Installing a virtual machine for Bitrix. Virtual machine VMBitrix. Version history of BitrixEnv and BitrixVM

"1C-Bitrix: Virtual machine» specially configured for fast execution of 1C-Bitrix software products: it deploys in minutes and is immediately ready for work! You can not only install trial versions of 1C-Bitrix products on a virtual machine, but also transfer your own, ready-made projects.

"1C-Bitrix: Web Environment" - Linux

"1C-Bitrix": Web environment" - Linux serves for quick and easy installation of all software necessary for the operation of 1C-Bitrix products and solutions on the Linux platforms CentOS 6 (i386, x86_64) and CentOS 7 (x86_64).

Using "1C-Bitrix: Virtual Machine", you save time and money: on deployment and configuration of the server, on purchasing the necessary equipment, on ensuring the security of the project. You can use a virtual machine use for free. The machine is also available for rent from hosters at the price of the hosting plan.

Amazon Elastic Compute Cloud (Amazon EC2)

Amazon EC2 is a web service that provides scalable computing power and is designed to quickly and easily deploy web applications on Amazon sites (clouds). 1C-Bitrix specialists have prepared pre-configured BitrixVM images (AMI images) for quick launch 1C-Bitrix applications in Amazon EC2, which include:
  • CentOS 7.5
  • NGINX + Apache2
  • MySQL5 with InnoDB support
  • Mail server agent
  • A UNIX-like Control Menu with common tasks
  • IP address via DHCP, or configured by Amazon Elastic IP
  • HTTPS support
List of ami by region:

Installation procedure

Installation procedure:


Download and install VMWare Player - a free product that runs on any Windows or Linux OS.

Download and unpack the configured BitrixVM virtual machine.

Launch VMWare Player and open the BitrixVirtualAppliance.vmx file from the directory where you unpacked its virtual image.
If you are familiar with VMWare, then you probably have server products from this company in which you can run our virtual machine without any problems.

Answer VMWare dialog questions and reboot virtual server.

Open the received IP address in your browser.
Launch the installation and configuration wizard for 1C-Bitrix products, complete all the steps and get to work!
BitrixSetup

BitrixSetup script

In "1C-Bitrix: Virtual Machine" built in special script BitrixSetup, with which you can download the distribution kit of a trial or commercial version of the product from the website www.1c-bitrix.ru directly to your website, without downloading the file to local computer.

Using another built-in script to restore backups - restore.php- Can quickly transfer sites between machines, and without creating intermediate files. How does this all happen? You make a backup copy of the site using our product (Settings-Tools-Backup), and in the transfer script (directly in the virtual machine) you specify the file name and site. The system itself will copy the file, unpack it and restore it on the Virtual Server.

With the help of special VM solutions, you can quickly get an optimally configured server that is not inferior in performance to BitrixVM, and in scalability - superior to the 1C-Bitrix virtual machine. The packages were prepared by 1C-Bitrix specialists and are available for download and use.

1. “1C-Bitrix: Virtual machine 7.3.4”

“1C-Bitrix: Virtual Machine 7.3.4” is specially configured for fast execution of 1C-Bitrix software products: it deploys in minutes and is immediately ready for work! You can not only install trial versions of 1C-Bitrix products on a virtual machine, but also transfer your own, ready-made projects.

2. “1C-Bitrix: Web Environment” - Linux

"1C-Bitrix": Web Environment" - Linux is used for quick and easy installation of all software necessary for the operation of 1C-Bitrix products and solutions on the Linux platforms CentOS 6 (i386, x86_64) and CentOS 7 (x86_64).

3. Virtuozzo Application Template for launching an optimized Bitrix VPS

Virtuozzo VZ Application Template package for Bitrix using the 1C-Bitrix: Web Environment solution - Linux 2.0. The template is designed for installing (creating) Virtuozzo containers based on CentOS 6 (i386, x86_64) and CentOS 7 (x86_64) packaged as a Virtuozzo EZ Template.

Installing packages requires administration skills! Get Additional information you can in the Developer Support Center by contacting the community on the forum

About the product

About the product

“1C-Bitrix: Virtual Machine” is specially configured for fast execution of 1C-Bitrix software products: it deploys in minutes and is immediately ready for work! You can not only install trial versions of 1C-Bitrix products on a virtual machine, but also transfer your own, ready-made projects. Moreover, you can run several sites on one virtual machine through the wizard.

Web cluster enabled virtual machine

The virtual machine includes a wizard for creating a cluster, a wizard for adding a slave server, and a wizard for switching a slave server to master mode. Now it takes 5-10 minutes to deploy the cluster. There is no need to install or configure anything.

