Using nginx for SSL and reverse proxy functionality for Odoo. Had some issues earlier and had to rebuild the nginx config from scratch, and now I'm getting an endless redirect. Here's my /etc/nginx/sites-available/default:
upstream odoo {
server 127.0.0.1:8069;
}
server {
listen 80;
server_name odoo.site.com;
root /usr/share/nginx/html;
index index.html index.htm;
access_log /var/log/nginx/odoo-mydomain-local.access.log;
error_log /var/log/nginx/odoo-mydomain-local.error.log;
location / {
proxy_pass http://odoo;
# force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
# set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
# cache some static data in memory for 60mins
location ~* /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/odoo.site.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/odoo.site.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
Any ideas?
Related
I have some problem with my config.
If I add upstream HTTPS servers authorization didnt work.
Working config
upstream facturatest {
server s1test.com:443 max_fails=3 fail_timeout=10s;
server s2test.com:443 backup;
}
server {
server_name gw.site.com;
location /tst {
allow all;
proxy_buffering on;
proxy_buffer_size 1k;
proxy_buffers 24 4k;
proxy_busy_buffers_size 8k;
proxy_max_temp_file_size 2048m;
proxy_temp_file_write_size 32k;
#proxy_redirect off;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-for $remote_addr;
include /etc/nginx/cors;
proxy_set_header Authorization "Basic ZGlkb3g6cHJvdjF0Z";
proxy_pass https://s1test.com/;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/_________________/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/__________/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = gw.site.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name gw.site.com;
listen --.--.--.--:80;
return 404; # managed by Certbot
}
If I change proxy_pass https://s1test.com/; to my upstream proxy_pass https://facturatest/; authorization didnt work
I am trying to configure Nginx as reverse proxy keeping Uvicorn behind it.
When I try to access "example.com", it returns the home page but gives 404 for all static files.
When I try to access any other endpoint like "example.com/blog", it returns "404 not found" page.
Here is the Nginx config:
server {
root /var/www/example.com/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ =404;
#custom config
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://uvicorn;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream uvicorn {
server unix:/tmp/uvicorn.sock;
}
What changes should I do to make it work?
As per the suggestion given by #richard-smith in the comment, I tried commenting out this line
location / {
#try_files $uri $uri/ =404; <-- here
#custom config
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://uvicorn;
}
and it worked fine. It is now able to serve all the endpoints.
I am testing some APIs with POSTMAN.
When i am sending data in request body (raw section in POSTMAN) , data is present when i call the url with https i.e https://example.com/api-url/ but i am receiving empty body when i send the request with http url i.e http://example.com/api-url/
Non-secure requests are working fine. They are being directed to https. Only issue is request body is not being there when any request is called from http url.
What is wrong in nginx configuration?
This is the nginx configuration.
server {
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 4G;
access_log /home/myuser/myproject/logs/nginx-access.log;
error_log /home/myuser/myproject/logs/nginx-error.log;
server_name example.com ;
add_header Content-Security-Policy "frame-ancestors *.exampledomain.com" always;
location /static/ { alias /home/myuser/myproject/staticfiles/; }
location /media/ { alias /home/myuser/myproject/media/; }
location / {
proxy_pass http://unix:/home/myuser/myvenv/myproject/daphne.sock;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 240;
proxy_connect_timeout 240;
proxy_send_timeout 240;
send_timeout 240;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com ;
return 404; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.example.com;
return 404; # managed by Certbot
}
Maybe Express body-parser/json-parser didn't parse the body when you call with http, and did not pass it to req.body.
Add this into your / proxy handler May correct your problem :
proxy_set_header content-type "application/json";
like this :
location / {
proxy_pass http://unix:/home/myuser/myvenv/myproject/daphne.sock;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header content-type "application/json";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 240;
proxy_connect_timeout 240;
proxy_send_timeout 240;
send_timeout 240;
}
I found this answer by #miknik . It states that there is an issue while redirecting with 301/302 status codes. I replaced 301 with 307 in my nginx configuration and it started working.
Ok, I'm using Odoo 12 on Ubuntu 18.04, nginx/1.14.0 with letsencrypt for my ssl certs.
Most everything is working perfectly, however links from the website that redirect are returning the variable I named in the nginx domain config file instead of using the domain.
# Odoo servers
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}
# HTTP -> HTTPS
server {
if ($host = www.qa.moddulu.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = qa.moddulu.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.qa.moddulu.com qa.moddulu.com;
include snippets/letsencrypt.conf;
return 301 https://qa.moddulu.com$request_uri;
}
# WWW -> NON WWW
server {
listen 443 ssl http2;
server_name www.qa.moddulu.com;
ssl_trusted_certificate /etc/letsencrypt/live/qa.moddulu.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
return 301 https://qa.moddulu.com$request_uri;
ssl_certificate /etc/letsencrypt/live/qa.moddulu.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/qa.moddulu.com/privkey.pem; # managed by Certbot
}
server {
listen 443 ssl http2;
server_name qa.moddulu.com;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Proxy headers
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# SSL parameters
ssl_trusted_certificate /etc/letsencrypt/live/qa.moddulu.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
return 301 https://qa.moddulu.com$request_uri;
ssl_certificate /etc/letsencrypt/live/qa.moddulu.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/qa.moddulu.com/privkey.pem; # managed by Certbot
}
server {
listen 443 ssl http2;
server_name qa.moddulu.com;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Proxy headers
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# SSL parameters
ssl_trusted_certificate /etc/letsencrypt/live/qa.moddulu.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
# log files
access_log /var/log/nginx/qa.moddulu.com.access.log;
error_log /var/log/nginx/qa.moddulu.com.error.log;
# Handle longpoll requests
location /longpolling {
proxy_pass http://odoochat;
}
# Handle / requests
location / {
proxy_redirect off;
proxy_pass http://odoo;
}
# Cache static files
location ~* /web/static/ {
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo;
}
# Gzip
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
ssl_certificate /etc/letsencrypt/live/qa.moddulu.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/qa.moddulu.com/privkey.pem; # managed by Certbot
}
so, for example, I'm trying to log in and and the url is going to 'https://odoo/web' instead of 'https://qa.moddulu.com/web'. the 'odoo' in the link changes with whatever the upstream variable for the server is. I haven't been able to find a solution to this. I've tried rebuilding the server, but that didn't fix the problem.
EDIT: I am also using google cloud services for my hosting.
Ok, so what I did was to change upstream odoo to upstream qa.moddulu.com. this fixes the problem I was having.
It is the bug of odoo12 source code.
Updating it to the newest version solved the problem.
I am using node.js project in a nginx digital ocean server.
I have configured the server with reverse proxy to the node project. All works great. But my socket doesn't work. It seems 80 and 443 problems.
I tried to do this bellow configuration in my server
server {
root /home/sadek/project/node;
index index.html index.htm index.nginx-debian.html;
server_name domain.com www.domain.com;
location / {
proxy_pass http://localhost:8181;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 443 ssl;
server_name domain.com www.domain.com;
return 404; # managed by Certbot
}
But I get this error conflicting server name "domain.com" on 0.0.0.0:443, ignored
Thank you.
Try this:
server {
listen 443 ;
server_name abc.com www.abc.com;
large_client_header_buffers 8 32k;
if ($http_user_agent ~* Googlebot) {
return 403;
}
access_log /var/log/nginx/access.log;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://localhost:8181;
proxy_read_timeout 90;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffers 8 32k;
proxy_buffer_size 64k;
}
}