Professional Documents
Culture Documents
NGINX
OPENERP
OPENSOURCE
SHARE ON:
cd
mkdir temp
cd temp
Generate a new key, you will be asked to enter a passphrase and confirm:
Remove the passphrase by doing this, we do this because we dont wont to have to type this passphrase
after every restart.
Next we need to create a signing request which will hold the data that will be visible in your final
certificate:
This will generate a series of prompts like this: Enter the information as requested. And finally we selfsign our certificate.
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
We only need two of the files in the working directory, the key and the certificate. But before we can use
them they need to have their ownership and access rights altered:
We now have the key and certificate on the final location. We can now tell nginx where the files are and
how they will behave.
upstream webserver {
server 127.0.0.1:8069 weight=1 fail_timeout=300s;
}
server {
listen 80;
server_name _;
server {
# server port and name
listen 443 default;
server_name openerpserver.example.com;
# limit ciphers
ssl_ciphers HIGH:!ADH:!MD5;
ssl_protocols SSLv3 TLSv1;
ssl_prefer_server_ciphers on;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
location / {
proxy_pass http://webserver;
# force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
# Let the OpenERP web service know that we're using HTTPS, otherwise
# it will generate URL using http:// and not https://
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://webserver;
}
We then will enable the new site configuration by creating a symbolic link in the
/etc/nginx/sites-enabled directory.
sudo vi /etc/openerp-server.conf
[AdSense-B]
xmlrpc_interface = 127.0.0.1
netrpc_interface = 127.0.0.1
You should not be able to connect to the web client on port 8069 and the GTK client should not connect
on either the NetRPC (8070) or XMLRPC (8069) services.
For web access you just need to visit https://openerpserver.example.com
SHARE THIS:
More
RELATED
TAGS:
NGINX
OPENERP
PROXY
UBUNTU
PREVIOUS POST
NEXT POST
ANDR SCHENKELS
RELATED POSTS
RELATED POSTS
ODOO V9 INSTALL SCRIPT | UBUNTU 14.04
ANDR SCHENKELS, 14 SEPTEMBER 2015
25 COMMENTS
CHICKAHOONA
27 July 2015 at 12:03 Reply
Please adjust your ssl config. Your config is medium unsecure. (you can scan a server
running with your config on ssllabls.com)
remove your # limit ciper section and therfore add this:
#enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1.1 TLSv1.2;
#Disables all weak ciphers
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSAAES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSAAES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSADES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
Further if you should generate own dh params with:
cd /etc/nginx/ssl/
openssl dhparam -out dhparams.pem 2048
chmod 600 dhparams.pem
and then add this to your config file:
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
CLIFFKUJALA
11 December 2014 at 06:01 Reply
Should this work also with Odoo v8, NGINX, and Ubuntu 14.04?
SIMON
11 October 2014 at 17:23 Reply
Hello Andr I have done all steps and I am getting the Welcome to nginx! webpage but
I cant get Odoo webpage. I dont know what is wrong.
If I remove
xmlrpc_interface = 127.0.0.1
netrpc_interface = 127.0.0.1
from openerp-server.conf I can get the Odoo webpage in 8069 port. So Odoo is working.
If I write sudo nginx -c /etc/nginx/nginx.conf -t. nginx.conf syntax and test are ok. I am driving
me crazy I dont understand what is wrong. Maybe your experience can help me. Thank you.
THOMAS WINTELER
19 May 2014 at 18:27 Reply
Hey
We run now in a problem, that we get 504 Gateway Time-Out if we run some import
stuff, that needs time. In the back, the import will run anyway.. but in browser: 504
Any hint how to increas time-out between nginx and openerp?
Thanks for fast response
THOMAS WINTELER
19 May 2014 at 19:13 Reply
IW
Thanks a lot for this guide but I cant get OpenERP7 / Gunicorn / Nginx working
properly
Ive tried installing OpenERP7 globally (python setup.py install) and then running
openerp-server and this way it runs OK. But trying to get OpenERP+Gunicon+Nginx is not
working perfectly, I can access the server and create databases but when I try to install any
module at the end Im getting errors like except_osv: (Object Error, Object account.installer
doesnt exist) or sometimes timeout errors. I have tried increasing timeout params for
gunicorn but it doesnt work.
Any idea please.
ALI
15 March 2014 at 01:23 Reply
YVES NICOLAS
31 January 2014 at 22:11 Reply
M. BARSI
11 January 2014 at 13:38 Reply
DEVVYN MURPHY
9 October 2013 at 23:43 Reply
Thanks for the thorough checklist! This article was instrumental in the success of our
recent OpenERP re-deployment.
ANONYMOUS
3 September 2013 at 15:41 Reply
Hi,
Thanks for this tutorial but I have little issue :
the standard https port (443/tcp) is already used for other services. We decided to reverse
proxy on port 8071 :
user browse to URL https://erp.domain.com:8071/ and nginx is setup to contact our openerp on
http://127.0.0.1:8069
I just changed the listening port to
listen 8071 default
We have 2 DB within OpenERP (on for test and one for production), so If users browse to
https//erp.domain.com:8071/?db=Production this is working like a charm
If users browse to https://erp.domain.com:8071/ the browser is told to redirect to
http://erp.domain.com/?db=production which is not OK : both https and port 8071 have been
stripped.