You can appreciate the benefits of virtual machines right now, even if you have never used them. Download a fully ready-to-use virtual machine. Launch it and see how quickly 1C-Bitrix products work under a correctly configured virtual server.

Download and use for free!
Rent at the price of hosting tariff

“1C-Bitrix: Virtual Machine” is implemented using VMware virtualization technologies and can be used in any VMware solutions designed for cloud computing.

How to try?

There are two ways to test a virtual machine:
  • download and run the installation file on your computer yourself (free);
  • rent a hoster’s virtual machine (at the price of the hosting tariff).

"1C-Bitrix: Virtual Machine" is a non-commercial product. At the same time, you can turn to 1C-Bitrix for help if you encounter problems with the functioning of our commercial products (“1C-Bitrix: Site Management”, “1C-Bitrix: Corporate Portal” and) on BitrixVM. But other issues, for example, changing the BitrixVM configuration, are resolved only by the developer community.

Composition of the product

“1C-Bitrix: Virtual Machine” emulates the operation of a real computer. The product includes a configured operating system, web server, database, firewall, mail server, as well as a large number of settings on which the reliability, performance and security of the web project depend. You can launch a new project on a Virtual Machine, or transfer a ready-made website to it. It is possible to transfer a website directly from the server to the machine.

The virtual server contains:

  • Operating system - CentOS 7.5 with the ability automatic update
  • Two-level configuration - NGINX + Apache2
  • MySQL5 with InnoDB support
  • HTTPS support
  • Wizards for setting up a cluster and adding additional sites
  • Sphinx Search Server Configuration Wizard
  • Additional packages: geoip, catdoc, poopler, mc, man, strace, sphinx
  • configured firewall (iptables) and verified configuration security
  • The IP address is obtained via DHCP or set manually
  • easily customizable email client (msmtp)
  • minimum memory requirements - 512M
  • maximum disk space 100 GB
  • automatic performance optimization for different memory sizes (up to 16 GB)
  • console panel of typical actions for managing a virtual server
  • a large number of settings that affect reliability, performance and security
  • The root password is bitrix (will need to be changed upon first login)
  • Bitrix password - bitrix (will need to be changed upon first login)

About virtual machines

Virtual machine technology is becoming more widespread. The market leader is VMWare, Microsoft is actively developing with Hyper-V, Citrix with XEN.

Material from Wikipedia:

What's new?

Version history of BitrixEnv and BitrixVM

The product “1C-Bitrix: Virtual Machine” is constantly being improved and refined. Keep track of changes and new features of the Virtual Machine on this page.

Changes in version 7.3.4

Software Update:
  • push-server 2.0.0
Major fixes:
  • The push-server package has been updated to work correctly on CentOS 7.6. Fixed an issue with starting the push-server service via systemd.

Changes in version 7.3.3

Major fixes:
  • Added automatic inclusion of PHP extensions zip and dom. They have become mandatory, as they are necessary for the operation of the Document Generator module.

Changes in version 7.3.2

Major fixes:
  • Added the ability to enable or disable the yum repository that stores beta versions of virtual machine packages.
  • Fixed a typo in the menu phrase that was causing the default certificate restoration for the site to not work.

Changes in version 7.3.1

Software Update:
  • push-server 2.0.0
Major fixes:
  • Fixed the display of MySQL and PHP update items if the MySQL server version is 5.5 and PHP is updated to 7.0.
  • Added copying of the certificate chain when setting up your own SSL certificate.
  • Easier generation of dhparam.
  • Fixed blocking of the menu when the configuration script is running.
  • Fixed exiting the menu for several items.
  • Fixed menu behavior when monitoring is enabled.

Changes in version 7.3.0

Software Update:
  • nginx 1.14.0
  • hostname 1.0.0
  • php 7.1
Major fixes:
  • Added use of php version 7.1 by default.
  • Fixed setting up certificates when access to the site is configured with https.
  • Fixes for package settings (option in dbconn.php and ethtool dependencies).

Changes in version 7.2.2

Major fixes:
  • Fixed a bug with duplicating ntlm settings for the httpd-scale service.

Changes in version 7.2.1

Major fixes:
  • Fixed an error that occurred when creating a site with advanced parameters specified.
  • The phrase in the mail settings for the site has been corrected.

Changes in version 7.2.0

Software Update:
    nginx 1.12.2
Major fixes:
  • Added support for installing certificates: your own and Let's Encrypt.
  • Added the ability to return the site's "default" SSL certificate.
  • Web cluster configuration errors have been fixed.
  • Added the ability to change the hostname after creating a server pool.
  • The procedure for updating MySQL server settings in a pool has been fixed.
  • Security fixes for nginx and httpd configuration files.
  • Errors in creating sites have been fixed if there is not a single working site on the server.
  • Added removal of servers from monitoring when they are removed from the server pool.

