Odoo Help

0

Remote Access to OpenERP on Windows 2012.

By
Darryn Parker
on 11/11/13, 7:46 PM 6,645 views

For the life of my, I cannot get remote access to an instance of OpenERP 7 on my Windows 2012 Server.

This is a Public facing, stand-alone web server that implements it's own Windows 2012 Firewall. We are getting timeouts error messages. It's like the Apache web serve is just ignoring the requests.

Funny thing is that I've set-up an instance of OpenERP on another server using the same config but it's on the same LAN as me as this isn't public facing so I cannot test it's configuration or remote access.

I can connect to OpenERP just fine locally and on different ports when I change the config file.

I have confirmed that port 80 is not blocked by Windows firewall by installing IIS and connecting successfully to that web server and we're run utilities to monitor incoming connection requests and port 80 requests are coming through.

There are no Windows Event log entries that look suspicious.

Is there a series of steps that I've missed to allow remote access? Any help would be very appreciative.

Current config file:


[options] without_demo = False unaccent = False db_template = template1 db_password =** xmlrpcs = True xmlrpcs_interface = syslog = True logrotate = True xmlrpcs_port = 8071 test_report_directory = False list_db = True timezone = False xmlrpc_interface = test_file = False smtp_password = False secure_pkey_file = server.pkey xmlrpc_port = 80 workers = 0 log_level = info xmlrpc = True admin_passwd = admin smtp_port = 25 smtp_server = localhost static_http_url_prefix = None limit_request = 8192 test_commit = False proxy_mode = False demo = {} dbfilter = . login_message = False import_partial = pidfile = None db_maxconn = 64 osv_memory_count_limit = False reportgz = False osv_memory_age_limit = 1.0 netrpc_port = 8070 db_port =5432 db_name = False debug_mode = False netrpc = False limit_time_real = 120 limit_memory_hard = 805306368 logfile = C:\OpenERP\Server\server\openerp-server.log csv_internal_sep = , limit_time_cpu = 60 pg_path =C:\OpenERP\PostgreSQL\bin limit_memory_soft = 671088640 static_http_enable = False translate_modules = ['all'] smtp_ssl = False server_wide_modules = None netrpc_interface = smtp_user = False log_handler = [':INFO'] db_user =** db_host =** test_enable = False max_cron_threads = 2 static_http_document_root = None email_from = False addons_path = C:\OpenERP\Server\server\openerp\addons secure_cert_file = server.cert

You mention Apache and IIS, both of those run on port 80 by default, so does your OpenERP server by looking at your config file there. Obviously the OpenERP server isn't getting the request, so must be one of those other programs. If your exposing the OpenERP server itself directly to the net via that port 80 config, why do you need Apache?

Mike Lindsay
on 11/11/13, 8:24 PM

Sorry, I made the mistake of saying that Apache isn't taking the requests. I meant OpenERP. I tested Port 80 using IIS and it works, but I cannot get the OpenERP service to take and serve the requests.

I take it there isn't anything in the configuration or setup that I've missed?

Darryn Parker
on 11/11/13, 8:50 PM
0
Vince Pike
On 9/29/17, 11:12 AM

Hello, here is the current way that I was successful setting up Odoo on Windows Server with HTTPS, and HTTP.

    Download the latest Odoo build for Windows which installs itself as a service that will work on port 8069.

    Install and Configure Odoo as you would like it to be.

    After configuring your Odoo, you will need to setup a reverse proxy so that IIS can route traffic that comes into your server on port 80 and 443 to your local Odoo service which works on port 8069. This involves installing 2 web platform components called URL Rewrite, and Application Request Routing. If you don’t already have URL Rewrite 2.1 and Application Request Routing 3.0 installed you can do so easily with the Web Platform Installer.

    After installing both of the above items, you must create a website on your public web server that has the public bindings that you need. Alternately, you can use an existing site and route using conditions for certain traffic.

    After you’ve created your site then open up URL Rewrite at the site level.


    Using the “Add Rule(s)…” template that is opened from the right-hand actions pane, create a new Reverse Proxy rule.


    If you receive a prompt (the first time) that the proxy functionality needs to be enabled, select OK. This is telling you that a proxy can route traffic outside of your web server, which happens to be our goal in this case. Be aware that reverse proxy rules can be dangerous if you open sites from inside you network to the world, so just be aware of what you’re doing and why.


