reverse ssl proxy using nginx with openerp v7 _ ubuntu 12.pdf
TRANSCRIPT
-
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
1/20
ANDR SCHENKELSBUSINESS CONSULTANT | DEVELOPER | ODOO (FORMERLY OPENERP)
HOW TO: INSTALL OWNCLOUD 8.0 |UBUNTU 14.04
ANDR SCHENKELS, 10 APRIL 2015
INSTALL ODOO 8 | UBUNTU14.04 |WKHTMLTOPDF | FORMERLY OP ENERP
ANDR SCHENKELS, 21 JANUARY 201 5
N GIN X O PE NE RP O PE N SO U RC E
SHARE ON:
REVERSE SSL PROXY USING NGINXWITH OPENERP V7 | UBUNTU 12.04LTS
ANDR SCHENKELS7 JANUARY 2013
http://www.schenkels.nl/2015/04/how-to-install-owncloud-8-0-ubuntu-14-04/http://www.schenkels.nl/2015/04/how-to-install-owncloud-8-0-ubuntu-14-04/http://www.schenkels.nl/2015/04/how-to-install-owncloud-8-0-ubuntu-14-04/http://www.schenkels.nl/2015/04/how-to-install-owncloud-8-0-ubuntu-14-04/http://www.schenkels.nl/2015/04/how-to-install-owncloud-8-0-ubuntu-14-04/http://www.schenkels.nl/2015/04/how-to-install-owncloud-8-0-ubuntu-14-04/http://www.schenkels.nl/2015/01/install-odoo-v8-0-from-github-ubuntu-14-04-lts-formerly-openerp/http://www.schenkels.nl/2015/01/install-odoo-v8-0-from-github-ubuntu-14-04-lts-formerly-openerp/http://www.schenkels.nl/2015/01/install-odoo-v8-0-from-github-ubuntu-14-04-lts-formerly-openerp/http://www.schenkels.nl/2015/01/install-odoo-v8-0-from-github-ubuntu-14-04-lts-formerly-openerp/http://www.schenkels.nl/2015/01/install-odoo-v8-0-from-github-ubuntu-14-04-lts-formerly-openerp/http://www.schenkels.nl/2015/01/install-odoo-v8-0-from-github-ubuntu-14-04-lts-formerly-openerp/http://www.schenkels.nl/https://github.com/aschenkels-ictstudiohttp://nl.linkedin.com/in/andreschenkelshttps://twitter.com/andreschenkelshttp://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/http://www.schenkels.nl/author/wp_andre/http://pinterest.com/pin/create/button/?url=http%3A%2F%2Fwww.schenkels.nl%2F2013%2F01%2Freverse-ssl-proxy-using-nginx-with-openerp-v7%2F&media=http://www.schenkels.nl/wp-content/uploads/2013/01/OpenERP_Reporting_Stock.png&description=Reverse%20SSL%20Proxy%20using%20NGINX%20with%20OpenERP%20v7%20|%20Ubuntu%2012.04%20LTShttps://plus.google.com/share?url=http%3A%2F%2Fwww.schenkels.nl%2F2013%2F01%2Freverse-ssl-proxy-using-nginx-with-openerp-v7%2Fhttps://twitter.com/home?status=Reverse%20SSL%20Proxy%20using%20NGINX%20with%20OpenERP%20v7%20|%20Ubuntu%2012.04%20LTS%20http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/http://www.facebook.com/sharer.php?u=http%3A%2F%2Fwww.schenkels.nl%2F2013%2F01%2Freverse-ssl-proxy-using-nginx-with-openerp-v7%2F&t=Reverse%20SSL%20Proxy%20using%20NGINX%20with%20OpenERP%20v7%20|%20Ubuntu%2012.04%20LTShttp://www.schenkels.nl/category/opensource/http://www.schenkels.nl/category/opensource/odoo-opensource/openerp/http://www.schenkels.nl/category/opensource/nginx/http://www.schenkels.nl/2015/01/install-odoo-v8-0-from-github-ubuntu-14-04-lts-formerly-openerp/http://www.schenkels.nl/2015/01/install-odoo-v8-0-from-github-ubuntu-14-04-lts-formerly-openerp/http://www.schenkels.nl/author/wp_andre/http://www.schenkels.nl/2015/01/install-odoo-v8-0-from-github-ubuntu-14-04-lts-formerly-openerp/http://www.schenkels.nl/2015/04/how-to-install-owncloud-8-0-ubuntu-14-04/http://www.schenkels.nl/2015/04/how-to-install-owncloud-8-0-ubuntu-14-04/http://www.schenkels.nl/author/wp_andre/http://www.schenkels.nl/2015/04/how-to-install-owncloud-8-0-ubuntu-14-04/http://www.schenkels.nl/https://twitter.com/andreschenkelshttp://nl.linkedin.com/in/andreschenkelshttps://github.com/aschenkels-ictstudio -
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
2/20
Start with the installation of NGINX
sudo apt-get install nginx
Create your cert and key
First create a temporary directory and move the files to their final resting place once they have been
built (the first cd is just to make sure we are in our home directory to start with):
cd
mkdir temp
cd temp
Generate a new key, you will be asked to enter a passphrase and confirm:
openssl genrsa -des3 -out server.pkey 1024
Remove the passphrase by doing this, we do this because we dont wont to have to type this passphrase
after every restart.