Changes in version 7.1.0

Software Update:
  • nginx 1.12
  • mysql 5.7
  • nodejs push-server 1.0.0
Major fixes:
  • A new version mysql server. Added an update wizard to the menu for existing installations.
  • Added the ability to configure a new push-server.
  • Fixed lsyncd server configuration error
  • The procedure for updating a machine in the pool has been fixed; the ability to run a full update from the menu has been added
  • Security fixes for nginx configuration files
  • Added X-Frame-Options for online chats
  • Fixed launch of smtp service

Changes in version 7.0.1

  • The proxy_ignore_client_abort option has been added when creating new sites, and a separate menu item has been added for configuring existing sites.
  • Added settings for fast file upload via nginx for external storages: Clodo, Rackspace, Google Storage and Selectel.
  • Added generation of DH parameters for ssl connection.
  • Fixed lsyncd service configuration for Cent OS 6.
  • The index name generation procedure has been changed.
  • Fixed an error in setting up monitoring in the system.
  • Fixed an error configuring the mysql service after it was stopped in the system.
  • Fixed error when changing the password for the mysql service.
  • Fixed an error in obtaining the mysql service status for a localized version of the OS.
  • The procedure for changing the password for hosts without installed/configured sites has been fixed.

Changes in version 7.0.0

  • CentOS 7 (x86_64) becomes the main distribution for 1C-Bitrix: Virtual Machine 7.0. The images work under CentOS 7 (x86_64), rpm packages are still available on CentOS 6 (i386, x86_64).
  • Software Update:
    • nginx up to version 1.10.2
    • sphinx 2.2.11
    • php 7.0
    • ansible 2.2
  • Fixed virtual machine scripts to work with Ansible 2.2. The ansible package is now available via the Bitrix repository.
  • The procedure for generating passwords in the machine has been fixed, support for special functions has been added. characters.
  • Added a procedure for automatically creating a password for the mysql service when the machine first starts and when installing via bitrix-env.sh.
  • PHP 7.0 is used by default. Added the ability to roll back the version to PHP 5.6 if necessary. When upgrading a virtual machine from 5.1 to 7.0, in the same menu item you can perform the upgrade procedure from PHP 5.6 to 7.0.
  • Added the ability to create your own rules for iptables/firewalld.
  • Errors in the menu operation in the case of several IP addresses on one network interface have been fixed.
  • The procedure for setting up a web cluster is divided into two steps that can be run separately from each other: data synchronization and setting up the web environment.
  • The default data synchronization service is lsyncd.
  • Errors have been fixed when deleting a machine from a server pool.

Changes in version 5.1.8

The virtual machine scripts have been fixed to work with Anaible 2.1.0.

Changes in version 5.1.7

Software update: nginx - 1.8.1

Changes in version 5.1.6

  • ANSIBLE: Support for working with ansible 2.0.1
  • Description: Fixed virtual machine scripts to work with Anaible 2.0.1

Changes in version 5.1.5

A number of changes have been made to improve the performance of the 1C-Bitrix: Virtual Machine product.

Changes in version 5.1.4

  • Added removal of pool configuration, for cases when it is necessary to recreate it.
  • Added the ability to remove servers from the pool that are disabled or unavailable for one reason or another.
  • Added the ability to update PHP to version 5.6.
  • Added the ability to set the authorization method when setting up mail.
  • Added the ability to set cron settings or hits for a site during its creation.
  • Added the ability to configure email notifications for the Nagios monitoring system.
  • Added the ability to set a personal login and password for Nagios and Munin monitoring systems.

Changes in version 5.1.3

Now, when adding a server to AD, you can specify an arbitrary NETBIOS name that is different from the machine name.

Bugs fixed:

  • connecting the server to a domain with localized group names;
  • creating incorrect configuration files for the samba server;
  • impossibility of changing the domain for the server;
  • creating websites in cp1251 encoding;
  • creating an invalid link in case of an https request.

Change in version 5.1.2

When creating mail for a site, the msmtp profile is registered for cron. This way, the configured mail for the site starts working if the job is transferred to cron.

Changes in version 5.1.1

  1. Changed the behavior of disabling php modules through configuration files. Allows you to avoid including “unwanted” PHP modules when updating PHP packages.
  2. Added the ability to set the root password by creating the /root.my.cnf file when updating the mysql server.

