Following this tutorial I configured my Nginx like this:
upstream odoo8 { server 127.0.0.1:8069 weight=1 fail_timeout=0; } upstream odoo8-im { server 127.0.0.1:8072 weight=1 fail_timeout=0; } server { # server port and name (instead of 443 port) listen 22443; server_name _; # Specifies the maximum accepted body size of a client request, # as indicated by the request header Content-Length. client_max_body_size 2000m; # add ssl specific settings keepalive_timeout 60; ssl on; ssl_certificate /etc/ssl/nginx/server.crt; ssl_certificate_key /etc/ssl/nginx/server.key; error_page 497 https://$host:22443$request_uri; # limit ciphers ssl_ciphers HIGH:!ADH:!MD5; ssl_protocols SSLv3 TLSv1; ssl_prefer_server_ciphers on; # increase proxy buffer to handle some Odoo web requests proxy_buffers 16 64k; proxy_buffer_size 128k; # general proxy settings # force timeouts if the backend dies proxy_connect_timeout 3600s; proxy_send_timeout 3600s; proxy_read_timeout 3600s; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # set headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; # Let the Odoo web service know that we’re using HTTPS, otherwise # it will generate URL using http:// and not https:// proxy_set_header X-Forwarded-Proto https; # by default, do not forward anything proxy_redirect off; proxy_buffering off; location / { proxy_pass http://odoo8; } location /longpolling { proxy_pass http://odoo8-im; } # cache some static data in memory for 60mins. # under heavy load this should relieve stress on the Odoo web interface a bit. location /web/static/ { proxy_cache_valid 200 60m; proxy_buffering on; expires 864000; proxy_pass http://odoo8; } } And I have this ports in my Odoo configuration
longpolling_port = 8072 xmlrpc_port = 8069 xmlrpcs_port = 22443 proxy_mode = True When I load https://my_domain:22443/web/database/selector in the browser it loads well. But when I choose a database or I make any action, the address loses the https and the port, so it's loaded through the port 80. Then I would need to add this to the NginX configuration and the port 80 should be open
## http redirects to https ## server { listen 80; server_name _; # Strict Transport Security add_header Strict-Transport-Security max-age=2592000; rewrite ^/.*$ https://$host:22443$request_uri? permanent; } Is there a way to avoid this redirection? Like that I could keep the port 80 closed in order to avoid spoofing
Update
I can open the login screen with the address https://my_domain:22443/web/login?db=dabatase_name and I can work well inside, but if I log out in order to choose another database in the droplist, it loses again the port and the ssl
1 Answers
Answers 1
Please, try to use this construction:
`## http redirects to https ## server { listen 80; server_name _; if ($http_x_forwarded_proto = 'http') { return 301 https://my_domain.com$request_uri; } }` 
0 comments:
Post a Comment