http://www.schenkels.nl/wp-content/uploads/2013/01/OpenERP_Reporting_Stock.png -
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
3/20
openssl rsa -in server.pkey -out server.key
Next we need to create a signing request which will hold the data that will be visible in your final
certificate:
openssl req -new -key server.key -out server.csr
This will generate a series of prompts like this: Enter the information as requested. And finally we self-
sign our certificate.
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
We only need two of the files in the working directory, the key and the certificate. But before we can use
them they need to have their ownership and access rights altered:
sudo chown root:www-data server.crt server.key
sudo chmod 640 server.crt server.key
[AdSense-A]
And then we put them in a sensible place:
sudo mkdir /etc/ssl/nginx
sudo chown www-data:root /etc/ssl/nginx
sudo chmod 710 /etc/ssl/nginx
sudo mv server.crt server.key /etc/ssl/nginx/
We now have the key and certificate on the final location. We can now tell nginx where the files are and
how they will behave.
Create the nginx site configuration file
We create a new configuration file
sudo nano /etc/nginx/sites-available/openerp
with the following content:
-
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
4/20
IMPORTANT: You will need to change all references to openerpserver.example.com in the
following file to either the domain name or static IP address of your server.
-
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
5/20
upstream webserver {
server 127.0.0.1:8069 weight=1 fail_timeout=300s;
}
server {
listen 80;
server_name _;
# Strict Transport Security
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://$host$request_uri? permanent;
}
server {
# server port and name
listen 443 default;
server_name openerpserver.example.com;
# Specifies the maximum accepted body size of a client request,
# as indicated by the request header Content-Length.
client_max_body_size 200m;
# ssl log files
access_log /var/log/nginx/openerp-access.log;
error_log /var/log/nginx/openerp-error.log;
# ssl certificate files
ssl on;
ssl_certificate /etc/ssl/nginx/server.crt;
ssl_certificate_key /etc/ssl/nginx/server.key;
# add ssl specific settings
keepalive_timeout 60;
-
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
6/20
# limit ciphers
ssl_ciphers HIGH:!ADH:!MD5;
ssl_protocols SSLv3 TLSv1;
ssl_prefer_server_ciphers on;
# increase proxy buffer to handle some OpenERP web requests
proxy_buffers 16 64k;
proxy_buffer_size 128k;
location / {
proxy_pass http://webserver;
# force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
# Let the OpenERP web service know that we're using HTTPS, otherwise
# it will generate URL using http:// and not https://
proxy_set_header X-Forwarded-Proto https;
# by default, do not forward anything
proxy_redirect off;
}
# cache some static data in memory for 60mins.
# under heavy load this should relieve stress on the OpenERP web interface a bi
t.
location ~* /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
-
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
7/20
proxy_pass http://webserver;
}
}
We then will enable the new site configuration by creating a symbolic link in the
/etc/nginx/sites-enabled directory.
sudo ln -s /etc/nginx/sites-available/openerp /etc/nginx/sites-enabled/openerp
Change the OpenERP server configuration file
We now need to re-configure the openerp server in a way that non-encrypted services are not
accessible from the outside world.
We will change the /etc/openerp-server.conf so that it will only except requests from nginx.
Just open then file and add 127.0.0.1 to the xmlrpc and netrpc interface lines as shown below.
sudo vi /etc/openerp-server.conf
[AdSense-B]
xmlrpc_interface = 127.0.0.1
netrpc_interface = 127.0.0.1
Try the new configuration
Restart the services to load the new configurations
sudo service openerp-server restart
sudo service nginx restart
You should not be able to connect to the web client on port 8069 and the GTK client should not connect
on either the NetRPC (8070) or XMLRPC (8069) services.
