Openerp always goes to http instead of https with nginx - ssl

I have openerp running on port 8069.
this is the nginx conf:
server {
listen 80;
listen [::]:80;
listen 443 default ssl;
server_name www.erp.mysite.hr;
ssl on;
ssl_certificate /etc/ssl/eco/erp_mysite_hr/erp_mysite_hr.crt;
ssl_certificate_key /etc/ssl/eco/erp_mysite_hr/erp_mysite_hr.key;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri? permanent;
}
}
aand location goes here and port proxy which works...
and when access openerp, always is http unless specified in the url with https, that way it works, but it is not redirected to https automatically.
this is the link that i get
http://erp.mysite.hr/web/login?redirect=http%3A%2F%2Ferp.mysite.hr%2Fweb
Any idea what could be the problem?
Thanks


This should work correctly, any http request will be redirected to https, which will be taken later by the top block.
server {
listen 443 default ssl;
server_name www.erp.mysite.hr;
ssl on;
ssl_certificate /etc/ssl/eco/erp_mysite_hr/erp_mysite_hr.crt;
ssl_certificate_key /etc/ssl/eco/erp_mysite_hr/erp_mysite_hr.key;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
#do whatever you need here
}
}
server {
listen 80;
server_name www.erp.mysite.hr;
location / {
return 301 https://$host$request_uri$is_args$args;
}
}


First. Change your nginx code, second go to system parameters and change a parameter
web.base.url = "https://erp.mysite.hr"
to your url.
You can also add a parameter url freeze to prevent reloading of this attribute
web.base.url.freeze = True

Related

NGINX - One to many server same port

I have this setup of NGINX as a reverse proxy.
server {
listen 443 ssl;
server_name site1.example.com;
ssl_certificate /home/efwm/efwmsw/certificate/example.com.cer;
ssl_certificate_key /certificate/example.com.key;
location / {
proxy_pass http://127.0.0.1:8010;
}
}
server {
listen 443 ssl;
server_name site2.example.com;
ssl_certificate /certificate/example.com.cer;
ssl_certificate_key /certificate/example.com.key;
location / {
proxy_pass http://127.0.0.1:8020;
}
}
server {
listen 443 ssl;
server_name site3.example.com;
ssl_certificate /certificate/example.com.cer;
ssl_certificate_key /certificate/example.com.key;
location / {
proxy_pass http://192.168.1.50:8000;
}
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
For first two servers everything works fine but requests to third server get:ERR_CONNECTION_REFUSED.
I add that the first two services are contained in docker on the same server where NGINX runs, while the third is an autonomous server. Nothing is written in the error log. Of course I tried calling the exposed service on the third server and it works. Any suggestion is welcome. Thank you

Nginx reverse proxy for requesting HTTP backend on HTTPS frontend

I've been seeing a ton of info about reverse proxies and nginx but I'm a little lost on how to implement. I am running two separate EC2 instances (front and back end, with back end running pm2). I have SSL established on the front using LetsEncrypt, and it won't allow me to hit my backend because of Mixed Content. What should I do?
nginx.conf
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name domain;
location / {}
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name localhost;
root /insert/root/here;
ssl_certificate "/path/to/cert";
ssl_certificate_key "/path/to/key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
ssl_prefer_server_ciphers on;
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}

It looks like browser complains at your html content because it has hard-coded "http://" references to external resources, like javascript, fonts etc.
It does not mean that it can't reach backend due to this "mixed-content" issue.
I see no proxy_pass (or fastcgi_pass) directives in your config (which should pass requests to your upstream backend server) so probably that is an real reason why you can't reach your backend.
Your configuration should look like this:
server {
listen 443 ssl;
root /here/are/your/static/files/; # here you can place static html, css, js etc files from your backend to offload backend from serving static files - nginx will take care of them.
...
location / {
#this means that nginx will forward requests to backend server in case request does not match local static file.
try_files $uri $uri/ #backend;
}
location #backend {
#....
proxy_pass http://backend-server-ip-address:backend-port
}
}

NGINX: redirect non-www https to https://www

I followed this answer https://stackoverflow.com/a/28068250/3108268 but it redirects only from http to https and non www to www, but if I go to my website at https://example.com I get 'your connection is insecure'.
How do I redirect it to https://www?
server{
listen 443 ssl;
server_name www.mydomain.com;
root /www/mydomain.com/;
ssl on;
ssl_certificate /ssl/domain.crt;
ssl_certificate /ssl/domain.key;
.
.
.
}
server{
listen 80;
server_name www.mydomain.com mydomain.com;
return 301 https://$server_name$request_uri;
}
server{
listen 443;
server_name mydomain.com;
return 301 https://www.$server_name$request_uri;
}

the third server is missing SSL certificates which is why the browser is saying the connection is insecure.
replace your last two servers with:
# redirect www.mydomain.com to https
server {
listen 80;
server_name www.mydomain.com;
return 301 https://$server_name$request_uri;
}
# redirect mydomain.com to https
server{
listen 80;
server_name mydomain.com;
return 301 https://www.$server_name$request_uri;
}

A good way to get the correct configuration is using new blocks for each redirect, one from http to https and one to non-www to www.
server {
listen 80;
server_name www.example.com example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /path/to/certificate.crt;
ssl_certificate_key /path/to/private/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /path/to/certificate.crt;
ssl_certificate_key /path/to/private/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
server_name example.com;
# do the proper handling of the request
}

Proxy Neo4j binary bolt protocol using nginx to add encryption and authentication

It is possible to use nginx to proxy Neo4j's http protocol to add encryption and authentication:
server {
server_name graph.example.org;
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
include snippets/ssl-params.conf;
location / {
proxy_pass http://localhost:7471/;
auth_basic "restricted";
auth_basic_user_file /path/to/users;
}
}
But I do not know how to proxy the bolt connection; a pseudo-configuration that contains all the necessary info:
server {
server_name graph.example.org;
listen 7687 ssl;
listen [::]:7687 ssl;
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
include snippets/ssl-params.conf;
<some ‘location’ directive> {
<some-proxy-directive> localhost:7686;
# dbms.connector.bolt.address=localhost:7686
auth_basic "restricted";
auth_basic_user_file /path/to/users;
}
}
Given that location does not make sense in this context and that proxy_pass needs an http(s)-based url, this pseudo-configuration is probably not close to the wanted one.
In an answer to the the question “Is it possible to forward NON-http connecting request to some other port in nginx?”, the stream-core module is suggested. But it is not clear to me how I'd use it. Would the following work (I have not yet been able to test this):
stream {
server {
server_name graph.example.org;
listen 7687 ssl;
listen [::]:7687 ssl;
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
include snippets/ssl-params.conf;
auth_basic "restricted";
auth_basic_user_file /path/to/users;
proxy_pass localhost:7686;
# dbms.connector.bolt.address=localhost:7686
}
}
Perhaps directive need to be modified or more directives need to be added to make this work?

nginx simple SSL connection

I am new to setup a simple SSL connection using nginx. The code I wrote below is accessible but it is not running with SSL. What am I missing?
My test site is just a simple index.html. My certificate and key is saved in /etc/ssl/certs.
server {
listen 80;
server_name example.com;
location / {
proxy_pass https://example.com:443;
}
}
server {
listen 443;
root /home/deploy/test;
ssl on;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/certs/server.key;
}

You have to redirect non-HTTPS to HTTPS, not proxy pass.
server {
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443;
server_name example.com;
root /home/deploy/test;
ssl on;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/certs/server.key;
}