Odoo Help

Welcome!

This community is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

0

Odoo 8 - Reverse proxy and multiple databases

By
Laurent Wallet
on 11/9/15, 8:58 AM 1,226 views

Hi!

I have setup an Odoo 8 instance on a VPS, accessed through an nginx supplied reverse proxy and which is working quite well for our testing purposes. We wanted to keep a "virgin" database, to be able to assess more precisely the various interface and "behavioral" modifications of different modules we have elected to test, as they seem to bring otherwise missing functionalities to Odoo.

However, when we add a second database (initially by copying the backup of the initial, untouched database, but whatever means we use does fail) we cannot seem to be able to login. What happens is that right after we have created the database in the database  interface and clicked on upper right link "back to authentification page" (or something like this as our instance is not in english) we are indeed brought to the database selection dialog, but once we do select a database and try to log in, the browser states it cannot reach the page and there might be too many re-directions.

We have tested this without the reverse proxy and everything was working as expected, so I can only assume the problem lies with the nginx proxy configuration. Since we are quite new at directly dealing with reverse proxies and nginx in general could anyone help me figure out what could be wrong with below configuration? Or is it not possible to use multiple databases with a reverse proxy without assigning each one a sub-address?

Thank you!


upstream odoo {
server 127.0.0.1:8069;
}
upstream odoo-im {
server 127.0.0.1:8072;
}

## http redirects to https ##
server {
listen 80;
server_name XXX.XXX.XX;
add_header Strict-Transport-Security max-age=2592000;
return 301 https://$host$request_uri?;
}

server {
listen 443 ssl;
server_name XXX.XXX.XX;

# Specifies the maximum accepted body size of a client request,
# as indicated by the request header Content-Length.
client_max_body_size 200m;

# define log files (fail2ban)
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;

# ssl specific settings
keepalive_timeout 60;
ssl_session_timeout 15m;
ssl_session_cache shared:SSL:1m;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_dhparam /etc/ssl/dhparam.pem;

# Limit ciphers
# Source: Mozilla SSL Configuration intermediate:
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# End Mozilla SSL Configuration intermediate

# increase proxy buffer to handle some OpenERP web requests
proxy_buffers 16 24k;
proxy_buffer_size 128k;

# general proxy settings
# force timeouts if the backend dies
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

# set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# Let the web service know that we’re using HTTPS, otherwise
# it will generate URL using http:// and not https://
# Most PHP, Python, Rails, Java App can use this header
proxy_set_header X-Forwarded-Proto https;

# This is better
# proxy_set_header X-Forwarded-Proto $scheme;
# add_header Front-End-Https on;

# by default, do not forward anything
proxy_redirect off;
proxy_buffering off;
location / {
proxy_pass http://odoo;
}
location /longpolling {
proxy_pass http://odoo-im;
}

# cache some static data in memory for 60mins.
# under heavy load this should relieve stress on the Odoo web interface a bit.
location ~* /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo;
}
}

0
Lucia
On 6/21/16, 5:02 PM

I am having the same problem. Did you find a solution?

No...

universeal, Laurent Wallet
on 6/22/16, 8:02 AM
0

Axel Mendoza

--Axel Mendoza--
10298
| 7 7 8
Camaguey, Cuba
--Axel Mendoza--

DevOps - Full stack - Software Architect - Developer - Technology Integrator

I could help you to develop anything and solve complex problems based on technologies, integrations and tricky stuffs mostly in Python with OpenERP/Odoo, Zato, Django and many others frameworks programming languages and technologies.

I offers consulting services to anyone with an unanswered questions or needs for customizations. Think about it, maybe it's better to have an expert to solve your issues and projects than having a full time employee trying to understand what to do an how

Reach me at aekroft@gmail.com

Axel Mendoza
On 11/12/15, 3:51 AM

This is the nginx template that I use to generate my nginx server config for Odoo reverse proxy using SSL and it works ok for me. Please try it to see if works for you too, get merged with yours and change what you need. In mine you may notice that there are a number of variables between {}

upstream solteinserver{instance_name} {
server 127.0.0.1:{instance_port} weight=1 fail_timeout=300s;
}

server {
listen 80;
server_name {server_name};
return 301 https://$server_name$request_uri;
}

server {
listen {server_port};
server_name {server_name};

client_max_body_size 2500m;
access_log /var/log/nginx/instance-{instance_name}_access.log;
error_log /var/log/nginx/instance-{instance_name}_error.log;

ssl on;
ssl_certificate /opt/certs/soltein.org.pem;
ssl_certificate_key /opt/certs/soltein.org_privatekey.pem;

keepalive_timeout 60;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

proxy_buffers 16 64k;
proxy_buffer_size 128k;

location / {
proxy_pass http://solteinserver{instance_name}$request_uri;

#if ($http_cookie !~* "last_used_database=$subdomain") {
# add_header Set-Cookie last_used_database=$subdomain;
#}
#proxy_set_header Cookie last_used_database=$subdomain\;$http_cookie;

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;

proxy_set_header X-Forwarded-Proto https;
proxy_redirect http:// https://;

proxy_read_timeout 300000;
}
location ~* /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://solteinserver{instance_name};
}
}
0
app
On 11/9/15, 9:08 AM

In the Odoo configuration file, you need to set:

proxy_mode = True

Without it, Odoo won't read the protocol and host from the headers set by nginx, and it'll try to redirect to HTTP.    

Many thanks for the very quick reply, I will check this right away.

universeal, Laurent Wallet
on 11/9/15, 9:16 AM

Unfortunately that did not work. Erf. Sounded good though :-)

universeal, Laurent Wallet
on 11/9/15, 9:19 AM

Your Answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!

About This Community

This community is for professionals and enthusiasts of our products and services. Read Guidelines

Question tools

2 follower(s)

Stats

Asked: 11/9/15, 8:58 AM
Seen: 1226 times
Last updated: 6/21/16, 5:02 PM