Ir al contenido
Menú
Se marcó esta pregunta
4 Respuestas
11330 Vistas

When deploying odoo behind Amazon's Elastic Load Balancers with SSL termination only... odoo redirects some requests to http. For example, logging out is always redirected to http instead of https.

I've tried everything from passing in --proxy-mode to the daemon, to hardcoding the web.base.url parameter to use https as well as setting the web.base.url.freeze parameter.

Is there anything I can do to deploy odoo behind Amazon's ELBs without having to use nginx or open it up over http?


Avatar
Descartar
Mejor respuesta

When deploying Odoo behind a reverse proxy there are some headers that you need to pass to your Odoo instance from the reverse proxy itself. This works for me on nginx:

        proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
# Let the OpenERP web service know that we're using HTTPS, otherwise
# it will generate URL using http:// and not https://
proxy_set_header X-Forwarded-Proto https;
# by default, do not forward anything
proxy_redirect http:// https://;

This settings on nginx location made Odoo behave ok behind a reverse proxy, in your case the last two are very important, find what nginx is doing with those settings and replicate to Amazon ELB

Avatar
Descartar

can you post the complete sites-aviable/default file ?

Mejor respuesta

Given the design architecture of the Odoo web app, you cannot efficiently rely on AWS ELB to handle SSL certificate nor does the Odoo uWSGi service serve you well in this regard, run it on a Nginx and save your mind.

Avatar
Descartar
Mejor respuesta

Does anyone have a way to do it, im trying to mount odoo 15 behind a load balancer but I wont pass the login page

Avatar
Descartar
Autor Mejor respuesta

According to Amazon's documentation:

http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/x-forwarded-headers.html

They do send the X-Forwarded-For, and X-Forwarded-Proto headers through.

Host should be passed through with the request automatically, and I'm not sure what X-Real-IP does.

I think the part that works for you, but I can't get to work for me because AWS ELB doesn't support it is the redirect of http to https. There are only a few places that don't support the automatic changing of the URL.. such as logging out, and the mass mailing campaign email editor.

I would think that these should be updated so that they work regardless of what type of load balancer the system is behind.

Alternatively I could setup an nginx docker image to simply redirect http to https, but this seems like a workaround and not a very good use of resources.

Does anyone else have any additional thoughts?

Avatar
Descartar

Stuck on this as well. Did you manage to set up Nginx behind ELB?

Publicaciones relacionadas Respuestas Vistas Actividad
0
jun 15
4507
0
ago 22
1778
3
jun 25
1657
2
sept 23
6942
1
feb 25
3393