Changes in version 5.1.0

Major changes
  1. Added the ability to configure the delivery of a composite cache via nginx, if it is configured on the site
  2. Software Update:
  • php-5.4
  • mysql-5.5
  • nginx - 1.6.2
  • Support for external kernels (ext_kernel) for websites
    For this type of site:
    • no access via web
    • you can use them to create a link
    • all cluster functions supported (mysql, web)
  • The dependence of creating the memcached and sphinx roles on the cluster and searchd modules installed on sites has been removed. If the module is missing on the site, the service will be added. But at the same time it will not be registered in the corresponding site model
  • Added restrictions on creating a cluster configuration (mysql, web) in the following cases:
    • if there is more than one site of type kernel (kernel) or external kernel (ext_kernel) on the server
    • cluster or scale module not installed
  • ntlm update (fixed errors in synchronizing calendars and contacts; added the ability to update the configuration of several sites if NTLM is already configured for the server)
  • Added HVM images (Frankfurt and not only)


  • Changes in version 5.0

    New:
    • Added work with dynamic addresses (updating the list of servers in the pool; if the address on one of the pool servers is updated, the access settings, as well as the access configuration, change). Wiki article
    • Changed work with sites:
      • added detection of whether the scale and/or cluster module is installed on the site; site-based operations are allowed for such sites: setting up email, enabling/disabling https-only mode, setting Reserve copy, but such sites do not participate in cluster operations: memcached, mysql, apache
      • in case of an error on one of the installed sites installed on the server, such site will not participate in any of the operations in the cluster, a list of such sites and their errors can be found in paragraph 6, subparagraph 8
    • API for hosters
    Corrections:
    • Working with subinterfaces, in previous version were not detected correctly, which did not allow working in OpenVZ/Virtuozzo containers
    • Incorrect determination of what mode the server is operating in (with or without a balancer) led to the following errors:
      • creating a website on port 8080
      • Enabling HTTPS-ONLY mode did not work
      • links to the https version of the site were created incorrectly
    • Used domain names in the nginx server configs (allow/deny rules), if the user specified the FQDN when creating a master or adding a new server to the pool, which led to service restart errors

    Changes in version 4.3:

    • the settings of the nginx-push-stream-module module have been changed, the ability to work via websocket and standard ports 80, 443 has been added
    • Configuration files reworked, comments added
    • fixed loss of get parameters in dav
    • nginx-push-stream-module, nginx, apc module updated
    • added sphinx setup and connection wizard
    • Auto-scaling parameters expanded to 16 GB

    Changes in version 4.2:

    • nginx-push-stream-module settings have been changed to support push & pull correctly
    • php json module is enabled by default
    • fixed rpm package behavior when updating
    • Fixed setting the task of checking munin and nagios rights in cron
    • fixed rules for nginx processing of combined css
    • added rules for nginx processing of combined js
    • Correct nginx response headers are set when displaying custom errors
    • fixed definition of variables in nginx
    • Library dependencies have been fixed in BitrixVM

    Changes in version 4.1:

    • CentOS updated to version 6.3
    • fixed the wizard for adding additional sites
    • The backup setup wizard has been fixed, the archive format has been made compatible with restore.php
    • The service for setting parameters of the bvat system has been improved
    • 404 error handling for static content has been moved to nginx
    • nginx fixed handling 404 errors for dynamic content
    • error pages added to nginx
    • Correct processing of calendars has been added to nginx
    • to support the push & pull module, nginx is compiled with the nginx-push-stream-module module
    • Fixed the mechanism for working with the Bitrix html cache in nginx
    • added system update wizard
    • changes aimed at improving system security

    Changes in version 4.0:

    • operating system CentOS 6.2 i386
    • Removed a number of VMWare components that led to problems after virtual machine updates
    • standard virtual machine disk size increased to 10 GB
    • ZendServer replaced by Apache and APC
    • The connection scheme for Nginx and Apache configuration files has been changed to minimize problems when updating or installing additional packages
    • The ntlm authorization mechanism has been changed and the BitrixEnv4 package has been added to the rpm
    • added wizards for creating a scheduled site backup, deleting settings for additional sites, setting up system monitoring (munin, nagios)
    • changes aimed at improving system security
    • The wizard for creating additional sites has been improved
    • The operation of the bvat system parameter settings service has been adjusted
    • added Mercurial version control system

    Changes in version 3.1:

    • updated version of nginx 1.1.0, with upstream_keepalive patch
    • expanded set of pre-installed packages (htop, samba, etc.)
    • ntlm authorization setup wizard

    Changes in version 3.0:

    • operating system CentOS 6.0 i386
    • file system ext4
    • updated version of nginx 1.0.6, configuration changes
    • updated version of msmtp 1.4.24, changes in the setup wizard
    • replacing xpdf with poppler
    • corrections have been made to the mysql configuration
    • the set of pre-installed packages has been expanded in the virtual machine (mc, strace, man, etc.)
    • added the ability to create additional sites, both on a separate core and as part of multisite
    • added wizards: creating a master node of the cluster, adding a slave node to the cluster, changing the role of a slave node to master
    • GeoIP databases updated

