Ir al contenido
Menú
Se marcó esta pregunta
5 Respuestas
56628 Vistas

Hi,

I am currently building and customizing a v7 instance for a client. Their server hosts various applications, e.g. mail, webdav and OpenERP. The reverse proxy (Apache2) is working in general. When we enter https:/<url.domain.tld>/external/erp hit the OpenERP server at localhost:8069 which responds with 301 but redirects to the wrong address https:/<url.domain.tld>/?db=liveDB

I have set proxy_mode = True in openerp-server.conf How can I get OpenERP to honour the invoked sub-directory "/external/erp" and redirect to https:/<url.domain.tld>/external/erp/?db=liveDB Invoking https:/<url.domain.tld>/external/erp/?db=liveDB leave the browser (Firefox) blank. The page source shows the header by the body is empty <body></body> Firebug in Firefox showed that the JS function cannot be found which led to me spotting fixed references in the html-head to href="/web/..." which should be href="web/..." (no leading slash).

The environment is OpenERP 7, Ubuntu 10.04, Apache2

Cheers, Stefan

Avatar
Descartar
Autor

I assume that /web contains the static files so I used the static_http_url_prefix=/external/erp, static_http_enable = True and static_http_document_root = /usr/lib/pymodules/python2.6/openerp/addons/web but this did not seem to make any difference for the JS and CSS in the HTML head.

Mejor respuesta

Hi; Try to use NGINX.

try a google search for openerp 7 + nginx + apache

HERE:

If you need to proxy requests for a specific location to a specific resource, use a rewrite rule to capture the path to the resource and pass that along to the proxied server. For example, if you want all requests for http://example.com/ to be handed to a server running on 192.168.3.105 with a path of /teams/~example/, you would write the following location block:

File excerpt:/etc/nginx/sites-available/example.com

 location / {
   rewrite ^(.*)$ /teams/~example/$1 break;
   proxy_pass   http://192.168.3.105;
 }
Avatar
Descartar
Autor

Hi, I have found loads of instructions which apply to either v6.1 or to v7 but are to redirect from http to https and to avoid port 8069. But a subdirectory seems to be the rare odd one out. from my understanding nginx is more lightweight than apache but does not actually add any functionality, right? So what ever is possible to achieve in nginx should be possible to achieve with apache and vice versa.? Please correct me if I'm wrong. Cheers

Autor

understood and convinced. I'll get nginx underway. I have to get myself into the config syntax and get back about any success (or failure). Thanks so far.

The hardest is the config file (nginx.conf ). Good luck ..... waiting for a feedback

The hardest is the config file (/etc/nginx/nginx.conf). Good luck, waiting for feedback

Autor

I have put nginx before apache and OpenERP's python. It does not work great and is a lot more administration than with apache2. Due to given circumstances we cannot just redirect /(.*) as suggested as we have other hosted applications too. So my question remained unanswered to a certain degree as I don't think that the "proxy" and the "static_http" parameters in the OpenERP config actually do work. In nginx I also had to redirect /web as this is another source that's referred to in the HTML code. Cheers, Stefan

Did you read my last answer ?

Autor

yes, I did read your answer along with the link you provided. That was all very enlightening. I need to give this another shot. I had to revert back to apache as other bits broke during the transition to nginx. I managed to get Apache to rewrite the html responses using 'ProxyHTMLUrlMap' That does exactly what I was after (rewriting the src=.. and href=.. prepending "/intern/erp"). I assume that's exactly what your last comment is meant to achieve. The HTML and JS code is right, but the UI still doesn't load but leaves and empty/white page. When I reverse-proxy /web it works though.

Follow this ---> Proxying Content with mod_rewrite http://httpd.apache.org/docs/2.2/rewrite/proxy.html

Autor Mejor respuesta

I assume that the files served from /web/ are the static ones. Hence, I tried using the static_http_url_prefix=/external/erp, static_http_enable = True, and static_http_document_root = /usr/lib/pymodules/python2.6/openerp/addons/web This change did not have any impact.

Then I tried Apache2's RedirectMatch and RewriteRule directives but for some reason they did not kick in either.

