This article has been invaluable to me for ssl management on virtuozzo based servers. Hope it helps all of you!

For Virtuozzo 3.x/2.6.x version you may use the following instructions:

Let assume we have the container #101 with IP address 192.168.1.1 and hostname plesk.example.com.

1. Take SSL certificate from the container #101, it is accessible as /vz/root/101/usr/local/psa/admin/conf/httpsd.pem file on a hardware node and split it to separate files 192.168.1.1.crt and 192.168.1.1.key files which contain certificate and private key parts accordingly. Place these files into a Service Container in /vz/root/1/etc/vzcp directory.

2. Add the following section in the end of /vz/root/1/etc/vzcp/httpd.conf file for the Virtuozzo 3.x:
ServerName “plesk.example.com”
ProxyPreserveHost On

RequestHeader set X_VZCP_API_VERSION 30000
RequestHeader set X_VZCP_PROXY_MODE 1
RequestHeader set X_VZCP_PSA_PORT 8443
RequestHeader set X_VZCP_PSA_PROTO https
RequestHeader set X_VZCP_PSA_BASE_URL /vz/cp/psa/frameset
RequestHeader set X_VZCP_PSA_NOSERV_URL /vz/cp/psa/noservice
RequestHeader set X_VZCP_PSA_RESTORE_URL /vz/cp/psa/restore_session
RequestHeader set X_VZCP_PSA_PASSWD_URL /vz/cp/restore-password

SSLEngine on
RewriteEngine on
RewriteRule ^/?$ /vz/cp/psa/frameset [R]
RewriteRule ^/vz/cp/?$ /vz/cp/psa/frameset [R]
RewriteRule ^/login\.php3.*$ /vz/cp/psa/frameset [R]
RewriteRule ^/(vz|psa|favicon.ico) – [L]
RewriteRule ^(/.*)$ http://%{SERVER_ADDR}:8880$1 [P,QSA]

SSLCertificateFile “/etc/vzcp/192.168.1.1.crt”
SSLCertificateKeyFile “/etc/vzcp/192.168.1.1.key”

SetEnv VZCP_PORT 8443
SetEnv VZCP_MODE_PLESK yes
SetEnv VZCP_PSA_BASE_URL /vz/cp/psa/frameset

ErrorDocument 502 “/vz/cp/psa/noservice”

If you need to use CA Certificate, also add SSLCACertificatePath directive and specify the path to the file that contains CA Certificate.

NOTE: if you have Virtuozzo 2.6.2 installed please change X_VZCP_API_VERSION to 20602 so that the corresponding line looks like this:

RequestHeader set X_VZCP_API_VERSION 20602

3. You may set the ServerName or check that it is possible to resolve hostname by IP from inside a Service Container. You may add this line into /etc/hosts inside a Service Container if needed:

192.168.1.1 plesk.example.com

4. Restart the ‘vzcp’ service inside a Service Container:

# vzctl exec 1 service vzcp restart

Posted by Drwndx, filed under Geek |

Date: July 2, 2009, 6:42 pm | | No Comments »