Odoo 12: Link Redirects broken using Nginx - nginx

Ok, I'm using Odoo 12 on Ubuntu 18.04, nginx/1.14.0 with letsencrypt for my ssl certs.
Most everything is working perfectly, however links from the website that redirect are returning the variable I named in the nginx domain config file instead of using the domain.
# Odoo servers
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}
# HTTP -> HTTPS
server {
if ($host = www.qa.moddulu.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = qa.moddulu.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.qa.moddulu.com qa.moddulu.com;
include snippets/letsencrypt.conf;
return 301 https://qa.moddulu.com$request_uri;
}
# WWW -> NON WWW
server {
listen 443 ssl http2;
server_name www.qa.moddulu.com;
ssl_trusted_certificate /etc/letsencrypt/live/qa.moddulu.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
return 301 https://qa.moddulu.com$request_uri;
ssl_certificate /etc/letsencrypt/live/qa.moddulu.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/qa.moddulu.com/privkey.pem; # managed by Certbot
}
server {
listen 443 ssl http2;
server_name qa.moddulu.com;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Proxy headers
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# SSL parameters
ssl_trusted_certificate /etc/letsencrypt/live/qa.moddulu.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
return 301 https://qa.moddulu.com$request_uri;
ssl_certificate /etc/letsencrypt/live/qa.moddulu.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/qa.moddulu.com/privkey.pem; # managed by Certbot
}
server {
listen 443 ssl http2;
server_name qa.moddulu.com;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Proxy headers
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# SSL parameters
ssl_trusted_certificate /etc/letsencrypt/live/qa.moddulu.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
# log files
access_log /var/log/nginx/qa.moddulu.com.access.log;
error_log /var/log/nginx/qa.moddulu.com.error.log;
# Handle longpoll requests
location /longpolling {
proxy_pass http://odoochat;
}
# Handle / requests
location / {
proxy_redirect off;
proxy_pass http://odoo;
}
# Cache static files
location ~* /web/static/ {
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo;
}
# Gzip
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
ssl_certificate /etc/letsencrypt/live/qa.moddulu.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/qa.moddulu.com/privkey.pem; # managed by Certbot
}
so, for example, I'm trying to log in and and the url is going to 'https://odoo/web' instead of 'https://qa.moddulu.com/web'. the 'odoo' in the link changes with whatever the upstream variable for the server is. I haven't been able to find a solution to this. I've tried rebuilding the server, but that didn't fix the problem.
EDIT: I am also using google cloud services for my hosting.

Ok, so what I did was to change upstream odoo to upstream qa.moddulu.com. this fixes the problem I was having.

It is the bug of odoo12 source code.
Updating it to the newest version solved the problem.

Related

How to SSL multiple ports on same server for single domain name using nginx

I am using let's encrypt to get SSL certificates and nginx as reverse proxy. Below is my nginx conf file that I am using :
server {
listen 443 http2 ssl;
server_name example.com;
access_log /var/log/nginx/example.com.log;
error_log /var/log/nginx/example.com.log;
location /.well-known/acme-challenge/ {
root /var/www/html/grafana; # Temp for generating letsencrypt
default_type text/plain;
}
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#Fix the “It appears that your reverse proxy set up is broken” error.
proxy_pass http://127.0.0.1:3000;
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:3000 http://example.com/;
#Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
}
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.com;
return 404; # managed by Certbot
}
============
My requirement here is :
I am running multiple applications on this server such as Jenkins, Gitlab, Grafana. And these applications are listening on different ports. The above file lets me redirect https://example.com to http://example.com:3000. But I would like to redirect my connections like this :
https://example.com:3000 -> http://example.com:3000
https://example.com:8080 -> http://example.com:8080
https://example.com:81 -> http://example.com:81
I have seen an environment doing it. But can't figure out how this was done.