    Main changes in version 2.0:

    • php-5.3.3 or php-5.2 (version php-5.3.3 lacks the Zend Guard Loader component, i.e. encoded files will not work);
    • PHP parameters have been changed for optimal operation of Bitrix products
    • added xdebug module (not active by default, to activate it is enough to uncomment the corresponding line in php.ini and restart apache);
    • updated version of nginx 0.7.67, configuration changes;
    • expanded list of OS for Fedora installations 8-14 (i386 only), server CentOS/RHEL/OEL 5 (i386 and x86_64);
    • disabling duplicate compression in product configuration (now only nginx compresses data);
    • Troubleshooting configuration issues mail program msmtp;
    • Auto-update of packages (via yum) is disabled when restarting the server;
    • Minor comments and errors have been fixed.
    Packages tested on Fedora 8,12,14(i386), CentOS/OEL 5(i386/x86_64). Fedora 14 has minor issues related to OS bugs.

    Changes in version 1.6:

    • By default, the Virtual Machine site is now accessible over both HTTP and HTTPS protocols, and the Zend Server control panel is disabled to save resources. Both of these options are still well managed through the root user menu.
    • Added support for the SMTP server that appeared in 1C-Bitrix: Corporate Portal 9.0, which starts automatically if configured correctly.
    • After updating the product, search in PDF files becomes available.
    • All software packages have been updated, including Zend-Server-CE (very seriously updated), the php-5.2-memcache module has been added to use caching in random access memory.
    • Changes have been made to the NGINX configuration to process cached PHP pages (HTML caching technology), errors in processing WebDAV requests have been fixed, and scalability has been improved. In the APACHE configuration, errors have been fixed that caused, in particular, errors during the “classic” loading of pictures into the photo gallery (via java-applet). Added type handling docx documents, xlsx, pptx.
    • The bitrixsetup start script has been improved, localizations have been added for English and German.

    Changes in version 1.5

    • all Ubuntu 8.0.4 OS packages have been updated, as well as Zend Serevr CE 4.0.3, PHP 5.2.10 application packages;
    • improved nginx configuration in terms of compression;
    • changes in the console menu: when the Zend panel is disabled, the corresponding service stops, which allows saving RAM of the Virtual Machine;
    • system improvements regarding the use of RAM: The virtual machine works satisfactorily on 160 MB of RAM, although the main recommendation for the size of RAM remains the same - 256 MB of RAM;
    • updated bitrixsetup.php - allows you to install additional 1C-Bitrix applications.

    Changes in the new version 1.4

    Added installation using BitrixSetup.

    Changes in version 1.3

    The new edition of VMBitrix is ​​implemented according to the VMware Virtual Appliance standard!

    General configuration:

    • the home directory of the bitrix user is separate from the webroot;
    • Before the initial login via ssh/console to change the default password (bitrix), you cannot connect via SFTP and HTTPS to manage the server. This does not affect the launch of bitrix_setup and installation of the product;
    • EULA removed.
    Error correction:
    • fixed test SSL certificate;
    • console menu: fixed error in mail configuration, removed menu items for configuring IP - this is available in VMware tools;
    • nginx configuration: fixed WebDAV errors (for proper operation you need to update to 8.0.2), 400 Bad Request when creating a new topic, synchronization with Outlook;
    • Fixed a bug when launching XMPP.
    Applications:
    • additional packages installed: catdoc, memcached, xpdf;
    • reworked and fixed the bitrix_setup script;
    • nginx updated to version 0.7.62 (security bug - Critical vulnerability in the Nginx http server);
    • The script for auto-tuning service parameters has been modified to ensure high performance with RAM values ​​up to 2 GB;
    • changes necessary for the correct operation of the VM have been made to the distribution kits of 1C-Bitrix products.

    Advantages

    Advantages

    “1C-Bitrix: Virtual Machine” is an excellent solution to the problem of high-quality configuration of hosting and dedicated servers. Usually, in order to achieve high project performance, you need to configure the server software, OS, and hardware yourself. In addition, it is important to ensure safety. And in “1C-Bitrix: Virtual Machine” all these settings have already been completed. As a result, you save time and money on server deployment and configuration, on purchasing the necessary equipment, and on ensuring project security.

    Everything is ready to go!

    The virtual server is ready for immediate use. This means that 1C-Bitrix products will work quickly on the server, and most of the services here are not just configured, but work perfectly.