For web access you just need to visit https://openerpserver.example.com
-
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
8/20
N GI NX O PE NE RP P RO XY U BU NT U
NEXT POST
MAKE YOUR OPENERP V7.0 FASTER |
USE POSTGRESQL 9.2
SHARE THIS:
TAGS:
PREVIOUS POST
INSTALL OPENERP 7 FROM DEB
PACKAGE | UBUNTU 12.04 | UBUNTU12.10
ABOUT THE AUTHOR
ANDR SCHENKELS
6
6
6
More
RELATED
How to: NGINX Reverse Proxy
| Owncloud 6 | Ubuntu 14.04
Reverse Proxy with ODOO 8 |
NGINX | Ubuntu 14.04 LTS |
longpolling
How To: OpenERP 6.1 from
Launchpad | Gunicorn |
NGINX | Ubuntu 12.04
http://www.schenkels.nl/2013/05/how-to-openerp-6-1-from-launchpad-gunicorn-nginx-ubuntu-12-04/http://www.schenkels.nl/2014/12/reverse-proxy-with-odoo-8-nginx-ubuntu-14-04-lts/http://www.schenkels.nl/2014/06/how-to-nginx-reverse-proxy-owncloud-6-ubuntu-14-04/http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?share=email&nb=1http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?share=twitter&nb=1http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?share=linkedin&nb=1http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?share=google-plus-1&nb=1http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?share=facebook&nb=1http://www.schenkels.nl/2012/12/install-openerp-7-on-ubuntu-12-10/http://www.schenkels.nl/2013/01/make-your-openerp-v7-0-faster-use-postgresql-9-2/http://www.schenkels.nl/tag/ubuntu/http://www.schenkels.nl/tag/proxy/http://www.schenkels.nl/tag/openerp-2/http://www.schenkels.nl/tag/nginx-2/ -
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
9/20
RELATED POSTS
25 COMMENTS
ODOO V9 INSTALL SCRIPT | UBUNTU 14.04ANDR SCHENKELS,
14 SEPTEMBER 2015
ODOO V9 INSTALL SCRIPT | GITHUB | UBUNTU 15.04 | SYSTEMDANDR SCHENKELS, 14 SEPTEMBER 2015
HOW TO: INSTALL OWNCLOUD 8.0 | UBUNTU 14.04ANDR SCHENKELS, 10 APRIL 2015
http://www.schenkels.nl/2015/04/how-to-install-owncloud-8-0-ubuntu-14-04/http://www.schenkels.nl/2015/04/how-to-install-owncloud-8-0-ubuntu-14-04/http://www.schenkels.nl/author/wp_andre/http://www.schenkels.nl/2015/04/how-to-install-owncloud-8-0-ubuntu-14-04/http://www.schenkels.nl/2015/09/odoo-v9-install-script-github-ubuntu-15-04-systemd/http://www.schenkels.nl/2015/09/odoo-v9-install-script-github-ubuntu-15-04-systemd/http://www.schenkels.nl/author/wp_andre/http://www.schenkels.nl/2015/09/odoo-v9-install-script-github-ubuntu-15-04-systemd/http://www.schenkels.nl/2015/09/odoo-v9-install-script-ubuntu-14-04/http://www.schenkels.nl/2015/09/odoo-v9-install-script-ubuntu-14-04/http://www.schenkels.nl/author/wp_andre/http://www.schenkels.nl/2015/09/odoo-v9-install-script-ubuntu-14-04/ -
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
10/20
CHICKAHOONA27 July 2015 at 12:03 Reply
Please adjust your ssl config. Your config is medium unsecure. (you can scan a server
running with your config on ssllabls.com)
remove your # limit ciper section and therfore add this:
#enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1.1 TLSv1.2;
#Disables all weak ciphers
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-
AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-
AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-
SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-
DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-
SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-
SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
Further if you should generate own dh params with:
cd /etc/nginx/ssl/
openssl dhparam -out dhparams.pem 2048
chmod 600 dhparams.pem
and then add this to your config file:
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
CLIFFKUJALA11 December 2014 at 06:01 Reply
Should this work also with Odoo v8, NGINX, and Ubuntu 14.04?
SIMON11 October 2014 at 17:23 Reply
http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=566#respondhttp://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=704#respondhttp://gravatar.com/cliffkujalahttp://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=906#respond -
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
11/20
Hello Andr I have done all steps and I am getting the Welcome to nginx! webpage but
I cant get Odoo webpage. I dont know what is wrong.
If I remove
xmlrpc_interface = 127.0.0.1
netrpc_interface = 127.0.0.1
from openerp-server.conf I can get the Odoo webpage in 8069 port. So Odoo is working.
If I write sudo nginx -c /etc/nginx/nginx.conf -t. nginx.conf syntax and test are ok. I am driving
me crazy I dont understand what is wrong. Maybe your experience can help me. Thank you.
THOMAS WINTELER19 May 2014 at 18:27 Reply
Hey
We run now in a problem, that we get 504 Gateway Time-Out if we run some import
stuff, that needs time. In the back, the import will run anyway.. but in browser: 504
Any hint how to increas time-out between nginx and openerp?