JSF and Nginx: uploading files fails when server behind Nginx

with JSF 2.3, Jakarta EE 8 and Wildfly 23 / Payara 5
Uploading a file with <h:input> or <p:fileUpload> works fine but fails when Nginx is turned on. The file is never received by the backing bean.
is there any configuration to add to the server? (Payara or Wildfly)
the Nginx config file has surely errors in it?
app.conf:
upstream payara{
least_conn;
server localhost:8080 max_fails=3 fail_timeout=5s;
server localhost:8181 max_fails=3 fail_timeout=5s;
}
server {
if ($host = nocodefunctions.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
access_log /var/log/nginx/payara-access.log;
error_log /var/log/nginx/payara-error.log;
#Replace with your domain
server_name nocodefunctions.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name nocodefunctions.com;
ssl_certificate /etc/letsencrypt/live/xxxxx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxxx/privkey.pem; # managed by Certbot
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
location /nocodeapp-web-front-1.0 {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://payara$request_uri;
}
location = / {
proxy_pass http://payara;
return 301 https://nocodefunctions.com/nocodeapp-web-front-1.0;
}
}
The issue was: my file was larger than the size limit for uploads by nginx, which is set by default to 1m.
The solution consists in adding client_max_body_size 8M; (or any other value) to the config file, more details available in this SO post.

Request body is not passing in http url but it is present in https url

I am testing some APIs with POSTMAN.
When i am sending data in request body (raw section in POSTMAN) , data is present when i call the url with https i.e https://example.com/api-url/ but i am receiving empty body when i send the request with http url i.e http://example.com/api-url/
Non-secure requests are working fine. They are being directed to https. Only issue is request body is not being there when any request is called from http url.
What is wrong in nginx configuration?
This is the nginx configuration.
server {
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 4G;
access_log /home/myuser/myproject/logs/nginx-access.log;
error_log /home/myuser/myproject/logs/nginx-error.log;
server_name example.com ;
add_header Content-Security-Policy "frame-ancestors *.exampledomain.com" always;
location /static/ { alias /home/myuser/myproject/staticfiles/; }
location /media/ { alias /home/myuser/myproject/media/; }
location / {
proxy_pass http://unix:/home/myuser/myvenv/myproject/daphne.sock;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 240;
proxy_connect_timeout 240;
proxy_send_timeout 240;
send_timeout 240;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com ;
return 404; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.example.com;
return 404; # managed by Certbot
}
Maybe Express body-parser/json-parser didn't parse the body when you call with http, and did not pass it to req.body.
Add this into your / proxy handler May correct your problem :
proxy_set_header content-type "application/json";
like this :
location / {
proxy_pass http://unix:/home/myuser/myvenv/myproject/daphne.sock;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header content-type "application/json";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 240;
proxy_connect_timeout 240;
proxy_send_timeout 240;
send_timeout 240;
}
I found this answer by #miknik . It states that there is an issue while redirecting with 301/302 status codes. I replaced 301 with 307 in my nginx configuration and it started working.

Issues with Artifactory and NGINX proxy_pass

I'm having issues with nginx and proxy pass. I have setup an instance of JFrog Artifactory and pointed my domain to it successfully; however the port is still appearing in the "URL to file" (the image). Here is my nginx config
server {
server_name repo.hyperiamc.com;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
rewrite ^/$ /ui/ redirect;
rewrite ^/ui$ /ui/ redirect;
chunked_transfer_encoding on;
client_max_body_size 0;
location / {
proxy_read_timeout 2400s;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass http://x.x.x.x:8082;
proxy_next_upstream error timeout non_idempotent;
proxy_next_upstream_tries 1;
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~ ^/artifactory/ {
proxy_pass http://x.x.x.x:8081;
}
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/repo.hyperiamc.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/repo.hyperiamc.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }
Visiting the site the URL works, it appears that it's only the URL to file. I have set my Base URL inside of artifactory to match that of the proxy.
I believe it is due to the header value we are setting up in the config. Change the line.
From: proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
TO: proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host;
Hope this helps.

Redirect loop with nginx

Using nginx for SSL and reverse proxy functionality for Odoo. Had some issues earlier and had to rebuild the nginx config from scratch, and now I'm getting an endless redirect. Here's my /etc/nginx/sites-available/default:
upstream odoo {
server 127.0.0.1:8069;
}
server {
listen 80;
server_name odoo.site.com;
root /usr/share/nginx/html;
index index.html index.htm;
access_log /var/log/nginx/odoo-mydomain-local.access.log;
error_log /var/log/nginx/odoo-mydomain-local.error.log;
location / {
proxy_pass http://odoo;
# force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
# set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
# cache some static data in memory for 60mins
location ~* /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/odoo.site.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/odoo.site.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
Any ideas?

Resources