    After installing the virtual machine:

    • you can use the cluster setup wizard and add additional sites;
    • the menu allows you to configure sending mail through an external SMTP server;
    • if you configure an SMTP gateway, mail can be routed within the organization;
    • the instant messaging server (XMPP/JABBER server) is configured and running (automatically starts);
    • Miranda, QIP and other messenger programs can be configured to work with the Internet/Intranet portal;
    • indexing of office documents is configured;
    • WebDAV is configured and running;
    • HTTPS support for the Corporate Portal;
    • SSL support for XMPP

    Saving

    There are significant savings for the company:

    • on deployment time;
    • on equipment;
    • on operating costs.

    Rent

    The product “1C-Bitrix: Virtual Machine” can be rented from hosting providers. You can rent a virtual machine using any virtualization technology: VMware, Parallels Virtuozzo Containers, Amazon EC2 (AMI), Open VZ, Citrix.

    1C-Bitrix: Virtual Machine" was developed directly for the needs of projects on 1C-Bitrix. The undeniable advantage of this software product is its initial configuration, which is an example of ideal virtual server settings for Bitrix. “1C-Bitrix: virtual machine” has been tested and configured to work with both 1C-Bitrix products and any PHP applications.

    What is a “Virtual Machine” for?

    Using "1C-Bitrix: Virtual Machine" will allow your projects to show consistently high performance indicators. In addition to simplicity and ease of use, it allows you to significantly reduce the time for administering a website created on the basis of 1C-Bitrix products and setting up the server, as well as on the equipment. Using "1C-Bitrix: Virtual Machine" you can create a new project or transfer an existing one.

    Full access at the administrator level makes it possible to install any software using a virtual machine for 1C-Bitrix and make changes to the settings of the BitrixVM virtual server.

    What version is being installed?

    You get the most new version programs. As of today, the latest version of this software product is "1C-Bitrix: virtual machine 7.0" c latest version PHP, which gives a noticeable performance boost.

    How to order a virtual machine?

    For all our clients, the 1C-Bitrix virtual machine is provided free of charge when ordering any VPS server for CMS Bitrix and is ready to work immediately after deployment, which takes just a few minutes.

    How to pay for VPS?

    To pay for VPS, select the desired tariff in the table and click the “Order” button. Next, follow the instructions in the billing panel, indicating necessary actions with the domain, your details and select suitable way payment. That's all! Your server will be activated immediately after payment.

    February 1, 2018 at 04:04 pm

    Why it is important not to delay installation and configuration CMS Bitrix based on "1C-Bitrix: Virtual Machine"

    • Information Security

    Who dropped the glove?

    While performing one of our penetration testing projects, we came across a virtual machine on the Customer’s public IP address. From the set of ports open on the host, we got the feeling that this was Bitrix. The link discusses the purpose of ports. Below is a list of ports that are open on the VM out of the box:
    • 22/tcp
    • 80/tcp
    • 443/tcp
    • 5223/tcp
    • 8893/tcp
    • 8894/tcp
    When you clicked on the URL ip_addr :80, the initial setup page for the 1C-Bitrix website opened, and the “Restore a copy” link opened, which takes you to the restore.php module. When clicked, instructions for creating a backup copy of an existing 1C-Bitrix website, links to documentation and a “Next” button open. And then things get interesting, you can do the following:

    It is clear that at some point the administrator did not complete the procedure for setting up the site and the 1C-Bitrix VM. Here we could write this problem into the report (and then try to sell the Customer an infrastructure monitoring system, SIEM or something similar) and move on. But we are not one of those.

    The human factor or the lack of Customer control over the infrastructure is not so important. What's important is how this bug can cause a hack.

    Hello distant sites

    The restore.php module, in addition to presenting the interface, performs the functions of checking and downloading files and deploying site backups. If you choose to download files from local disk, then nothing prevents you from choosing not a backup copy, but, say, loading the phpinfo.php script.

    And then Bitrix started leaking. We expected that checking files at the download stage or post-checking the contents of the file would work. It didn’t work...the transferred file ended up in the web application’s home folder!

    Have you started to figure out what’s “under the hood” and why the script loads everything? To satisfy curiosity and for reporting to the Customer, we deployed “1C-Bitrix: Virtual Machine” version 7.2 in our lab.