Thanks for fast response
THOMAS WINTELER19 May 2014 at 19:13 Reply
I tested some stuff and added this:
# increase proxy timeouts to prevent 504 Gateway Time-Out
proxy_connect_timeout 600;proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
whole script: http://paste.ubuntu.com/7489642/
will test also with bigger imports about 7000 records.. and give feedback
IW
http://paste.ubuntu.com/7489642/http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=209#respondhttps://plus.google.com/+ThomasWintelerhttp://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=208#respondhttps://plus.google.com/+ThomasWinteler -
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
12/20
21 March 2014 at 20:31 Reply
Thanks a lot for this guide but I cant get OpenERP7 / Gunicorn / Nginx working
properly
Ive tried installing OpenERP7 globally (python setup.py install) and then running
openerp-server and this way it runs OK. But trying to get OpenERP+Gunicon+Nginx is not
working perfectly, I can access the server and create databases but when I try to install any
module at the end Im getting errors like except_osv: (Object Error, Object account.installer
doesnt exist) or sometimes timeout errors. I have tried increasing timeout params for
gunicorn but it doesnt work.
Any idea please.
ALI15 March 2014 at 01:23 Reply
How do i redirect the site for example http://www.test.site.com or test.site.com to
https://test.site.com
YVES NICOLAS31 January 2014 at 22:11 Reply
Many thanks for this tutorial.
I had initial trouble making it work initially. Looking at
http://nginx.org/en/docs/beginners_guide.html, putting the openerp file in the
/etc/nginx/conf.d/ directory instead of /etc/nginx/sites-available made it work.
This on a 12.04 ubuntu server. nginx installation creates an /etc/nginx/nginx.conf default file
which then scans all configuration files in the conf.d directory.
Best regards
M. BARSI11 January 2014 at 13:38 Reply
Many Thanks Andre,
I also run gunicorn with proxy-protocol option and now our server response is faster
than google.com.Regards.
http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=150#respondhttp://nginx.org/en/docs/beginners_guide.htmlhttp://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=155#respondhttps://test.site.com/http://www.test.site.com/http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=177#respondhttp://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=179#respond -
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
13/20
DEVVYN MURPHY9 October 2013 at 23:43 Reply
Thanks for the thorough checklist! This article was instrumental in the success of our
recent OpenERP re-deployment.
ANONYMOUS3 September 2013 at 15:41 Reply
Hi,
Thanks for this tutorial but I have little issue :
the standard https port (443/tcp) is already used for other services. We decided to reverse
proxy on port 8071 :
user browse to URL https://erp.domain.com:8071/ and nginx is setup to contact our openerp on
http://127.0.0.1:8069
I just changed the listening port to
listen 8071 default
We have 2 DB within OpenERP (on for test and one for production), so If users browse to
https//erp.domain.com:8071/?db=Production this is working like a charm
If users browse to https://erp.domain.com:8071/ the browser is told to redirect tohttp://erp.domain.com/?db=production which is not OK : both https and port 8071 have been
stripped.
I guess this is nginx which rewrite the URL, how to fix this ?
Thanks for your help
ANDR SCHENKELS4 September 2013 at 06:53 Reply
When you try to rewrite to one openerp server with 2 database you will keep the
same problem. Its just not working.
The best thing to do is create an extra openerp instance and give both of you openerp
server separate postgres user (in this way you can only see the databases linked to this
account)
Now make an extra nginx config file for a rewrite to the extra openerp instance and
youre up and running.
http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=100#respondhttp://www.schenkels.nl/author/wp_andre/http://erp.domain.com/?db=productionhttps://erp.domain.com:8071/http://127.0.0.1:8069/https://erp.domain.com:8071/http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=98#respondhttp://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=117#respondhttps://plus.google.com/110901125952596134487 -
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
14/20
MSREDDY5 September 2013 at 10:50 Reply
Hello Mr Andr Schenkels Thanks for your grate post i appreciate you. But
i am not able to connect to server using Openerp apps . it asking for port
number i will give some port number like 8069, 443,80,5432. I am not able toconnect what is the solution for this problem
please help me .
its working in browsers like charm but not able to connect to using apps
I am using Android apps
JEROEN2 September 2013 at 07:21 Reply
Works like a charm. Thanks for this.
ANONYMOUS19 July 2013 at 23:16 Reply
Hey, long time but finally got a chance to say thank you. nginx is so nice and one day I
googled: nginx openerp and I got here. Dream come true, because apache+openerp is
like sleeping after booze.
KRAM3R18 July 2013 at 17:56 Reply
Hello, good howto. Let me know if your OpenERP log show X-Forwarded-For (Client IP
Address) on logs. I suspect it have a bug and dont log client ip, just proxy ip. Thank
you!
ANONYMOUS
18 December 2014 at 15:20 Reply
http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=713#respondhttp://gravatar.com/an0chhttp://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=80#respondhttp://gravatar.com/kram3rhttp://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=83#respondhttp://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=95#respondhttp://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=101#respondhttp://nothing/ -
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
15/20
Indeed, it just logs the proxying localhost.
