Odoo Help

Welcome!

This community is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

2

Nginx reverse proxy on 80/443

By
A. Person
on 9/24/13, 6:40 PM 300,595 views

Has anyone succeeded in accessing OpenERP via an Nginx reverse proxy? I like the idea of having an extra layer between the user and OpenERP, for HTTP authentication for example. The info about this online seems to be geared toward a server that doesn't run anything else on 80/443.

I've been able to make this work under a different port but I can't get it working under 80/443 and an /openerp/ folder. I get errors like this:

XmlHttpRequestError SyntaxError: JSON Parse error: Unexpected identifier "Unsupported" Unsupported Content-Type for POST method

Is it possible to make this work?

7

Daniel Reis

--Daniel Reis--
3436
| 6 7 9
Lisbon, Portugal
--Daniel Reis--

Author of the "Odoo Development Essentials" book.

Applications Manager at Securitas Portugal

Github: https://github.com/dreispt

Twitter; @reis_pt


Daniel Reis
On 9/25/13, 5:59 AM

I am using nginx as a reverse proxy for HTTPS. I did see your error message while getting to the right configuration.

Here is may config, replace myopenerp.example.com by your server address:

## Based on: http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/

## OpenERP backend ##
upstream openerp {
    server 127.0.0.1:8069;
}

## https site##
server {
    listen      443 default;
    server_name myopenerp.example.com;
    root        /usr/share/nginx/html;
    index       index.html index.htm;

    # log files
    access_log  /var/log/nginx/openerp.access.log;
    error_log   /var/log/nginx/openerp.error.log;

    # ssl files
    ssl on;
    ssl_certificate     /etc/ssl/nginx/server.crt;
    ssl_certificate_key /etc/ssl/nginx/server.key;
    keepalive_timeout   60;

    # limit ciphers
    ssl_ciphers             HIGH:!ADH:!MD5;
    ssl_protocols           SSLv3 TLSv1;
    ssl_prefer_server_ciphers on;

    # proxy buffers
    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    ## default location ##
    location / {
        proxy_pass  http://openerp;
        # force timeouts if the backend dies
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;

        # set headers
        proxy_set_header    Host            $host;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto https;
    }

    # cache some static data in memory for 60mins
    location ~* /web/static/ {
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://openerp;
    }
}

## http redirects to https ##
server {
    listen      80;
    server_name myopenerp.example.com;

    # Strict Transport Security
    add_header Strict-Transport-Security max-age=2592000;
    rewrite ^/.*$ https://$host$request_uri? permanent;
}

Thanks Daniel, this works like a charm! Accepted the answer ;)

Yenthe
on 2/13/15, 3:47 AM

can you specify what file this is?

/etc/nginx/sites-available/your_server ?

gunnar
on 3/20/15, 9:59 PM
1

Med Said BARA

--Med Said BARA--
2664
| 5 5 7
Algeria
--Med Said BARA--
Med Said BARA
On 2/9/14, 7:35 AM

Hi;

As you know port TCP 443 is reserved for https connections. You say that you can connect to OpenERP from other ports but not from 80 and 443.

So what is the difference for an application when running on a port NUMBER X or another port number Y:NOTHING, till there is no other application running on the same port on the same server. So, i think that on your server there is probably an other application running on the same ports 80 and 443 !

If so, Change the port of this application, or stop it (if it is not in use), or simply let OpenERP running on other ports.

Last, check for errors in NGINX logs (/var/log/nginx/error.log access.log openerp-error.log openerp-access.log).

Best regards

I ended up changing OpenERP to another port and it works great.

A. Person
on 2/9/14, 9:26 AM
0
Balvant
On 9/8/15, 1:55 PM

Please help me to configure ssl using nginx for odoo 8. i setup all things. but not working. not even get any error. what to do ?

0
Michael St-Georges
On 7/19/14, 2:55 PM

I don't know if the openerp folder thing still troubles you. Anyway there is the rewrite directive for nginx you should be looking at. You would have to have something like rewrite ^/openerp/(.*) /$1 break; in the /openerp/ location definition in addition to the proxy directives.

0

Andreas Brueckl

--Andreas Brueckl--
5056
| 7 8 7
Vienna, Austria
--Andreas Brueckl--
OpenERP Consulting and Development
Andreas Brueckl
On 9/25/13, 6:00 AM

I am running an OpenERP-Server on port 8000 and I have the following setup:

  1. /etc/nginx/sites-enabled/xxx-80 (redirecting all traffic to port 443)

    server {
      listen      80;
      server_name xxx.camadeus.at;
      rewrite     ^   https://$server_name$request_uri? permanent;
    }
    
  2. /etc/nginx/sites-enabled/xxx-443

    upstream webserver-projekt2 {
        server 127.0.0.1:8000 weight=1 fail_timeout=300s;
    }
    
    server {
    
    
    # server port and name
    listen        443 ssl;
    server_name   xxx.camadeus.at;
    
    # Specifies the maximum accepted body size of a client request,
    # as indicated by the request header Content-Length.
    client_max_body_size 200m;
    
    # log files
    access_log    /var/log/nginx/openerp-xxx-ssl-access.log;
    error_log    /var/log/nginx/openerp-xxx-ssl-error.log;
    
    # SSL config
    ssl_certificate     /etc/nginx/xxx.camadeus.at.crt;
    ssl_certificate_key /etc/nginx/xxx.camadeus.at.key;
    ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    
    # increase proxy buffer to handle some OpenERP web requests
    proxy_buffers 16 64k;
    proxy_buffer_size 128k;
    
    location / {
        proxy_pass    http://webserver-projekt2;
        # force timeouts if the backend dies
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
    
        # set headers
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    
        # Let the OpenERP web service know that we're using HTTPS, otherwise
        # it will generate URL using http:// and not https://
        # proxy_set_header X-Forwarded-Proto https;
    
        # by default, do not forward anything
        proxy_redirect off;
    }
    
    # cache some static data in memory for 60mins.
    # under heavy load this should relieve stress on the OpenERP web interface a bit.
    location ~* /web/static/ {
        proxy_cache_valid 200 60m;
        proxy_buffering    on;
        expires 864000;
        proxy_pass http://webserver-projekt2;
    }
    
    }
    

Please correct me if I'm wrong but I think openerp is the only thing you guys are running on port 443. What's tricky in my setup is I'm trying to use OpenERP inside an /openerp/ folder on the URI to distinguish it from the "normal" 443 service.

I do have it working like this under another port though: location / { proxy_set_header Host $host:$server_port; proxy_pass http://127.0.0.1:8069; }

A. Person
on 9/25/13, 6:23 AM

then you have to set the location accordingly: location /your/path {}

IT Consulting Lorenz, Stefan Lorenz
on 3/19/14, 5:29 AM

i also tired to do that but i can't get right results

sarkar
on 2/4/16, 12:57 AM

Your Answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!

About This Community

This community is for professionals and enthusiasts of our products and services. Read Guidelines

Question tools

7 follower(s)

Stats

Asked: 9/24/13, 6:40 PM
Seen: 300595 times
Last updated: 5/15/16, 8:18 AM