I installed successfully Odoo 16 on Ubuntu 22. (Yenthe script) When I run Odoo directly with the IP address on port 8069 everything functions. But when I run it with a domain name with a server block several things happen: The initial website generation gets stuck in an endless loop. After letting it run for a long time when I refresh the screen the website is created but I cannot edit it. I can click on the frontend editor button in the top left area but the edit mode does not appear. The editible area changes into dark grey with a large circle circling endlessly.
When I alternate the same app wit the Ip number it works without a problem.
I am using cloudflare.
First I suspected the server block but I have been using suggested variations but no changes. The error log does not show obvious errors.
Does anyone out there have a similar experience? Are there solutions?
server {
listen 80;
# set proper server name after domain set
server_name spiritpointacupressure.com;
# Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_HOST $remote_addr;
# odoo log files
access_log /var/log/nginx/odoo-access.log;
error_log /var/log/nginx/odoo-error.log;
# increase proxy buffer size
proxy_buffers 16 64k;
proxy_buffer_size 128k;
proxy_read_timeout 900s;
proxy_connect_timeout 900s;
proxy_send_timeout 900s;
# force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500 http_502
http_503;
types {
text/less less;
text/scss scss;
}
# enable data compression
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript application/pdf image/jpeg image/png;
gzip_vary on;
client_header_buffer_size 4k;
large_client_header_buffers 4 64k;
client_max_body_size 0;
location / {
proxy_pass http://127.0.0.1:8069;
# by default, do not forward anything
proxy_redirect off;
}
location /longpolling {
proxy_pass http://127.0.0.1:8072;
}
location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
expires 2d;
proxy_pass http://127.0.0.1:8069;
add_header Cache-Control "public, no-transform";
}
# cache some static data in memory for 60mins.
location ~ /[a-zA-Z0-9_-]*/static/ {
proxy_cache_valid 200 302 60m;
proxy_cache_valid 404 1m;
proxy_buffering on;
expires 864000;
proxy_pass http://127.0.0.1:8069;
}
}
Just add this line on your nginx config file, on server block. It hangs because a request is send over http instead of https.
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
I tried with Odoo 16 CE, on ubuntu 22.04, and it works fine
Could you share your nginx configuration?
Have you enabled proxy_mode=True in your odoo .conf?
Related
I configured my server with nginx as a reverse proxy for a Nuxt/Express SSR application. For the moment I have a login page, and a home page.
I can connect and disconnect without any problem.
However, when I'm connected and I refresh the page, the loading time is very long.
I don't know if this is due to Nginx configuration or the authentication API or redirection.
I've noticed that it also happens when I type my url myself in the address bar.
Thanks in advance for your help
Update :
Here is my nginx config
worker_processes 1;
error_log logs/error.log info;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
map_hash_max_size 64;
map_hash_bucket_size 64;
map $sent_http_content_type $expires {
"text/html" epoch;
"text/html; charset=utf-8" epoch;
default off;
}
server {
listen 9998 ssl;
server_name control.serenicity.fr;
ssl_certificate "C:/nginx-1.19.0/ssl/mydomain.fr.crt";
ssl_certificate_key "C:/nginx-1.19.0/ssl/mydomain.fr.key";
location / {
expires $expires;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://10.0.5.11:3000;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
Here are the request when I refresh :
https://drive.google.com/file/d/1PeHzCaHvLNL8_YN9ZOEFNv_gxQe2jpu9/view?usp=sharing
https://drive.google.com/file/d/1b9m3cDL_LOv1d3Kaaucnq4Qi308P8TLT/view?usp=sharing
https://drive.google.com/file/d/1xe_EBnb_XXWo7IlaI47EtlaLE6eFgd2k/view?usp=sharing
Update 2 :
After several hours of debugging, it seems that there is no link with nginx.
The problem comes from nuxt in SSR. When I disable SSR there is no more problem.
I have the plan to manage multiple websites on the same server and I'm currently handling the http request from nginx then handling it to apache.
This is what the configuration I currently have for my first website:
# Force HTTP requests to HTTPS
server {
listen 80;
server_name myfirstwebsite.net;
return 301 https://myfirstwebsite.ne$request_uri;
}
server {
listen 443 ssl;
root /var/opt/httpd/ifdocs;
server_name myfirstwebsite.ne ;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000" always;
ssl on;
ssl_certificate /etc/pki/tls/certs/cert.pem;
ssl_certificate_key /etc/pki/tls/certs/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/iflogs/http/access.log;
error_log /var/log/nginx/iflogs/http/error.log;
###include rewrites/default.conf;
index index.php index.html index.htm;
# Make nginx serve static files instead of Apache
# NOTE this will cause issues with bandwidth accounting as files wont be logged
location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ {
expires max;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:4433;
}
# proxy the PHP scripts to Apache listening on <serverIP>:8080
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:4433;
}
location ~ /\. {
deny all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Now, My question is, for the second, third website and so on, I'm thinking in modifying the line:
proxy_pass https://127.0.0.1:4433;
for
proxy_pass https://secondwebsite.net:4433;
but what I don't want to do is that the goes out of the internet and looks up for that dns and then comes back to the same server, but serve in the same server (which is why I had localhost:4433 in the first website), so I don't get latency issues.