So, which setting would allow Nginx+Odoo to log clients IP-s?
ANTON18 December 2014 at 15:29 Reply
Indeed, it only shows the address of proxying localhost.
So, which setting would allow Nginx + Odoo to log real clients addresses?
CHRISTOPHER11 May 2013 at 10:27 Reply
Thank you for your excellent documentation.
With ufw disabled, everything works fine. However, when running ufw with the
following rules (default deny), the OpenERP server can not be reached:
### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in-A ufw-user-input -p tcp dport 22 -j ACCEPT
-A ufw-user-input -p udp dport 22 -j ACCEPT
### tuple ### allow any 443 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp dport 443 -j ACCEPT
-A ufw-user-input -p udp dport 443 -j ACCEPT
### tuple ### allow any 80 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp dport 80 -j ACCEPT
-A ufw-user-input -p udp dport 80 -j ACCEPT
What am I missing how do I need to set the rules? Many thanks.
ANDR SCHENKELS13 May 2013 at 06:52 Reply
http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=65#respondhttp://www.schenkels.nl/author/wp_andre/http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=63#respondhttp://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=714#respondhttp://gravatar.com/an0ch -
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
16/20
Im not an expert in UFW so its hard for me to provide you with the correct answer. You
need port 443 and 80 and I see this in your config. You onle need to open th tcp ports on
443 and 80 not the UDP.
The config looks well. Does it work if you go directly to the https://
Are you sure your config file is loaded. Can you connect to the server through SSH after
enabling firewall?
Q29 April 2013 at 13:14 Reply
Worked perfectly for me too !
LUCA2 April 2013 at 16:56 Reply
Ive just upgraded my openerp 7 setup with bzr pull, and now nginx ssl proxy no
longer works.
All I got is the usual firefox error page. Connecting directly to port 8069 works well. Maybe
some openerp bug? Are you maybe experiencing this as well?
ANDR SCHENKELS7 April 2013 at 19:22 Reply
No I dont have any problems. Its maybee problem with nginx configuration.
LUCA8 April 2013 at 09:05 Reply
Thanks for your feedback. So Ill try to better inspect nginx config.
ARNAUD
http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=60#respondhttp://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=59#respondhttp://www.schenkels.nl/author/wp_andre/http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=57#respondhttp://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=62#respond -
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
17/20
19 January 2013 at 00:23 Reply
Thanks for your documentation. Its run perfectly.
Arnaud
LEAVE A REPLY
Enter your comment here...
RECENT
FOLLOW ME ON TWITTER
Hubert 'depesz' Lubaczewski: Waiting for 9.6 Allow per-tablespaceeffective_io_concurrency postgr.es/p/352
Retweeted by Andr Schenkels
Planet PostgreSQL@planetpostgres
Expand
22 Sep
Tweets Follow
ODOO v9 install script | Ubuntu 14.04
ODOO v9 install script | Github | Ubuntu 15.04 | systemd
How to: Install Owncloud 8.0 | Ubuntu 14.04
Install ODOO 8 | Ubuntu 14.04 | wkhtmltopdf | formerly OpenERP
Reverse Proxy with ODOO 8 | NGINX | Ubuntu 14.04 LTS | longpolling
http://t.co/FMFmdzaQk0http://t.co/FMFmdzaQk0http://www.googleadservices.com/pagead/aclk?sa=L&ai=CgCxce2kCVre0EsenoAPE6qOgDNH6zuoIgbyuzNECwI23ARABIJe1kSNg5Yrmg7gOoAGH--faA8gBAqgDAcgDwQSqBKgBT9BNcXQ_pumCRYgu6acmAu-xhlM06MZd-5-OVlHI5HYvY-z-Xs7SWsG4AE2XspXVMdHpxru3y2uj3hDDX8ARjr1BNoL8TOtHl2mRdxQ9TLzg6SJwSbNaHocpiW7PIGOuBLeLQ9OCfVs3P039O2uYmC17IgzjKXYUpMlNI9VshguP529W3q-bzkIvaFPpFXouiOF6LZimkdmjK6BWLfyKjfhL0pBR3JdOiAYBoAYCgAfhhJglqAemvhuoB7XBG9gHAQ&num=1&cid=5GjPm8PidybkzqIMUXqiNDT0&sig=AOD64_0oNkZUNn5KiyMpDlPzpIRcAZDVXA&client=ca-pub-3459714350904471&adurl=http://www.softlayer.com/info/transparency%3Futm_source%3Dgoogle%26utm_medium%3Dbanner%26utm_content%3DSQL_-_Banner%7C728_x_90%7CJPG%7CTransparency%26utm_campaign%3DPPC-SNG-India-DISP%26utm_term%3Dsql%2520hosting%26placement%3Dwww.schenkels.nlhttp://www.schenkels.nl/2014/12/reverse-proxy-with-odoo-8-nginx-ubuntu-14-04-lts/http://www.schenkels.nl/2015/01/install-odoo-v8-0-from-github-ubuntu-14-04-lts-formerly-openerp/http://www.schenkels.nl/2015/04/how-to-install-owncloud-8-0-ubuntu-14-04/http://www.schenkels.nl/2015/09/odoo-v9-install-script-github-ubuntu-15-04-systemd/http://www.schenkels.nl/2015/09/odoo-v9-install-script-ubuntu-14-04/https://twitter.com/andreschenkelshttps://twitter.com/andreschenkelshttps://twitter.com/planetpostgres/status/646384368840126464https://twitter.com/planetpostgres/status/646384368840126464https://twitter.com/planetpostgreshttps://twitter.com/andreschenkelshttp://t.co/FMFmdzaQk0http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/?replytocom=39#respond -