Back to square one. no change and issue persists. Does anyone have come across this before?

Cheers, Stefan

Avatar
Descartar
Autor Mejor respuesta

right. I have put nginx in place to do the proxy functionality which Apache2 did so far. however, the result is the same. Even though we can serve the static files through nginx in a static context but the assumption that any thing prefixed with "/web/" is satic failed us as /web/webclient seems to be a dynamic context i.e. cannot be found as file.

The question remains: We cannot redirect ^/.* as we have this already assigned to another application. Hence we would like to prefix the virtual path with "/internal/erp". However, this seems difficult if not impossible. We hoped that "static_http_url_prefix" would solve our issue, but that was not the case. openerp-server.conf

[options]
without_demo = False
unaccent = False
db_template = template1
db_password = noneofyourbusiness
xmlrpcs = True
xmlrpcs_interface =
syslog = False
logrotate = True
xmlrpcs_port = 8071
test_report_directory = False
list_db = True
timezone = False
xmlrpc_interface =
test_file = False
smtp_password = False
secure_pkey_file = server.pkey
xmlrpc_port = 8069
workers = 0
log_level = info
xmlrpc = True
admin_passwd = noneofyourbusiness
smtp_port = 25
smtp_server = localhost
static_http_url_prefix = /extern/erp
limit_request = 8192
test_commit = False
proxy_mode = True
demo = {}
dbfilter = .*
login_message = False
import_partial =
pidfile = False
db_maxconn = 64
osv_memory_count_limit = False
reportgz = False
osv_memory_age_limit = 1.0
netrpc_port = 8070
db_port = False
db_name = False
debug_mode = False
netrpc = False
limit_time_real = 120
limit_memory_hard = 805306368
logfile = /var/log/openerp/openerp-server.log
csv_internal_sep = ,
limit_time_cpu = 60
pg_path = None
limit_memory_soft = 671088640
static_http_enable = True
translate_modules = ['all']
smtp_ssl = False
server_wide_modules = None
netrpc_interface = 127.0.0.1
smtp_user = False
log_handler = ["[':INFO']"]
db_user = openerp
db_host = False
test_enable = False
max_cron_threads = 2
static_http_document_root = /usr/lib/pymodules/python2.6/openerp/addons/web
email_from = False
addons_path = /usr/lib/pymodules/python2.6/openerp/addons
secure_cert_file = server.cert

nginx configuration

server {
        listen   443 default;
        ssl     on;
        ssl_certificate /etc/ssl/certs/domain.com.crt;
        ssl_certificate_key /etc/ssl/private/domain.com.key;
        ssl_session_timeout  5m;
        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;
        server_name  host.domain.tld;

        access_log  /var/log/nginx/webmail.domain.com.ssl_access.log;

        location ^~ /inter*/wiki/(data|conf|bin|inc) {
                deny all;
        }
        location /web {
                root /usr/share/pyshared/openerp/addons;
        }

        location /intern/erp {
                rewrite ^/intern/erp/(.*) /$1 break;
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header Host $host;
                proxy_pass hppt://127.0.0.1:8069;
        }

#       location /internal/ {
#               alias   /var/www/;
#               index  index.html index.htm index.php;
#       }

        location /internal/ {
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header Host $host;
                proxy_pass hppt://127.0.0.1:8080;
        }

        location /intern/ {
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header Host $host;
                proxy_pass hppt://127.0.0.1:8080;
        }

        location /internal/erp {
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header Host $host;
                proxy_pass hppt://127.0.0.1:8069;
        }

        location /extern/erp {
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header Host $host;
                proxy_pass hppt://127.0.0.1:8069;
        }
        location /external/erp {
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header Host $host;
                proxy_pass hppt://127.0.0.1:8069;
        }

        location /extern {
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header Host $host;
                proxy_pass hppt://127.0.0.1:8080;
        }

        location ~ /\.ht {
                deny all;
        }

        # redirect to webmail/Zimbra
        location / {
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header Host $host;
                proxy_pass hppt://127.0.0.1:81;
        }
        location /zimbra/ {
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header Host $host;
                proxy_pass hppt://127.0.0.1:81;
        }
        location /service/ {
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header Host $host;
                proxy_pass hppt://127.0.0.1:81;
        }
Avatar
Descartar
Autor

thread help.openerp.com/question/6574/how-to-serve-http-static-files/ raises the same question but has not answer.

