.com"
ProxyPreserveHost On

RequestHeader set X_VZCP_API_VERSION 30000
RequestHeader set X_VZCP_PROXY_MODE 1
RequestHeader set X_VZCP_PSA_PORT 8443
RequestHeader set X_VZCP_PSA_PROTO https
RequestHeader set X_VZCP_PSA_BASE_URL /vz/cp/psa/frameset
RequestHeader set X_VZCP_PSA_NOSERV_URL /vz/cp/psa/noservice
RequestHeader set X_VZCP_PSA_RESTORE_URL /vz/cp/psa/restore_session
RequestHeader set X_VZCP_PSA_PASSWD_URL /vz/cp/restore-password

SSLEngine on
RewriteEngine on
RewriteRule ^/?$ /vz/cp/psa/frameset [R]
RewriteRule ^/vz/cp/?$ /vz/cp/psa/frameset [R]
RewriteRule ^/login\.php3.*$ /vz/cp/psa/frameset [R]
RewriteRule ^/(vz|psa|favicon.ico) - [L]
RewriteRule ^(/.*)$ http://%{bb}SERVER_ADDR{be}:8880$1 [P,QSA]

SSLCertificateFile "/etc/vzcp/192.168.1.1.crt"
SSLCertificateKeyFile "/etc/vzcp/192.168.1.1.key"

SetEnv VZCP_PORT 8443
SetEnv VZCP_MODE_PLESK yes
SetEnv VZCP_PSA_BASE_URL /vz/cp/psa/frameset

ErrorDocument 502 "/vz/cp/psa/noservice"
</VirtualHost>

If you need to use CA Certificate, also add SSLCACertificatePath directive and specify the path to the file that contains CA Certificate.

NOTE: if you have Virtuozzo 2.6.2 installed please change X_VZCP_API_VERSION to 20602 so that the corresponding line looks like this:

RequestHeader set X_VZCP_API_VERSION 20602

3. You may set the ServerName or check that it is possible to resolve hostname by IP from inside a Service Container. You may add this line into /etc/hosts inside a Service Container if needed:

192.168.1.1 plesk.example.com

4. Restart the 'vzcp' service inside a Service Container:
# vzctl exec 1 service vzcp restart
Keywords: VZPP Plesk SSL offline management Service Container
Subscription for this article changesSubscription for this article changes

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
captcha *Please type the code you can see.
* - required fields