This question has been flagged
16 Replies
455583 Views
Avatar
A. Person

Has anyone succeeded in accessing OpenERP via an Nginx reverse proxy? I like the idea of having an extra layer between the user and OpenERP, for HTTP authentication for example. The info about this online seems to be geared toward a server that doesn't run anything else on 80/443.

I've been able to make this work under a different port but I can't get it working under 80/443 and an /openerp/ folder. I get errors like this:

XmlHttpRequestError SyntaxError: JSON Parse error: Unexpected identifier "Unsupported" Unsupported Content-Type for POST method

Is it possible to make this work?

Avatar
Discard
Avatar
Daniel Reis
Best Answer

I am using nginx as a reverse proxy for HTTPS. I did see your error message while getting to the right configuration.

Here is may config, replace myopenerp.example.com by your server address:

## Based on: http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/

## OpenERP backend ##
upstream openerp {
    server 127.0.0.1:8069;
}

## https site##
server {
    listen      443 default;
    server_name myopenerp.example.com;
    root        /usr/share/nginx/html;
    index       index.html index.htm;

    # log files
    access_log  /var/log/nginx/openerp.access.log;
    error_log   /var/log/nginx/openerp.error.log;

    # ssl files
    ssl on;
    ssl_certificate     /etc/ssl/nginx/server.crt;
    ssl_certificate_key /etc/ssl/nginx/server.key;
    keepalive_timeout   60;

    # limit ciphers
    ssl_ciphers             HIGH:!ADH:!MD5;
    ssl_protocols           SSLv3 TLSv1;
    ssl_prefer_server_ciphers on;

    # proxy buffers
    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    ## default location ##
    location / {
        proxy_pass  http://openerp;
        # force timeouts if the backend dies
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;

        # set headers
        proxy_set_header    Host            $host;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto https;
    }

    # cache some static data in memory for 60mins
    location ~* /web/static/ {
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://openerp;
    }
}

## http redirects to https ##
server {
    listen      80;
    server_name myopenerp.example.com;

    # Strict Transport Security
    add_header Strict-Transport-Security max-age=2592000;
    rewrite ^/.*$ https://$host$request_uri? permanent;
}
Avatar
Discard
Yenthe Van Ginneken (Mainframe Monkey)

Thanks Daniel, this works like a charm! Accepted the answer ;)

gunnar

can you specify what file this is?

/etc/nginx/sites-available/your_server ?

dirtyHandsPHP

Thanks man!!! :)

Piotr Cierkosz

I hope official documentation could be updated as some devs are struggling with this.

Avatar
Med Said BARA
Best Answer

Hi;

As you know port TCP 443 is reserved for https connections. You say that you can connect to OpenERP from other ports but not from 80 and 443.

So what is the difference for an application when running on a port NUMBER X or another port number Y:NOTHING, till there is no other application running on the same port on the same server. So, i think that on your server there is probably an other application running on the same ports 80 and 443 !

If so, Change the port of this application, or stop it (if it is not in use), or simply let OpenERP running on other ports.

Last, check for errors in NGINX logs (/var/log/nginx/error.log access.log openerp-error.log openerp-access.log).

Best regards

Avatar
Discard
A. Person
Author

I ended up changing OpenERP to another port and it works great.

Avatar
DWARKANATH BARI
Best Answer

Hello to all,

nginx: [emerg] duplicate upstream "odoo" in /etc/nginx/sites-enabled/simpleenergytech.com:27

I have face this issue.

Avatar
Discard
MahaKaba

if you find the answer find nice.

if not you just have to delete the default file you have on /etc/nginx/sites-enable/default.

Avatar
FatherMahno
Best Answer

Proxy could give you a hand with staying hidden while you online. For some occasion it's not that suitable as it does changes your IP to another one, but to a static one. So, if you comprise  it once - you will to have change proxy again and again. VPN could help you with this, just give it a try.

Avatar
Discard
Avatar
phocho
Best Answer

https://wiki.archlinux.org/index.php/Odoo

done in ubuntu 14.04 lts and port 80 only

Thanks


Avatar
Discard
Avatar
Michael St-Georges
Best Answer

I don't know if the openerp folder thing still troubles you. Anyway there is the rewrite directive for nginx you should be looking at. You would have to have something like rewrite ^/openerp/(.*) /$1 break; in the /openerp/ location definition in addition to the proxy directives.

Avatar
Discard
Avatar
Andreas Brueckl
Best Answer

I am running an OpenERP-Server on port 8000 and I have the following setup:

  1. /etc/nginx/sites-enabled/xxx-80 (redirecting all traffic to port 443)

    server {
  listen      80;
  server_name xxx.camadeus.at;
  rewrite     ^   https://$server_name$request_uri? permanent;
}

  2. /etc/nginx/sites-enabled/xxx-443

    upstream webserver-projekt2 {
    server 127.0.0.1:8000 weight=1 fail_timeout=300s;
}

server {


# server port and name
listen        443 ssl;
server_name   xxx.camadeus.at;

# Specifies the maximum accepted body size of a client request,
# as indicated by the request header Content-Length.
client_max_body_size 200m;

# log files
access_log    /var/log/nginx/openerp-xxx-ssl-access.log;
error_log    /var/log/nginx/openerp-xxx-ssl-error.log;

# SSL config
ssl_certificate     /etc/nginx/xxx.camadeus.at.crt;
ssl_certificate_key /etc/nginx/xxx.camadeus.at.key;
ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers         HIGH:!aNULL:!MD5;

# increase proxy buffer to handle some OpenERP web requests
proxy_buffers 16 64k;
proxy_buffer_size 128k;

location / {
    proxy_pass    http://webserver-projekt2;
    # force timeouts if the backend dies
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

    # set headers
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

    # Let the OpenERP web service know that we're using HTTPS, otherwise
    # it will generate URL using http:// and not https://
    # proxy_set_header X-Forwarded-Proto https;

    # by default, do not forward anything
    proxy_redirect off;
}

# cache some static data in memory for 60mins.
# under heavy load this should relieve stress on the OpenERP web interface a bit.
location ~* /web/static/ {
    proxy_cache_valid 200 60m;
    proxy_buffering    on;
    expires 864000;
    proxy_pass http://webserver-projekt2;
}

}
Avatar
Discard
A. Person
Author

Please correct me if I'm wrong but I think openerp is the only thing you guys are running on port 443. What's tricky in my setup is I'm trying to use OpenERP inside an /openerp/ folder on the URI to distinguish it from the "normal" 443 service.

I do have it working like this under another port though: location / { proxy_set_header Host $host:$server_port; proxy_pass http://127.0.0.1:8069; }

Stefan Lorenz

then you have to set the location accordingly: location /your/path {}

sarkarsolution.surat

i also tired to do that but i can't get right results

Avatar
Balvant Ramani
Best Answer

Please help me to configure ssl using nginx for odoo 8. i setup all things. but not working. not even get any error. what to do ?

Avatar
Discard