    The primary server configuration when connecting via SSH is performed in two steps:

    1. Change root user password
    2. Change bitrix user password
    Next, access to the local command interpreter will become available. We try to upload files with the .php extension to the “experimental” server - no problems, they are written to the home directory ‘/home/bitrix/www’:

    We started digging further into restore.php. The next function was “Download a backup from a distant site” (“distant site” is a very peculiar term, but okay). This script does not allow you to download anything other than backup copies. We looked into source restore.php and found the condition for checking the downloaded file:

    $f = fopen($_SERVER["DOCUMENT_ROOT"]."/".$arc_name, "rb"); $id = fread($f, 2); fclose($f); if ($id != chr(31).chr(139)) // not gzip ( $s = filesize($_SERVER["DOCUMENT_ROOT"]."/".$arc_name); if ($s%512 > 0 ) // not tar ( unlink($_SERVER["DOCUMENT_ROOT"]."/".$arc_name); $res = false; ) )
    The first condition: if the beginning of the file does not contain characters with codes 0x1f and 0x8b of the ASCII+extended table, then the downloaded file is not an archive.gz.

    The second condition checks the size of the downloaded file: if the value is not divisible by 512, then the file is not a tar archive. This is where the check ends.

    It turns out that only the first condition needs to be circumvented. OK! We took a simple cmd.php script for testing (there is a ready-made one from “The Dark Raver”). In the system cli, the identifier characters with the contents of the cmd.php file were transferred to a new file called cmd_boom.php:

    Echo -e "\x1f\x8b\n$(cat cmd.php)" > cmd_boom.php
    Using the xxd utility, you can see the contents of the file in the form of a hex table:

    Cat cmd_boom.php | xxd
    Conclusion:

    That’s it, the file is ready to be uploaded to the “distant server”. Upload cmd_boom.php to your GitHub repository and paste the script URL on the 1C-Bitrix recovery form. As a result, after a short contemplation of the loading progress bar, we received an error message:

    Well, maybe the file was deleted from the home folder due to an error? What's the point of storing it if the file breaks along the way or is inconsistent? But the authors of the restore.php script apparently considered it unnecessary to clear the site’s home directory of garbage. So, what about the loaded shell? So here he is, dear!

    Now comes the fun part. By clicking the “Skip” and “Try Again” buttons on the form with the error message, we received a page with a button “Delete local backup and service scripts.” Clicked and the files were deleted!

    As a result, the home directory will be cleared of the restore.php, bitrixsetup.php scripts and the downloaded cmd_boom.php file. After this, nothing decisive can be done with the site - the backup copy is not restored and you cannot proceed to installing a new site.

    Of course, you could hide the cmd.php script in a subdirectory or rename it index.php. We stopped there.

    There is a set aside!

    We reported to the 1C-Bitrix technical support service about the problem with the restore.php script, to which we received the following response:

    “It makes no sense to talk about vulnerabilities in restore.php; this script is intended for deploying a site management system. In its essence, it is needed in order to upload PHP scripts to the site.”

    Well, in general, everything is correct, we successfully uploaded the scripts to the customer’s “abandoned” site and received a local shell.

    The position of technical support is clear: “If you haven’t finished the site configuration, you are your own evil Pinocchio.” The ticket was closed technical support no response from the developers themselves.

    We did not find out how many “abandoned” 1C-Bitrix VMs were published on the Internet; a couple found by the query “intitle:“Welcome!” intext:"Welcome to Bitrix Virtual Appliance"" on Google.

    Epilogue

    Do not publish the 1C-Bitrix VM before the site is deployed. Keep track of your company's resources published on the Internet. Abandoned sites are almost always a bad thing.

    IGOR ANTONOV, professional programmer. Author of numerous articles in IT-Spets and Hacker magazines. Currently working as Head of Development Department software in the company OJSC "DalZHASO"

    VMBitrix capabilities
    The solution to the virtual machine

    Today, more and more companies are choosing virtualization rather than increasing their fleet of hardware machines. And there are objective reasons for this.

    Managing and maintaining virtual machines is much easier and will cost significantly less than purchasing hardware. The benefits of virtual machines don't end there. So, let's go to virtual reality!

    VMBitrix - virtual machine from 1C-Bitrix

    Not long ago, the 1C-Bitrix product line was replenished with an interesting new product - VMBitrix. This product is a fully configured and ready-to-use web server. Its main advantages are the presence of all server components necessary for a web developer, rapid deployment of a virtual machine, the most optimal settings for all components and instant readiness for work. VMBitrix is ​​not just another solution for quickly installing a WAMP/LAMP server. This is an opportunity to feel like a “hoster”, who has at his disposal a full-fledged virtual server running under Linux control stuffed with all the necessary server software.

    What does it look like?

    VMBitrix is ​​a virtual machine image created using virtualization software from VMware. In order to start using it, you need to go to the company’s official website and download the virtual machine image. After the download is complete, you will also need to download VMPlayer (see Fig. 1) - the “player” of virtual machines and open the downloaded image in it. After execution last action The virtual machine will start loading and all daemons (nginx, MySQL, etc.) will start. To continue working, you will need to enter the IP address of the virtual machine in the address bar of your browser and start working (either configuring or installing 1C-Bitrix).

