I had odoo running without nginx in front of it and had my website up and running for some weeks. As the site was not SSL encrypted there was no trouble. Now I am running nginx on port 80/443 in front of odoo on port 8069. I had to tinker a lot because I my internet connection has no fixed IP so I have to run my server behind duckdns. First I went for a certbot certificate with the duckdns plugin (but this doesn't allow for a custom domain) and switched to a standard certbot certificate afterwards. In the process I was editing my address rewriting in the nginx site config. Now I get "odoo/shop" (shop is the current homepage and only site online) after redirects instead of "https://www.domain.xyz/shop". odoo/shop obviously doesn't lead nowhere for anyone.
I can't really wrap my head around why that is. I checked my config files (odoo and nginx) and everything seems fine. For me it seems like odoo is doing some rewriting in the background.
this is what my current odoo conf file looks like:
; This is the password that allows database operations:
; admin_passwd = admin
db_host = False
db_port = False
db_user = odoo
db_password = False
;addons_path = /usr/lib/python3/dist-packages/odoo/addons
default_productivity_apps = True
proxy_mode = True
xmlrpc_interface = 127.0.0.1
---
and here is my nginx conf file:
#odoo server
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}
server {
listen 80;
listen [::]:80;
server_name www.domain.xyz;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name www.domain.xyz;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000" always;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.domain.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.domain.xyz/privkey.pem;
# Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# log
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;
# Redirect requests to odoo backend server
location / {
proxy_redirect off;
proxy_pass http://odoo;
}
location /longpolling {
proxy_pass http://odoochat;
}
# common gzip
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
client_body_in_file_only clean;
client_body_buffer_size 32K;
client_max_body_size 500M;
sendfile on;
send_timeout 600s;
keepalive_timeout 300;
}
my working config files:
odoo:
; This is the password that allows database operations:
; admin_passwd = admin
db_host = False
db_port = False
db_user = odoo
db_password = False
;addons_path = /usr/lib/python3/dist-packages/odoo/addons
default_productivity_apps = True
proxy_mode = True
xmlrpc_interface = 127.0.0.1
---
nginx:
#odoo server
upstream www.domain.xyz {
server 127.0.0.1:8069;
}
server {
listen 80;
listen [::]:80;
server_name www.domain.xyz;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name www.domain.xyz;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
ssl_certificate /etc/letsencrypt/live/www.domain.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.domain.xyz/privkey.pem;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000" always;
# Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# log
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;
# Redirect requests to odoo backend server
location / {
proxy_redirect http://www.domain.xyz/ https://www.domain.xyz/;
proxy_pass http://www.domain.xyz;
}
# common gzip
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
client_body_in_file_only clean;
client_body_buffer_size 32K;
client_max_body_size 500M;
sendfile on;
send_timeout 600s;
keepalive_timeout 300;
}