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
18/20
@jaynvoraDon't tell me that #ODOO9has Customer and SupplierPayment option removed #Disappointed@anajuaristi@nhomar
Retweeted by Andr Schenkels
Husen Daudi@husendaudi
Expand
The new IT Asset Module is #ODOO9useless without integrationwith account assets. Don't know why they add this module in APP@jaynvora
Retweeted by Andr Schenkels
Jay Vora@jaynvora
Expand
#NGINX1.9.5 has been released w/ support for HTTP/2 via thengx_http_v2_module! Check it out: bit.ly/1CxB3vm
Retweeted by Andr Schenkels
nginx web server@nginxorg
Expand
Odoo V9 Warning ! General accounting improvements are incommunity. Reports and integrations are in Enterprise.
Retweeted by Andr Schenkels
SISalp@SISalp
Expand
GitLab 8.0 released! Biggest release ever: faster, reply-by-email, newUIand integratedCI. Celebrate #gitlababout.gitlab.com/2015/09/22/git
Retweeted by Andr Schenkels
GitLab@gitlab
Expand
22 Sep
22 Sep
22 Sep
22 Sep
22 Sep
Tweet to @andreschenkels
TOP POSTS & PAGES
https://twitter.com/gitlab/status/646258858336260096https://t.co/5eDqhclcVwhttps://twitter.com/intent/tweet?screen_name=andreschenkelshttps://twitter.com/intent/tweet?screen_name=andreschenkelshttps://twitter.com/andreschenkelshttp://t.co/oc8Hr93P2chttps://twitter.com/hashtag/NGINX?src=hashhttps://twitter.com/jaynvora/status/646245079338889216https://twitter.com/hashtag/ODOO9?src=hashhttps://twitter.com/jaynvorahttps://twitter.com/husendaudi/status/646244464403595264https://twitter.com/jaynvorahttps://twitter.com/jaynvorahttps://twitter.com/husendaudihttps://twitter.com/intent/tweet?screen_name=andreschenkelshttps://twitter.com/gitlab/status/646258858336260096https://twitter.com/SISalp/status/646370965224448001https://twitter.com/nginxorg/status/646361541206388736https://twitter.com/jaynvora/status/646245079338889216https://twitter.com/husendaudi/status/646244464403595264https://twitter.com/gitlab/status/646258858336260096https://twitter.com/gitlabhttps://twitter.com/andreschenkelshttps://t.co/5eDqhclcVwhttps://twitter.com/hashtag/gitlab?src=hashhttps://twitter.com/SISalp/status/646370965224448001https://twitter.com/SISalphttps://twitter.com/andreschenkelshttps://twitter.com/nginxorg/status/646361541206388736https://twitter.com/nginxorghttps://twitter.com/andreschenkelshttp://t.co/oc8Hr93P2chttps://twitter.com/hashtag/NGINX?src=hashhttps://twitter.com/jaynvora/status/646245079338889216https://twitter.com/jaynvorahttps://twitter.com/andreschenkelshttps://twitter.com/jaynvorahttps://twitter.com/hashtag/ODOO9?src=hashhttps://twitter.com/husendaudi/status/646244464403595264https://twitter.com/husendaudihttps://twitter.com/andreschenkelshttps://twitter.com/nhomarhttps://twitter.com/anajuaristihttps://twitter.com/hashtag/Disappointed?src=hashhttps://twitter.com/hashtag/ODOO9?src=hashhttps://twitter.com/jaynvora -
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
19/20
ODOO v8 install script | Github | Ubuntu 14.04 LTS
Reverse Proxy with ODOO 8 | NGINX | Ubuntu 14.04 LTS | longpolling
ODOO v9 install script | Ubuntu 14.04
How To: Install and configure Pentaho BI Suite 5.1 CE | Ubuntu 14.04 | PostgreSQL 9.3
Install ODOO 8 | Ubuntu 14.04 | wkhtmltopdf | formerly OpenERP
ODOO v9 install script | Github | Ubuntu 15.04 | systemdHow To: Setup OpenLDAP with memberOf overlay | Ubuntu 12.04
Reverse SSL Proxy using NGINX with OpenERP v7 | Ubuntu 12.04 LTS
ODOO v7 install script | Github | Ubuntu 14.04 LTS
How to: NGINX Reverse Proxy | Owncloud 6 | Ubuntu 14.04
RECENT COMMENTS
Reverse Proxy ApacheFix Cache Bugs In Dev & Save Money.It's 100% Free, Forever. Sign Up.
