通过 nginx 设置 Odoo 14 + HTTPS
Setting up Odoo 14 + HTTPS through nginx
我一直在开发一个已部署的 Odoo v14 实例,我曾经使用 IP 访问它。
我的目的是使用我拥有的子域访问此实例,我已经注册 domainname.com 并创建了一个名为 crm.domainname.com 的 A 记录,目标是我的 Odoo 实例所在的 IP。
link 工作正常,但我想隐藏 IP 并只显示 crm。domainname.com 当 Odoo 被访问时,我安装了 Nginx 来配置域并将其用作反向代理。
这就是我的问题所在,我没有太多配置 Nginx 的经验,但经过一些研究和试验,我想出了这个配置(但我认为它们是多余的)
文件/etc/nginx/nginx.conf
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
listen 443 ssl;
server_name crm.domainname.com;
ssl_certificate /etc/nginx/ssl/crm_domainname_com.crt;
ssl_certificate_key /etc/nginx/ssl/crm_domainname_com.key;
location / {
proxy_pass http://127.0.0.1:8069;
}
}
}
以及 /ect/nginx/sites-available/odoo 和 /ect/nginx/sites-enabled/odoo 似乎根本没有加载
#odoo server
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}
# http -> https
server {
listen 80 default_server;
server_name crm.domainname.com;
# return 301 https://crm.domainname.com$request_uri;
rewrite ^(.*) https://$host permanent;
}
server {
listen 443 ssl default_server;
server_name crm.domainname.com;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# SSL parameters
ssl on;
ssl_certificate /etc/nginx/ssl/crm_domainname_com.crt;
ssl_certificate_key /etc/nginx/ssl/crm_domainname_com.key;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM$....
ssl_prefer_server_ciphers on;
# log
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;
# Redirect longpoll requests to odoo longpolling port
location /longpolling {
proxy_pass http://odoochat;
}
# Redirect requests to odoo backend server
location / {
proxy_redirect off;
proxy_pass http://odoo;
}
# location ~* /web/static/ {
# proxy_cache_valid 200 90m;
# proxy_buffering on;
# expires 864000;
# proxy_pass http://odoo;
# }
# common gzip
gzip_types text/css text/scss text/plain text/xml application/xml application/json applicat$
gzip on;
}
我的 odoo-server.conf 文件终于来了
xmlrpc_interface = 127.0.0.1
db_host = False
db_maxconn = 64
db_name = False
db_password = False
db_port = False
db_sslmode = prefer
db_template = template0
db_user = odoo
dbfilter =
demo = {}
email_from = False
geoip_database = /usr/share/GeoIP/GeoLite2-City.mmdb
http_enable = True
http_interface = 127.0.0.1
http_port = 8069
import_partial =
limit_memory_hard = 2684354560
limit_memory_soft = 2147483648
limit_request = 8192
limit_time_cpu = 60
limit_time_real = 120
limit_time_real_cron = -1
list_db = True
log_db = False
log_db_level = warning
log_handler = :INFO
log_level = info
logfile = /var/log/odoo/odoo-server.log
longpolling_port = 8072
max_cron_threads = 1
osv_memory_age_limit = False
osv_memory_count_limit = False
pg_path =
pidfile =
proxy_mode = True
reportgz = False
screencasts =
screenshots = /tmp/odoo_tests
server_wide_modules = base,web
smtp_password = False
smtp_port = 25
smtp_server = localhost
smtp_ssl = False
smtp_user = False
syslog = False
test_enable = False
test_file =
test_tags = None
transient_age_limit = 1.0
translate_modules = ['all']
unaccent = False
upgrade_path =
without_demo = False
workers = 2
在 运行 所有这些配置并重新启动 Odoo 和 Nginx 之后,我可以访问 crm。domainname.com 但是 CSS 和 JS 等资产没有加载。 Chrome 控制台显示以下错误:
Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH
当我使用我的用户名和密码登录时,我看到的只是一个空白屏幕。 Chrome 控制台显示与登录屏幕相同的错误,但 status 200 有时也会出现此错误:
Uncaught TypeError: odoo.define is not a function
我试过重新生成资产,但我只能使用以下方法删除它们
DELETE FROM ir_attachment WHERE url LIKE '/web/content/%'; 但它可能使情况变得更糟。
我哪里错了?我在任何地方都找不到关于这个丢失资产的解决方案,也找不到正确的 nginx.conf 和 /etc/nginx/sites-enabled 配置
我已经解决了资产未加载的问题,这几乎都是我的 Nginx 配置错误!
首先,在文件/etc/nginx/nginx.conf
我已经删除了 http 中的服务器块,
我必须包括启用站点的配置并将服务器指令删除到主 HTTP 块。
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/sites-available/odoo;
}
我在 /etc/nginx/sites-enabled/odoo 中的服务器指令现在看起来像这样
*Old config*
. . .
#http-> https
server {
server_name crm.domainname.com;
return 301 https://crm.domainname.com$request_uri;
}
#https
server {
listen 443 ssl http2;
server_name crm.domainname.com;
. . .
*More config*
. . .
add_header Strict-Transport-Security max-age=15768000;
# Redirect requests to odoo backend server
location / {
proxy_redirect off;
proxy_pass http://odoo;
}
location /longpolling {
proxy_pass http://odoochat;
}
location ~* /web/static/ {
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo;
}
}
最后我在/etc/odoo-server.conf
末尾添加了接口
xmlrpc_interface = 127.0.0.1
netrpc_interface = 127.0.0.1
现在一切正常,我的子域正在重定向到 https 并正确显示 Odoo 并加载其所有资产,即使我没有处于调试模式!
