如何使用nginx在https模式下运行odoo?
如何使用nginx在https模式下运行odoo?
提问于 2018-05-31 02:01:51
我正在尝试使用nginx在https模式下运行odoo,但它不起作用。我就是这么试的,
sudo apt-get install nginx
cd /etc/nginx/sites-available
sudo openssl genrsa -des3 -passout pass:odoo -out server.temp.key 2048
sudo openssl req -new -passin pass:odoo -key server.temp.key -out server.csr
sudo openssl rsa -in server.temp.key -out server.key
sudo rm server.temp.key
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt我的证书文件,
upstream odoo {
server localhost:8069 weight=1 fail_timeout=3000s;
}
server {
listen 443;
listen [::]:443 ipv6only=on;
server_name odoo.example.com;
ssl on;
ssl_ciphers ALL:!ADH:!MD5:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
# Specifies the maximum accepted body size of a client request,
# as indicated by the request header Content-Length.
client_max_body_size 200m;
# add ssl specific settings
keepalive_timeout 60;
# increase proxy buffer to handle some OpenERP web requests
proxy_buffers 16 64k;
proxy_buffer_size 128k;
location / {
proxy_pass http://odoo;
# Force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
# Let the Odoo web service know that we're using HTTPS, otherwise
# it will generate URL using http:// and not https://
proxy_set_header X-Forwarded-Proto https;
# Set timeouts
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
send_timeout 3600;
# By default, do not forward anything
proxy_redirect off;
}
# Cache some static data in memory for 60mins.
# under heavy load this should relieve stress on the Odoo web interface a bit.
location ~* /[0-9a-zA-Z_]*/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo;
}
access_log /var/log/nginx/odoo-ssl.access.log;
error_log /var/log/nginx/odoo-ssl.error.log;
}在此之后,我重新启动了nginx,在odoo配置中启用了代理模式,并重新启动了odoo服务器,但我的站点仍然以http模式运行。我没有给我的网站任何域名。在设置nginx之前,这是必须的吗?
回答 1
Stack Overflow用户
回答已采纳
发布于 2018-05-31 18:23:58
好的,让我们从头开始。要使用ssl设置Odoo,您需要:
1)域名
2)反向代理的正确配置(您使用的是nginx,因此很容易修复)
3) ssl证书
4)更新Odoo配置
我已经写下了上述几点的一些提示
1)我假设你有一个指向你的服务器的域。如果不是,那么您需要访问您的域控制面板并设置dns(只需将您的服务器IP设置为"A“值)。这方面的示例教程(请参见第5点):https://www.cier.tech/blog/blog-1/post/how-to-publish-your-website-on-amazon-ec2-linux-ubuntu-server-13
2) Odoo配置示例:
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}
# http -> https
server {
listen 80;
server_name odoo.mycompany.com; #replace with your domain
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443;
server_name odoo.mycompany.com; #replace with your domain
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# SSL parameters - update with your cert details
ssl on;
ssl_certificate /etc/ssl/nginx/server.crt;
ssl_certificate_key /etc/ssl/nginx/server.key;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
# log
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;
# Redirect requests to odoo backend server
location / {
proxy_redirect off;
proxy_pass http://odoo;
}
location /longpolling {
proxy_pass http://odoochat;
}
# common gzip
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
}正如您所看到的,还有一个用于聊天的上游端口,因为它在另一个端口上工作。记住要在启用了站点的站点中创建快捷方式:
ln -s /etc/nginx/sites-available/yoursite.com /etc/nginx/sites-enabled/yoursite.com稍后测试nginx配置并重新启动它:
nginx -t
service nginx restart提到的配置来自:https://www.odoo.com/documentation/10.0/setup/deploy.html
4)更新你的Odoo配置:- proxy_mode = True - worker =如果你想让“聊天”和“讨论”模块正常工作,你需要有多个工作者。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/50610912
复制相关文章
相似问题