In case you are running two instances of openerp Just config one of your openerp (externel or internal) to run on an other port than 8069 (8169; 8869 ........) any other port not in use. And make change in nginx.conf to the port chosen.

In case you want to redirect a customer to a specific database, just append "/?db=databasename" to the URL.

Autor

we have only one instance running on 8069. and both URLs i.e. internal and external currently respond to request but are being forwarded to the very same instance. That's okay.

Autor

When we invoke https://fqdn/internal/erp the proxy works great and forwards the request to OpenERP. OpenERP sends a response back which redirects to the starndard DB at the absolute URL "/?db=DefaultDB" rather than the invoked relative path "/internal/erp/?db=DefaultDB".

Autor

appending the DB to the invoked path "/internal/erp/?db=DefaultDB" returns a white page page with the HTML title "OpenERP"

Autor

<html style="height: 100%"> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>OpenERP</title> <link rel="shortcut icon" href="/web/static/src/img/favicon.ico" type="image/x-icon"/> <link rel="stylesheet" href="/web/static/src/css/full.css" /> <link rel="stylesheet" href="/web/webclient/css?db=dreipuls"> <script type="text/javascript" src="/web/webclient/js?db=dreipuls"></script> ...

Autor

that returned code indicates that the proxy works okay but the internal links in href=".." are wrong. Getting those changed to either be relative or have a static context prepended would solve the issue. But currently I have no idea how to get this accomplished. Any clues?

By ../external/erp , i think you mean access from the outside (external to lacal network ?). If so, have you checked the config of your router ?

Autor

forget about the /external/erp URL. The router is fine. Let's focus on /internal/erp first. I can get the rest to work. Cheers.

If you need to proxy requests for a specific location to a specific resource, use a rewrite rule to capture the path to the resource and pass that along to the proxied server. For example, if you want all requests for http://example.com/ to be handed to a server running on 192.168.3.105 with a path of /teams/~example/, you would write the following location block:

File excerpt:/etc/nginx/sites-available/example.com

 location / {
   rewrite ^(.*)$ /teams/~example/$1 break;
   proxy_pass   <a href="http://192.168.3.105">http://192.168.3.105</a>;
 }
Mejor respuesta

This is a "known issue" since 5.1 marked as "won't fix": https://bugs.launchpad.net/openobject-client-web/+bug/384798 (sorry, need some obscure "karma" to post a direct link, so you have to copy+paste). The use case is common (SSL proxy and EV certificate or single domain policy), so using a subdomain ist not a solution. I cannot understand why nobody addresses this. C'mon, this is a bug. And it is over five years old.

 

Avatar
Descartar
Mejor respuesta

Hum you might want to really try Virtual Hosting instead of using subdir. Here's why:

Somehow, all links produced by the application (openerp) should be relative (and it's not the case). When I speak of "all links", I mean the CSS links, the first Javascript source links, then all the RPC calls done also. And maybe more hiding here or there. So patching openerp is a long solution. Other solution are not really complete also: they involve rewriting URL in HTTP packets content on the fly. This can be done by your Proxy, but it doesn't work all the time (they must look in CSS also, and what if you build your request in javascript ?) ...

Additionaly, there are issues in Werkzeug itself preventing this to work as-is also. If you want more info: please refer to:

https://github.com/mitsuhiko/werkzeug/issues/540

Note that there's a quick fix for the werkzeug part.

So finaly, this is a no-go. Find a way to make a VirtualHost (aka http://odoo.example.com), and avoid subdir proxying (http://example.com/odoo) unless your app is very simple and won't evolve to much. So this is not for Odoo/OpenERP.

Avatar
Descartar
Publicaciones relacionadas Respuestas Vistas Actividad
1
mar 15
5485
1
ago 24
1587
4
jul 20
4949
1
mar 15
6486
3
jul 21
8916