我一直在开发一个已部署的 Odoo v14 实例,我曾经使用 IP 访问它。 我的目的是使用我拥有的子域访问此实例,我已经注册 domainname.com 并创建了一个名为 crm.domainname.com 的 A 记录,目标是我的 Odoo 实例所在的 IP。 link 工作正常,但我想隐藏 IP 并只显示 crm。domainname.com 当 Odoo 被访问时,我安装了 Nginx 来配置域并将其用作反向代理。
这就是我的问题所在,我没有太多配置 Nginx 的经验,但经过一些研究和试验,我想出了这个配置(但我认为它们是多余的)
文件/etc/nginx/nginx.conf
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
listen 443 ssl;
server_name crm.domainname.com;
ssl_certificate /etc/nginx/ssl/crm_domainname_com.crt;
ssl_certificate_key /etc/nginx/ssl/crm_domainname_com.key;
location / {
proxy_pass http://127.0.0.1:8069;
}
}
}
以及 /ect/nginx/sites-available/odoo 和 /ect/nginx/sites-enabled/odoo 似乎根本没有加载
#odoo server
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}
# http -> https
server {
listen 80 default_server;
server_name crm.domainname.com;
# return 301 https://crm.domainname.com$request_uri;
rewrite ^(.*) https://$host permanent;
}
server {
listen 443 ssl default_server;
server_name crm.domainname.com;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Add Headers for odoo proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# SSL parameters
ssl on;
ssl_certificate /etc/nginx/ssl/crm_domainname_com.crt;
ssl_certificate_key /etc/nginx/ssl/crm_domainname_com.key;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM$....
ssl_prefer_server_ciphers on;
# log
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;
# Redirect longpoll requests to odoo longpolling port
location /longpolling {
proxy_pass http://odoochat;
}
# Redirect requests to odoo backend server
location / {
proxy_redirect off;
proxy_pass http://odoo;
}
# location ~* /web/static/ {
# proxy_cache_valid 200 90m;
# proxy_buffering on;
# expires 864000;
# proxy_pass http://odoo;
# }
# common gzip
gzip_types text/css text/scss text/plain text/xml application/xml application/json applicat$
gzip on;
}
我的 odoo-server.conf 文件终于来了
xmlrpc_interface = 127.0.0.1
db_host = False
db_maxconn = 64
db_name = False
db_password = False
db_port = False
db_sslmode = prefer
db_template = template0
db_user = odoo
dbfilter =
demo = {}
email_from = False
geoip_database = /usr/share/GeoIP/GeoLite2-City.mmdb
http_enable = True
http_interface = 127.0.0.1
http_port = 8069
import_partial =
limit_memory_hard = 2684354560
limit_memory_soft = 2147483648
limit_request = 8192
limit_time_cpu = 60
limit_time_real = 120
limit_time_real_cron = -1
list_db = True
log_db = False
log_db_level = warning
log_handler = :INFO
log_level = info
logfile = /var/log/odoo/odoo-server.log
longpolling_port = 8072
max_cron_threads = 1
osv_memory_age_limit = False
osv_memory_count_limit = False
pg_path =
pidfile =
proxy_mode = True
reportgz = False
screencasts =
screenshots = /tmp/odoo_tests
server_wide_modules = base,web
smtp_password = False
smtp_port = 25
smtp_server = localhost
smtp_ssl = False
smtp_user = False
syslog = False
test_enable = False
test_file =
test_tags = None
transient_age_limit = 1.0
translate_modules = ['all']
unaccent = False
upgrade_path =
without_demo = False
workers = 2
在 运行 所有这些配置并重新启动 Odoo 和 Nginx 之后,我可以访问 crm。domainname.com 但是 CSS 和 JS 等资产没有加载。 Chrome 控制台显示以下错误:
Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH
当我使用我的用户名和密码登录时,我看到的只是一个空白屏幕。 Chrome 控制台显示与登录屏幕相同的错误,但 status 200 有时也会出现此错误:
Uncaught TypeError: odoo.define is not a function
我试过重新生成资产,但我只能使用以下方法删除它们
DELETE FROM ir_attachment WHERE url LIKE '/web/content/%'; 但它可能使情况变得更糟。
我哪里错了?我在任何地方都找不到关于这个丢失资产的解决方案,也找不到正确的 nginx.conf 和 /etc/nginx/sites-enabled 配置
我已经解决了资产未加载的问题,这几乎都是我的 Nginx 配置错误!
首先,在文件/etc/nginx/nginx.conf
我已经删除了 http 中的服务器块,
我必须包括启用站点的配置并将服务器指令删除到主 HTTP 块。
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/sites-available/odoo;
}
我在 /etc/nginx/sites-enabled/odoo 中的服务器指令现在看起来像这样
*Old config*
. . .
#http-> https
server {
server_name crm.domainname.com;
return 301 https://crm.domainname.com$request_uri;
}
#https
server {
listen 443 ssl http2;
server_name crm.domainname.com;
. . .
*More config*
. . .
add_header Strict-Transport-Security max-age=15768000;
# Redirect requests to odoo backend server
location / {
proxy_redirect off;
proxy_pass http://odoo;
}
location /longpolling {
proxy_pass http://odoochat;
}
location ~* /web/static/ {
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo;
}
}
最后我在/etc/odoo-server.conf
xmlrpc_interface = 127.0.0.1
netrpc_interface = 127.0.0.1
现在一切正常,我的子域正在重定向到 https 并正确显示 Odoo 并加载其所有资产,即使我没有处于调试模式!