krolltextilAlberton Reverse Proxy with ODOO 8 | NGINX | Ubuntu 14.04 LTS | longpolling
Andr Schenkelson ODOO v9 install script | Github | Ubuntu 15.04 | systemd
Pere Castanyer Sardon ODOO v9 install script | Github | Ubuntu 15.04 | systemdHow-to: Install Pentaho biserver community edition (Ubuntu with PostgreSQL database) | BI
Mauricio Leiteon How To: Install and configure Pentaho BI Suite 5.1 CE | Ubuntu 14.04 |
PostgreSQL 9.3
Marko on Contact
LINKS
Computerworld
ICTSTUDIO (my company)
Nefawa's Blog
NU.nl
Webwereld.nl
http://www.webwereld.nl/http://www.nu.nl/http://nefawa.blogspot.nl/http://www.ictstudio.eu/http://www.computerworld.com/http://www.schenkels.nl/contact-2/#comment-920http://www.schenkels.nl/2014/08/how-to-install-and-configure-pentaho-bi-suite-5-1-ce-ubuntu-14-04-postgresql-9-3/#comment-922https://bimauricioleite.wordpress.com/2015/09/07/how-to-install-pentaho-biserver-community-edition-ubuntu-with-postgresql-database/http://www.schenkels.nl/2015/09/odoo-v9-install-script-github-ubuntu-15-04-systemd/#comment-929http://www.netnerd.cat/http://www.schenkels.nl/2015/09/odoo-v9-install-script-github-ubuntu-15-04-systemd/#comment-931http://www.schenkels.nl/author/wp_andre/http://www.schenkels.nl/2014/12/reverse-proxy-with-odoo-8-nginx-ubuntu-14-04-lts/#comment-932http://gravatar.com/krolltextilhttp://www.googleadservices.com/pagead/aclk?sa=L&ai=CxjR0e2kCVvWLFI6QogOMwouwBOXGsJgH5enSgJwCwI23ARABIJe1kSNg5Yrmg7gOoAHD1PrbA8gBAakCZ-dEpCWUpz6oAwHIA8MEqgSrAU_Q4DXQ0Qa6-iO-zzZrhbJmFJ28W4TZeXB3ZLs6kYUtgyE1ArLvj2U7_IrNauL8ppHKTu4ENwvlOBrWIAEhWq5HSdysxpZJRl0ocUPO6ajlG2OHXr6umkkWK8w266ndlOGdrNhCORADOU35izUgGXnaT4rOq2CqUmshEhFRG2FdsFxJgo5RvcXOw164IsnlYuxxMGye2WAruRbXN8-cx-FMKfNOkKbpvomzT4gGAYAHpauFJKgHpr4bqAe1wRvYBwE&num=1&cid=5GgP2VfG_MhKgjExMvkHLnWP&sig=AOD64_0s9thA5Q6togMbzJL8bJ4Vg89V7A&client=ca-pub-3459714350904471&adurl=http://try.section.io/high-traffic-caching/%3Futm_source%3Dgoogle%26utm_medium%3Ddisplay%26utm_content%3DHigh%2520traffic%26utm_campaign%3DDSK%2520Tier2%2520UBhttp://www.googleadservices.com/pagead/aclk?sa=L&ai=CxjR0e2kCVvWLFI6QogOMwouwBOXGsJgH5enSgJwCwI23ARABIJe1kSNg5Yrmg7gOoAHD1PrbA8gBAakCZ-dEpCWUpz6oAwHIA8MEqgSrAU_Q4DXQ0Qa6-iO-zzZrhbJmFJ28W4TZeXB3ZLs6kYUtgyE1ArLvj2U7_IrNauL8ppHKTu4ENwvlOBrWIAEhWq5HSdysxpZJRl0ocUPO6ajlG2OHXr6umkkWK8w266ndlOGdrNhCORADOU35izUgGXnaT4rOq2CqUmshEhFRG2FdsFxJgo5RvcXOw164IsnlYuxxMGye2WAruRbXN8-cx-FMKfNOkKbpvomzT4gGAYAHpauFJKgHpr4bqAe1wRvYBwE&num=1&cid=5GgP2VfG_MhKgjExMvkHLnWP&sig=AOD64_0s9thA5Q6togMbzJL8bJ4Vg89V7A&client=ca-pub-3459714350904471&adurl=http://try.section.io/high-traffic-caching/%3Futm_source%3Dgoogle%26utm_medium%3Ddisplay%26utm_content%3DHigh%2520traffic%26utm_campaign%3DDSK%2520Tier2%2520UBhttp://www.schenkels.nl/2014/06/how-to-nginx-reverse-proxy-owncloud-6-ubuntu-14-04/http://www.schenkels.nl/2014/06/odoo-install-script-github-ubuntu-14-04-lts/http://www.schenkels.nl/2013/01/reverse-ssl-proxy-using-nginx-with-openerp-v7/http://www.schenkels.nl/2013/03/how-to-setup-openldap-with