I set up nginx to listen to port 80 and redirect to https, set up proxy for odoo on odoo.localhost subdomain.
The error log of nginx indicates it uses 127.0.0.1 as host address instead localhost. Somehow odoo cannot get the resource.
The nginx error log message is follows
2016/12/17 08:58:37 [crit] 30225#0: *13 open() "/usr/local/var/run/nginx/proxy_temp/1/00/0000000001" failed (13: Permission denied) while reading upstream, client: 127.0.0.1, server: odoo.localhost, request: "GET /web/content/655-a0559f8/web.assets_backend.js HTTP/1.1", upstream: "http://127.0.0.1:8069/web/content/655-a0559f8/web.assets_backend.js", host: "odoo.localhost", referrer: "https://odoo.localhost/web"
It loads up just fine if I replace 127.0.0.1 with localhost and load it directly from browser. Is the mistake is on my nginx config or my odoo config?
Here is my nginx config file:
worker_processes 4;
events { worker_connections 1024;
}
http { include mime.types;
default_type application/octet-stream;
upstream odoo { server localhost:8069 weight=1 fail_timeout=300s;
}
server { listen 80;
# Strict Transport Security add_header Strict-Transport-Security max-age=2592000;
return 301 https://$host$request_uri;
}
#Odoo reverse proxy server { # server port and name listen 443 ssl;
server_name odoo.localhost;
# Specifies the maximum accepted body size of a client request, # as indicated by the request header Content-Length.
client_max_body_size 200m;
# ssl log files access_log /usr/local/var/log/nginx/openerp-access.log;
error_log /usr/local/var/log/nginx/openerp-error.log;
# ssl certificate files ssl on;
ssl_certificate /Users/firman/Documents/keys/odoo.localhost/odoo.localhost.crt;
ssl_certificate_key /Users/firman/Documents/keys/odoo.localhost/odoo.localhost.key;
# add ssl specific settings keepalive_timeout 60;
# limit ciphers ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# increase proxy buffer to handle some OpenERP web requests proxy_buffers 16 64k;
proxy_buffer_size 128k;
location / {
proxy_pass http://odoo;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; # force timeouts if the backend dies proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# set headers proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
# Let the OpenERP web service know that we're using HTTPS, otherwise # it will generate URL using http:// and not https:// proxy_set_header X-Forwarded-Proto https;
# by default, do not forward anything proxy_redirect off;
}
# cache some static data in memory for 60mins.
# under heavy load this should relieve stress on the OpenERP web interface a bit.
location ~* /web/static/ { proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo;
}
} }