Is there any solution for this?
Also, I want to know if there will be issues if I serve multiple servers using the same port (in this case 4433) or do I have to use a different port for each website.
Thank you in advance.
Multiple server confs
One way to do this would be to have multiple server blocks, ideally over different conf files. Something like this would do for your second server in a new file (e.g. /etc/nginx/sites-available/mysecondwebsite):
# Force HTTP requests to HTTPS
server {
listen 80;
server_name mysecondwebsite.net;
access_log off; # No need for logging on this
error_log off;
return 301 https://mysecondwebsite.net$request_uri;
}
server {
listen 443 ssl;
root /var/opt/httpd/ifdocs;
server_name mysecondwebsite.net ;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000" always;
ssl on;
ssl_certificate /etc/pki/tls/certs/cert.pem;
ssl_certificate_key /etc/pki/tls/certs/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/iflogs/http/access.log;
error_log /var/log/nginx/iflogs/http/error.log;
###include rewrites/default.conf;
index index.php index.html index.htm;
# Make nginx serve static files instead of Apache
# NOTE this will cause issues with bandwidth accounting as files wont be logged
location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ {
expires max;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:4434;
}
# proxy the PHP scripts to Apache listening on <serverIP>:8080
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:4434;
}
location ~ /\. {
deny all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
You would then create a symlink using ln -s /etc/nginx/sites-available/mysecondwebsite /etc/nginx/sites-available/ and restart nginx. To answer your question about ports, you can only have one TCP application listening on any single port. This post provides a few more details about that.
You could also define an upstream in your server block like so:
upstream mysecondwebsite {
server 127.0.0.1:4434; # Or whatever port you use
}
And then reference this upstream using proxy pass like so:
proxy_pass http://mysecondwebsite;
This way if you change the port, you will only have to change it in one place in your server conf. Also, this is how you would scale your application with multiple Apache servers and implement load balancing.
I have multiple accounts/domains on my server. I'm using cPanel with Apache 2.4 and wanted to use Nginx as a front reverse proxy. I changed Apache port, installed Nginx and it works fine but for one domain/account only. I want to use it for all my domains on the server, and any future accounts. I tried to enter $domain variable instead of a specific domain but realized later that nginx doesn't support variables. Same thing with the user directory. Here is my config file:
user nobody;
worker_processes 4;
error_log logs/error.log crit;
worker_rlimit_nofile 8192;
events {
worker_connections 1024; # you might need to increase this setting for busy servers
use epoll; # Linux kernels 2.6.x change to epoll
}
http {
server_names_hash_max_size 2048;
server_names_hash_bucket_size 512;
server_tokens off;
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 10;
# Gzip on
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/xml text/css;
# Other configurations
ignore_invalid_headers on;
client_max_body_size 8m;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
# Cache most accessed static files
open_file_cache max=10000 inactive=10m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
# virtual hosts includes
include "/etc/nginx/conf.d/*.conf";
server {
# this is your access logs location
access_log /usr/local/apache/domlogs/accountusername/example.com;
error_log logs/vhost-error_log warn;
listen 80;
# change to your domain
server_name example.com www.example.com;
location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ {
# this is your public_html directory
root /home/accountusername/public_html;
}
location / {
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_connect_timeout 30s;
# change to your domain name
proxy_redirect http://www.example.com:8080 http://www.example.com;
proxy_redirect http://example.com:8080 http://example.com;
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
What I'm trying to do is to place a code that works for all domains on the server and any future domains will be added. I see some forums and blogs explain to setup virtual hosts (Server blocks) but I'm not sure what they're used for. I'd appreciate it if anyone provide any info about this. Should I setup virtual hosts? What is needed to be changed in my configuration file? Thank you.
You config is almost correct
server {
listen frontip:80 default_server;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect http://$host:8000/ http://$host/;
}
}
But best way to you do not use 8080 port. All you need is tell to nginx to bind only external ip. Add ip and bind keyword to all your listen in each server.
server {
listen frontip:80 default_server bind;
location / {
proxy_pass http://127.0.0.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
If you missed nothing, nginx will not bind 127.0.0.1:80, so apache can bind it.
In this case you do not need any proxy_redirect directives because you don't need any redirect rewrites.