-memberof-overlay-ubuntu-12-04/http://www.schenkels.nl/2015/09/odoo-v9-install-script-github-ubuntu-15-04-systemd/http://www.schenkels.nl/2015/01/install-odoo-v8-0-from-github-ubuntu-14-04-lts-formerly-openerp/http://www.schenkels.nl/2014/08/how-to-install-and-configure-pentaho-bi-suite-5-1-ce-ubuntu-14-04-postgresql-9-3/http://www.schenkels.nl/2015/09/odoo-v9-install-script-ubuntu-14-04/http://www.schenkels.nl/2014/12/reverse-proxy-with-odoo-8-nginx-ubuntu-14-04-lts/http://www.schenkels.nl/2014/07/odoo-v8-install-script-github-ubuntu-14-04-lts/ -
7/23/2019 Reverse SSL Proxy using NGINX with OpenERP v7 _ Ubuntu 12.pdf
20/20
9 .0 1 2. 04 1 4. 04 B I C AT CH AL L C LO UD D EB IA N D EV EL OP ME NT E MU LA TO R E XC HA NG E E XM ER GE F ON T
I MP OR T I NS TA LL I TA LI AA NS K NO LS EL DE RI J L IC EN TI E L IN UX M IN T M OZ IL LA M SX N GI NX O DO O
O FF IC E3 65 O PE NE RP O PE NS OU RC E O UT LO OK O WN CL OU D P EN TA HO P OS TG RE SQ L P RO XY P UR EE
R EC EP T R EP OR TL AB R ML S CR IP T S HO RT CU TS S OE P S QL S UB VE RS IO N S VN U BU NT U W HI SK Y
WI NDOWS X M L
TAGS
CALENDAR
JANUARY 2013
M T W T F S S
DEC FEB
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31
Copyright Andr Schenkels, All Rights Reserved.
Back to top
http://www.schenkels.nl/2013/01/15/http://www.schenkels.nl/2013/01/07/http://www.schenkels.nl/2013/02/http://www.schenkels.nl/2012/12/http://www.schenkels.nl/tag/xml/http://www.schenkels.nl/tag/windows/http://www.schenkels.nl/tag/whisky-2/http://www.schenkels.nl/tag/ubuntu/http://www.schenkels.nl/tag/svn/http://www.schenkels.nl/tag/subversion/http://www.schenkels.nl/tag/sql/http://www.schenkels.nl/tag/soep/http://www.schenkels.nl/tag/shortcuts/http://www.schenkels.nl/tag/script/http://www.schenkels.nl/tag/rml/http://www.schenkels.nl/tag/reportlab/http://www.schenkels.nl/tag/recept/http://www.schenkels.nl/tag/puree/http://www.schenkels.nl/tag/proxy/http://www.schenkels.nl/tag/postgresql/http://www.schenkels.nl/tag/pentaho-2/http://www.schenkels.nl/tag/owncloud-2/http://www.schenkels.nl/tag/outlook/http://www.schenkels.nl/tag/opensource/http://www.schenkels.nl/tag/openerp-2/http://www.schenkels.nl/tag/office365-2/http://www.schenkels.nl/tag/odoo/http://www.schenkels.nl/tag/nginx-2/http://www.schenkels.nl/tag/msx/http://www.schenkels.nl/tag/mozilla/http://www.schenkels.nl/tag/mint/http://www.schenkels.nl/tag/linux/http://www.schenkels.nl/tag/licentie/http://www.schenkels.nl/tag/knolselderij/http://www.schenkels.nl/tag/italiaans/http://www.schenkels.nl/tag/install/http://www.schenkels.nl/tag/import/http://www.schenkels.nl/tag/font/http://www.schenkels.nl/tag/exmerge/http://www.schenkels.nl/tag/exchange/http://www.schenkels.nl/tag/emulator/http://www.schenkels.nl/tag/development/http://www.schenkels.nl/tag/debian/http://www.schenkels.nl/tag/cloud-2/http://www.schenkels.nl/tag/catchall/http://www.schenkels.nl/tag/bi/http://www.schenkels.nl/tag/14-04/http://www.schenkels.nl/tag/12-04/http://www.schenkels.nl/tag/9-0/