【发布时间】:2016-03-03 11:00:07
【问题描述】:
按照this tutorial 我这样配置我的Nginx:
upstream odoo8 {
server 127.0.0.1:8069 weight=1 fail_timeout=0;
}
upstream odoo8-im {
server 127.0.0.1:8072 weight=1 fail_timeout=0;
}
server {
# server port and name (instead of 443 port)
listen 22443;
server_name _;
# Specifies the maximum accepted body size of a client request,
# as indicated by the request header Content-Length.
client_max_body_size 2000m;
# add ssl specific settings
keepalive_timeout 60;
ssl on;
ssl_certificate /etc/ssl/nginx/server.crt;
ssl_certificate_key /etc/ssl/nginx/server.key;
error_page 497 https://$host:22443$request_uri;
# limit ciphers
ssl_ciphers HIGH:!ADH:!MD5;
ssl_protocols SSLv3 TLSv1;
ssl_prefer_server_ciphers on;
# increase proxy buffer to handle some Odoo web requests
proxy_buffers 16 64k;
proxy_buffer_size 128k;
# general proxy settings
# force timeouts if the backend dies
proxy_connect_timeout 3600s;
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
# Let the Odoo web service know that we’re using HTTPS, otherwise
# it will generate URL using http:// and not https://
proxy_set_header X-Forwarded-Proto https;
# by default, do not forward anything
proxy_redirect off;
proxy_buffering off;
location / {
proxy_pass http://odoo8;
}
location /longpolling {
proxy_pass http://odoo8-im;
}
# cache some static data in memory for 60mins.
# under heavy load this should relieve stress on the Odoo web interface a bit.
location /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo8;
}
}
我的 Odoo 配置中有这个端口
longpolling_port = 8072
xmlrpc_port = 8069
xmlrpcs_port = 22443
proxy_mode = True
当我在浏览器中加载https://my_domain:22443/web/database/selector 时,它加载得很好。但是当我选择数据库或进行任何操作时,地址会丢失https 和端口,因此它是通过端口 80 加载的。然后我需要将其添加到 NginX 配置中,并且端口 80 应该是开放的
## http redirects to https ##
server {
listen 80;
server_name _;
# Strict Transport Security
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://$host:22443$request_uri? permanent;
}
有没有办法避免这种重定向?像这样我可以关闭 80 端口以避免欺骗
更新
我可以使用地址https://my_domain:22443/web/login?db=dabatase_name 打开登录屏幕,我可以在里面正常工作,但是如果我为了在下拉列表中选择另一个数据库而注销,它会再次丢失端口和 ssl
【问题讨论】:
-
从未使用过odoo,但您是否启用了代理模式以便站点根据您设置的
X-Forwarded-Proto生成链接? odoo.com/documentation/8.0/reference/… -
感谢 Joe Doherty 的评论。但是我将配置更改为
proxy_mode = True,得到了相同的结果 -
所以 odoo 中的链接本身显示为 HTTP?问题就在那里,而不是 Nginx。 Odoo 需要知道它必须为端口生成 URL,否则链接总是会转到错误的位置。
-
如果我登录一个数据库,一切正常,因为参数
web.base.url是正确的:https://my_domain:22443。问题是当我注销时,因为我没有该参数,因为我没有登录任何数据库。我如何告诉 Odoo:“始终使用这个地址”? -
我用我找到的临时解决方案更新了我的答案
标签: ssl nginx https odoo-8 odoo