    Performance is key

    All components included in the virtual machine are maximally optimized and configured for comfortable operation. A minimum of system resources is required for the correct functioning of the virtual machine. For example, if we talk about RAM, then 256 MB will be reserved from the host system. Having compared the work of PHP scripts in VMBitrix and in the win environment of the host machine, we found that in VMBitrix less time is spent on execution (the 1C-Bitrix content management system and the free framework Drupal were used as scripts).

    How else can you use VMBitrix

    It is possible to assign a number of tasks to VMBitrix and come up with dozens of ways to use it. For example, use it as a testing ground for developing and testing your own web applications/services.

    It takes very little time and system resources to deploy and run the system. Developers working on laptops can easily use it - the performance is enough.

    Figure 2. Basic control functions

    Advantages and disadvantages

    Main advantages:

    Reducing financial costs. Using virtual infrastructure allows you to save on the purchase of new equipment. For example, you need to deploy several server applications. Let's imagine that some of these applications are designed to run on UNIX-like platforms, and the other - on Windows. If these applications are expected to be heavily loaded, then it will most likely not be profitable for you to use virtualization. If not, then the situation changes exactly the opposite. In this case, it is easier and more profitable to purchase one productive server and deploy several virtual machines with the necessary operating systems. As a result, you will end up with one physical server, and in your virtual network several separate servers will be visible.

    Easier technical support. There is always a place for failures. The consequences of this can be very different. One of the main ones will be downtime. Let's imagine that your server goes down motherboard. The OS usually takes a hard time in such situations, and there is a high probability that it will have to be completely reinstalled. If it’s a matter of one OS, but we remember that we have a bunch of services configured in a cunning way, re-launching them from scratch will take a lot of time. The situation is not pleasant. Especially if the backups only contain backups of data and not settings. In the case of using virtual machines, events may develop differently. How? Taking care of backups virtual machines, in the event of a crash, you only need to install the OS on the server, and then deploy the program to work with virtual machines. That's all! We give her OS backups and start. A couple of minutes and everything works as before. Even if the (hardware) configuration of your new server has completely changed, the virtual machine won't care.

    Ultra-fast deployment. This is one of the most important advantages of virtual machines. Let's imagine that we need to open a new branch of the company. Let's focus on information infrastructure. It will be possible to deploy all the services that operate at the head office in a matter of minutes. The entire deployment process will boil down to transferring files with virtual machines and launching the program responsible for virtualization. No extra settings. No routine actions. Everything will work the same way as you configured. Let's add to this that the presence of a highly qualified specialist is not required, and the benefits become more than obvious.

    Full control over resources. For example, you have a service installed that consumes a small amount of system resources, while a service on another server works like Papa Carlo and greedily swallows every megabyte of memory. Theoretically, it is possible to install both of these services on the same computer and limit their resources. For example, allocate more MHz of processor and memory to the most active one, and limit the second one. Then both services will be good, and you will have one computer free. Isn't it great? This problem can again be solved using virtualization.

    A virtual machine is a testing ground for experiments. Do you need to test the operation of the product being developed on different platforms? Do you want to make sure that the latest patch package is correct and functional? Present a project (web, network services, etc.) to a client? For all these and many other similar tasks, the use of virtual machines will be more than preferable. Deploying virtual machines does not take much time and once launched they will look the same as you configured them. So why not take advantage of this simplicity and power for testing and simple presentation purposes?

    Virtualization has its downsides. One of these disadvantages is a general decrease in the reliability of the entire virtual infrastructure. For example, you should not rely 100% on virtual machines and hang all services on one physical server (by deploying several virtual machines). Especially if the overall functioning of the entire network depends on the performance of virtual services. So most likely this is not even a minus, but a requirement that should not be forgotten.

    The 1C-Bitrix company presented a convenient product that allows you to deploy a full-fledged virtual and ready-to-use web server. Their development will be useful not only for users who choose the 1C-Bitrix content management system, but for all web developers.

    The VMBitrix distribution is distributed completely free of charge. For those who appreciate the advantage of using virtual machines, the 1C-Bitrix company is ready to offer the option of renting a virtual machine on the hoster’s servers. Good luck with your virtual research!

    1. http://www.1c-bitrix.ru – official website of the 1C-Bitrix company. Descriptions, demo versions of products, etc.

    Application

    VMBitrix is

    • operating room Ubuntu system Linux 8.04.
    • Two-tier NGINX + Zend Server CE configuration.
    • DBMS MySQL 5 (InnoDB support).
    • Configured firewall.
    • https protocol support.
    • Mail client msmtp.
    • Productivity automation.


    
    Top