Skip to Content
This question has been flagged
2 Replies
16857 Views
Avatar
David Ogles

Odoo 10 enterprise, unbuntu 16.04LTS, and nginx.

I've added the following code to the server block, but it is still allowing access to /web/database/manager.  I've tried the dbrestrict addon, but it doesn't accept any password that i've set, which I assume is because it is set for odoo 8.  I like that option better than the location restriction.

server {

   listen 80;

   listen [::]:80;

   server_name completerespite.com www.completerespite.com;

   rewrite ^(.*) https://$host$1 permanent;

location ~ ^/web/database/(manager|selector) {

                allow 1.2.3.4;

                deny all;

}

}


What am I doing wrong.  Spend the past day going through every google return, odoo forum, and nginx forum.


thanks,

Dave

Avatar
Discard
Avatar
Fatih Piristine
Best Answer

here is on option with auth basic. that is what i use. each location you want to handle with restriction needs to enclosed in "location /". other locations can be outside for setting headers etc etc.

I did search the same thing long ago but made own solution for it.


server {
    listen 80;
    server_name completerespite.com;
    return 301 http://www.completerespite.com$request_uri;
}
server {
    listen 80;
    server_name www.completerespite.com;
    # --------------------------------------------------------------------------
    # Locations
    # --------------------------------------------------------------------------
    location / {
        proxy_pass http://yourdomain;
        # set headers
        # ...
        location ~ /web/database/manager {
            auth_basic "Restricted Access";
            auth_basic_user_file auth/domain_auth;
            proxy_pass http://yourdomain;
            # set headers
            # ...
        }
        location ~ /web/database/selector {
            auth_basic "Restricted Access";
            auth_basic_user_file auth/domain_auth;
            proxy_pass http://yourdomain;
            # set headers
            # ...
        }
    }
}


send images, etc without cookies header... same level with 'location /' like mentioned above. handles the multilang paths!

location ~* /web/static/ {
        access_log off;
        log_not_found off;
        expires 10d;
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        proxy_hide_header Set-Cookie;
        proxy_ignore_headers Set-Cookie;
        proxy_pass http://hexon_fi;
    }


Avatar
Discard
Avatar
David Ogles
Author Best Answer

Thanks that did the trick.  I was having issues with the proxy_pass, but got all of that worked out.  I sure appreciate the help.


Dave

Avatar
Discard