    The next and final step of the template asks a few questions.


    The first textbox asks the name of the internal web server. In our example, it’s 10.10.0.50:8111. This can be any URL, including a subfolder like internal.mysite.com/blog. Don’t include the http or https here. The template assumes that it’s not entered.

    You can choose whether to perform SSL Offloading or not. Leave this checked so that you can access Odoo with a secure connection. The traffic only passed unecrypted whilst on this server to itself.

    Next, the template enables you to create an outbound rule. This is used to rewrite links in the page to look like your public domain name rather than the internal domain name. Outbound rules have a lot of CPU overhead because the entire web content needs to be parsed and updated. However, if you need it, then it’s well worth the extra CPU hit on the web server.

    If you check the “Rewrite the domain names of the links in HTTP responses” checkbox then the From textbox will be filled in with what you entered for the inbound rule. You can enter your friendly public URL for the outbound rule. This will essentially replace any reference to 10.10.0.50:8111 (or whatever you enter) with tools.mysite.com in all <a>, <form>, and <img> tags on your site.


    That’s it! Well, there is a lot more that you can do, this but will give you the base configuration. You can now visit www.mysite.com on your public web server and it will serve up the site from your internal web server.

    You should see two rules show up; one inbound and one outbound. You can edit these, add conditions, and tweak them further as needed.

    Once you have configured this correctly, check your web.config file at the root of your site, and compare it to below to ensure it works with Let's Encrypt's free SSL certificates.

    <?xml version="1.0" encoding="UTF-8"?>

    <configuration>

        <system.webServer>

            <rewrite>

                <rules>

                    <rule name="SSL_LetsEncrypt_Fixer" stopProcessing="true">

                    <!-- If url contains .well-known/acme-challenge then it matches, & don't process any other rules -->

                        <match url="^(?:(?!\.well-known\/acme-challenge).)*$" negate="true" />                   

                        <action type="None" />

                    </rule>

                   

                    <rule name="Redirect HTTP to HTTPS" stopProcessing="true">

                        <match url="^(?:(?!\.well-known\/acme-challenge).)*$" />

                        <conditions>

                            <add input="{HTTPS}" pattern="off" ignoreCase="true" />

                        </conditions>

                        <action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}"

                            redirectType="Permanent" appendQueryString="false" />

                    </rule>

                   

                    <rule name="ReverseProxyInboundRule1" stopProcessing="true">

                        <match url="(.*)" />

                        <action type="Rewrite" url="http://LOCAL_IP_ADDRESS_ODOO_IS_INSTALLED_ON:8069/{R:1}" />

                    </rule>

               

                </rules>

               

                <outboundRules>

               

               

                    <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">

                        <match filterByTags="A, Form, Img" pattern="^http(s)?://192.168.254.20:8069/(.*)" />

                        <action type="Rewrite" value="http{R:1}://PUBLIC_DOMAIN_ADDRESS/{R:2}" />

                    </rule>

                    <preConditions>

                        <preCondition name="ResponseIsHtml1">

                            <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />

                        </preCondition>

                    </preConditions>

                   

                    <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">

                    <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*"/>

                    <conditions>

                        <add input="{HTTPS}" pattern="on" ignoreCase="true"/>

                    </conditions>

                    <action type="Rewrite" value="max-age=31536000"/>

                    </rule>

                   

                </outboundRules>

            </rewrite>

        </system.webServer>

    </configuration>


Please let me know if you have any problems with this, or request further guidance.
Vince

0
Darryn Parker
On 11/11/13, 9:10 PM

Solved.

This was a result of Windows 2012 Firewall blocking port 80 traffic to the OpenERP Service itself, not just port 80 traffic.

I compared the default Inbound firewall rules for IIS against the one that I created and made a slight adjustment to allow this traffic to come through to the service and she's all working now.

Hope this helps someone else.

About This Community

This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

Register

Odoo Training Center

Access to our E-learning platform and experience all Odoo Apps through learning videos, exercises and Quizz.

Test it now

Question tools

0 follower(s)

Stats

Asked: 11/11/13, 7:46 PM
Seen: 6645 times
Last updated: 9/29/17, 11:12 AM