For root folder you can use variables but much better use map;
http {
...
map $host $root {
hostnames;
default /var/www;
.domain1.com /home/user1/domain1.com;
custom.domain1.com /home/user1/custom;
domain2.com /home/user2/domain2.com;
www.domain2.com /home/user2/domain2.com;
}
server {
listen frontip:80 default_server;
root $root;
location / {
proxy_pass http://127.0.0.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ {
}
}
}
More about map http://nginx.org/en/docs/http/ngx_http_map_module.html
Your idea is a kind of fantastic. To operate in good and predictable\debuggable way, you should create "server" block for every server you serve, and you should write it domain name into "proxy_redirect" directive accordingly.
To handle a lot of domains - get a list of them and write shell\perl\python script to generate your actual config. This script will be rather simple one.
And read the docs - to understand clearly what "server blocks" are for. Shortly, they are the core of nginx's performance magic.
I'm trying to expose a neo4j database to the internet.
For security reasons, I'd like to hide it behind a SSL/basic_auth combination via nginx. Here is the corresponding nginx config:
location /neo4j/ {
proxy_pass https://localhost:7473/;
proxy_read_timeout 600;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header Host $http_host;
proxy_buffering off;
proxy_redirect off;
auth_basic "restricted";
auth_basic_user_file /etc/nginx/auth/htpasswd;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
proxy_ssl_session_reuse off;
rewrite /neo4j/(.*) /$1 break;
}
While I'm able to access https://example.com/neo4j/browser, the webinterface tells me, that it can't connect to the neo4j and my webbrowser's console gets filled up with OPTIONS https://example.com/db/data 405(Not allowed)
I also tried the neo4j built in https server in conjunction with the authentication extension (https://github.com/neo4j-contrib/authentication-extension).
With this option, I also can access the webinterface.
But the interface also displays, that it's not able to connect to the neo4j and the webbrowser's console gets filled up with OPTIONS http://example.com:7473/db/data/ net::ERR_EMPTY_RESPONSE and the hint The page at 'https://example.com:7473/browser/' was loaded over HTTPS, but displayed insecure content from 'http://example.com:7473/db/data/': this content should also be loaded over HTTPS.
Does anyone know, how to get it working? Many thanks in advance!
I came across the same problem and it's kind of weird the lack of info about Nginx as a webserver combined with neo4j. It's odd the only reference to a reverse proxy in the official doc is Apache - not impressed.
Just FYI I'm using a dockerised neo4j (https://github.com/neo4j/docker-neo4j/tree/master/2.3.2) as it comes by default (in case you want to know other settings). It should not matter if you run neo4j natively outside docker. The following Nginx conf will be the same.
location /neo4j/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://YOUR-IP:7474/browser/;
}
location /db/data/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://YOUR-IP:7474/db/data/;
}
Replace YOUR-IP by yours and change 7474 for 7473 if you are using HTTPS instead of HTTP.
This worked for me.
The OPTIONS request is needed to verify the connection to the Neo4j server. I think of it as a heartbeat to verify the connection. It seems that Nginx does not support OPTIONS requests, but the request can be intercepted with something like this:
location / {
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "https://example.com";
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Access-Control-Allow-Headers "Authorization";
add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
}
Source: http://blog.rogeriopvl.com/archives/nginx-and-the-http-options-method/
Stackoverflowers. I have a problem with my Rails nginx configuration. I'm running a Rails 3.0.12 app, and I'm quite new to nginx.
I can't seem to get nginx to serve static assets. For every request in /public folder I get 404. I'm posting the nginx configuration I got so far. Maybe I missed something
nginx.conf:
user rails;
worker_processes 1;
daemon off;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 2048;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_proxied any;
gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
server_names_hash_bucket_size 64;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
sites-enabled/project.conf:
upstream project {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Unicorn master nukes a
# single worker for timing out).
# for UNIX domain socket setups:
server unix:/tmp/project.socket fail_timeout=0;
}
server {
listen 80;
root /srv/www/project/current/public;
passenger_enabled on;
server_name dev.project.eu;
server_name *.dev.project.eu;
location / {
#all requests are sent to the UNIX socket
proxy_pass http://project;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
root /srv/wwww/project/current/public;
}
}
I've tried removing the location / block from project.conf, but it didn't do anything, the assets are still not visible.
I am also aware of serve_static_assets switch in Rails, but I'd rather have nginx serve those assets, as it should do so.
You need to add something like that (documentation on locations):
location / {
try_files $uri #ruby;
}
location #ruby {
proxy_pass http://project;
}
I know this thread is over a year old but i had the same problem running in production
The thing that made it work for me was running
rake assets:precompile
in development, and uncommenting
load 'deploy/assets'
even though I am using rails 4.