Bỏ qua để đến Nội dung
Menu
Câu hỏi này đã bị gắn cờ
4 Trả lời
11439 Lượt xem

When deploying odoo behind Amazon's Elastic Load Balancers with SSL termination only... odoo redirects some requests to http. For example, logging out is always redirected to http instead of https.

I've tried everything from passing in --proxy-mode to the daemon, to hardcoding the web.base.url parameter to use https as well as setting the web.base.url.freeze parameter.

Is there anything I can do to deploy odoo behind Amazon's ELBs without having to use nginx or open it up over http?


Ảnh đại diện
Huỷ bỏ
Câu trả lời hay nhất

When deploying Odoo behind a reverse proxy there are some headers that you need to pass to your Odoo instance from the reverse proxy itself. This works for me on nginx:

        proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
# Let the OpenERP web service know that we're using HTTPS, otherwise
# it will generate URL using http:// and not https://
proxy_set_header X-Forwarded-Proto https;
# by default, do not forward anything
proxy_redirect http:// https://;

This settings on nginx location made Odoo behave ok behind a reverse proxy, in your case the last two are very important, find what nginx is doing with those settings and replicate to Amazon ELB

Ảnh đại diện
Huỷ bỏ

can you post the complete sites-aviable/default file ?

Câu trả lời hay nhất

Given the design architecture of the Odoo web app, you cannot efficiently rely on AWS ELB to handle SSL certificate nor does the Odoo uWSGi service serve you well in this regard, run it on a Nginx and save your mind.

Ảnh đại diện
Huỷ bỏ
Câu trả lời hay nhất

Does anyone have a way to do it, im trying to mount odoo 15 behind a load balancer but I wont pass the login page

Ảnh đại diện
Huỷ bỏ
Tác giả Câu trả lời hay nhất

According to Amazon's documentation:

http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/x-forwarded-headers.html

They do send the X-Forwarded-For, and X-Forwarded-Proto headers through.

Host should be passed through with the request automatically, and I'm not sure what X-Real-IP does.

I think the part that works for you, but I can't get to work for me because AWS ELB doesn't support it is the redirect of http to https. There are only a few places that don't support the automatic changing of the URL.. such as logging out, and the mass mailing campaign email editor.

I would think that these should be updated so that they work regardless of what type of load balancer the system is behind.

Alternatively I could setup an nginx docker image to simply redirect http to https, but this seems like a workaround and not a very good use of resources.

Does anyone else have any additional thoughts?

Ảnh đại diện
Huỷ bỏ

Stuck on this as well. Did you manage to set up Nginx behind ELB?

Bài viết liên quan Trả lời Lượt xem Hoạt động
0
thg 6 15
4568
0
thg 8 22
1832
3
thg 6 25
1762
2
thg 9 23
7060
1
thg 2 25
3491