I guess this is nginx which rewrite the URL, how to fix this ?
Thanks for your help
ANDR SCHENKELS
4 September 2013 at 06:53 Reply
When you try to rewrite to one openerp server with 2 database you will keep the
same problem. Its just not working.
The best thing to do is create an extra openerp instance and give both of you openerp
server separate postgres user (in this way you can only see the databases linked to this
account)
Now make an extra nginx config file for a rewrite to the extra openerp instance and
youre up and running.
MSREDDY
5 September 2013 at 10:50 Reply
Hello Mr Andr Schenkels Thanks for your grate post i appreciate you. But
i am not able to connect to server using Openerp apps . it asking for port
number i will give some port number like 8069, 443,80,5432. I am not able to
connect what is the solution for this problem
please help me .
its working in browsers like charm but not able to connect to using apps
I am using Android apps
JEROEN
2 September 2013 at 07:21 Reply
ANONYMOUS
19 July 2013 at 23:16 Reply
Hey, long time but finally got a chance to say thank you. nginx is so nice and one day I
googled: nginx openerp and I got here. Dream come true, because apache+openerp is
like sleeping after booze.
KRAM3R
18 July 2013 at 17:56 Reply
Hello, good howto. Let me know if your OpenERP log show X-Forwarded-For (Client IP
Address) on logs. I suspect it have a bug and dont log client ip, just proxy ip. Thank
you!
ANONYMOUS
18 December 2014 at 15:20 Reply
ANTON
18 December 2014 at 15:29 Reply
CHRISTOPHER
11 May 2013 at 10:27 Reply
ANDR SCHENKELS
13 May 2013 at 06:52 Reply
Im not an expert in UFW so its hard for me to provide you with the correct answer. You
need port 443 and 80 and I see this in your config. You onle need to open th tcp ports on
443 and 80 not the UDP.
The config looks well. Does it work if you go directly to the https://
Are you sure your config file is loaded. Can you connect to the server through SSH after
enabling firewall?
Q
29 April 2013 at 13:14 Reply
LUCA
2 April 2013 at 16:56 Reply
Ive just upgraded my openerp 7 setup with bzr pull, and now nginx ssl proxy no
longer works.
All I got is the usual firefox error page. Connecting directly to port 8069 works well. Maybe
some openerp bug? Are you maybe experiencing this as well?
ANDR SCHENKELS
7 April 2013 at 19:22 Reply
No I dont have any problems. Its maybee problem with nginx configuration.
LUCA
8 April 2013 at 09:05 Reply
Thanks for your feedback. So Ill try to better inspect nginx config.
ARNAUD
LEAVE A REPLY
Enteryourcommenthere...
RECENT
ODOO v9 install script | Ubuntu 14.04
ODOO v9 install script | Github | Ubuntu 15.04 | systemd
How to: Install Owncloud 8.0 | Ubuntu 14.04
Install ODOO 8 | Ubuntu 14.04 | wkhtmltopdf | formerly OpenERP
Reverse Proxy with ODOO 8 | NGINX | Ubuntu 14.04 LTS | longpolling
FOLLOW ME ON TWITTER
Tweets
Follow
SISalp @SISalp
Odoo V9 Warning ! General accounting improvements are in
community. Reports and integrations are in Enterprise.
22 Sep
GitLab @gitlab
22 Sep
GitLab 8.0 released! Biggest release ever: faster, reply-by-email, new
UI and integrated CI. Celebrate #gitlab
about.gitlab.com/2015/09/22/git
Retweeted by Andr Schenkels
Expand
Tweet to @andreschenkels
RECENT COMMENTS
krolltextilAlbert on Reverse Proxy with ODOO 8 | NGINX | Ubuntu 14.04 LTS | longpolling
Andr Schenkels on ODOO v9 install script | Github | Ubuntu 15.04 | systemd
Pere Castanyer Sard on ODOO v9 install script | Github | Ubuntu 15.04 | systemd
How-to: Install Pentaho biserver community edition (Ubuntu with PostgreSQL database) | BI
Mauricio Leite on How To: Install and configure Pentaho BI Suite 5.1 CE | Ubuntu 14.04 |
PostgreSQL 9.3
Marko on Contact
LINKS
Computerworld
ICTSTUDIO (my company)
Nefawa's Blog
NU.nl
Webwereld.nl
TAGS
9.0 12.04 14.04 BI CATCHALL CLOUD DEBIAN DEVELOPMENT EMULATOR EXCHANGE EXMERGE FONT
IMPORT INSTALL ITALIAANS KNOLSELDERIJ LICENTIE LINUX MINT MOZILLA MSX NGINX ODOO
OFFICE365 OPENERP OPENSOURCE OUTLOOK OWNCLOUD PENTAHO POSTGRESQL PROXY PUREE
RECEPT REPORTLAB RML SCRIPT SHORTCUTS SOEP SQL SUBVERSION SVN UBUNTU WHISKY
WINDOWS XML
CALENDAR
JANUARY 2013
DEC
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
FEB