Skip to Content
This question has been flagged
nginxdatabasesreverse_proxyodooV8odoo8.0
5 Replies
7582 Views
Avatar
Laurent Wallet

Hi!

I have setup an Odoo 8 instance on a VPS, accessed through an nginx supplied reverse proxy and which is working quite well for our testing purposes. We wanted to keep a "virgin" database, to be able to assess more precisely the various interface and "behavioral" modifications of different modules we have elected to test, as they seem to bring otherwise missing functionalities to Odoo.

However, when we add a second database (initially by copying the backup of the initial, untouched database, but whatever means we use does fail) we cannot seem to be able to login. What happens is that right after we have created the database in the database  interface and clicked on upper right link "back to authentification page" (or something like this as our instance is not in english) we are indeed brought to the database selection dialog, but once we do select a database and try to log in, the browser states it cannot reach the page and there might be too many re-directions.

We have tested this without the reverse proxy and everything was working as expected, so I can only assume the problem lies with the nginx proxy configuration. Since we are quite new at directly dealing with reverse proxies and nginx in general could anyone help me figure out what could be wrong with below configuration? Or is it not possible to use multiple databases with a reverse proxy without assigning each one a sub-address?

Thank you!


upstream odoo {
 server 127.0.0.1:8069;
}
upstream odoo-im {
 server 127.0.0.1:8072;
}

## http redirects to https ##
server {
 listen 80;
 server_name XXX.XXX.XX;
 add_header Strict-Transport-Security max-age=2592000;
 return 301 https://$host$request_uri?;
}

server {
 listen 443 ssl;
 server_name XXX.XXX.XX;

# Specifies the maximum accepted body size of a client request,
# as indicated by the request header Content-Length.
 client_max_body_size 200m;

# define log files (fail2ban)
 access_log /var/log/nginx/odoo.access.log;
 error_log /var/log/nginx/odoo.error.log;

# ssl specific settings
 keepalive_timeout 60;
 ssl_session_timeout 15m;
 ssl_session_cache shared:SSL:1m;
 ssl_certificate /etc/nginx/ssl/server.crt;
 ssl_certificate_key /etc/nginx/ssl/server.key;
 ssl_dhparam /etc/ssl/dhparam.pem;

# Limit ciphers
# Source: Mozilla SSL Configuration intermediate:
 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
# End Mozilla SSL Configuration intermediate

# increase proxy buffer to handle some OpenERP web requests
 proxy_buffers 16 24k;
 proxy_buffer_size 128k;

# general proxy settings
# force timeouts if the backend dies
proxy_connect_timeout 60s;
 proxy_send_timeout 60s;
 proxy_read_timeout 60s;
 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

# set headers
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# Let the web service know that we’re using HTTPS, otherwise
# it will generate URL using http:// and not https://
# Most PHP, Python, Rails, Java App can use this header
 proxy_set_header X-Forwarded-Proto https;

# This is better
# proxy_set_header X-Forwarded-Proto $scheme;
# add_header Front-End-Https on;

# by default, do not forward anything
 proxy_redirect off;
 proxy_buffering off;
 location / {
 proxy_pass http://odoo;
 }
 location /longpolling {
 proxy_pass http://odoo-im;
 }

# cache some static data in memory for 60mins.
# under heavy load this should relieve stress on the Odoo web interface a bit.
 location ~* /web/static/ {
 proxy_cache_valid 200 60m;
 proxy_buffering on;
 expires 864000;
 proxy_pass http://odoo;
 }
}

Avatar
Discard
Avatar
Lucia
Best Answer

I am having the same problem. Did you find a solution?

Avatar
Discard
Laurent Wallet
Author

No...

Avatar
Axel Mendoza
Best Answer

This is the nginx template that I use to generate my nginx server config for Odoo reverse proxy using SSL and it works ok for me. Please try it to see if works for you too, get merged with yours and change what you need. In mine you may notice that there are a number of variables between {}

upstream solteinserver{instance_name} {
    server 127.0.0.1:{instance_port} weight=1 fail_timeout=300s;
}

server {
    listen         80;
    server_name    {server_name};
    return         301 https://$server_name$request_uri;
}

server {
    listen  {server_port};
    server_name {server_name};
    
    client_max_body_size 2500m;
    access_log /var/log/nginx/instance-{instance_name}_access.log;
    error_log  /var/log/nginx/instance-{instance_name}_error.log;
    
    ssl on;
    ssl_certificate     /opt/certs/soltein.org.pem;
    ssl_certificate_key /opt/certs/soltein.org_privatekey.pem;

    keepalive_timeout 60;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    
    proxy_buffers 16 64k;
    proxy_buffer_size 128k;
    
    location / {
        proxy_pass http://solteinserver{instance_name}$request_uri;
        
        #if ($http_cookie !~* "last_used_database=$subdomain") {
        #    add_header Set-Cookie last_used_database=$subdomain;
        #}
        #proxy_set_header Cookie last_used_database=$subdomain\;$http_cookie;
        
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Scheme $scheme;
        
        proxy_set_header X-Forwarded-Proto https;
        proxy_redirect http:// https://;
        
        proxy_read_timeout 300000;
    }
    location ~* /web/static/ {
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://solteinserver{instance_name};
    }
}
Avatar
Discard
Avatar
app
Best Answer

In the Odoo configuration file, you need to set:

proxy_mode = True

Without it, Odoo won't read the protocol and host from the headers set by nginx, and it'll try to redirect to HTTP.    

Avatar
Discard
Laurent Wallet
Author

Many thanks for the very quick reply, I will check this right away.

Laurent Wallet
Author

Unfortunately that did not work. Erf. Sounded good though :-)

Related Posts Replies Views Activity
Timeout error with nginx Solved
nginx odooV8
Avatar
Avatar
Avatar
Avatar
3
May 24
146881
Using with_context in super call turns into infinite call in odoo Solved
odooV8 odoo8.0
Avatar
Avatar
Avatar
2
Jan 20
13431
Edit inherited field definition in odoo 8 Solved
odooV8 odoo8.0
Avatar
Avatar
Avatar
Avatar
Avatar
16
Aug 19
8648
display field depending the value of another field in the view (odoo 8) Solved
odooV8 odoo8.0
Avatar
Avatar
1
Jan 19
4311
Hide print in menu bar
odooV8 odoo8.0
Avatar
Avatar
5
Jun 18
9577