2

I have installed Odoo on a server and it works well. Now I am trying to configure a site in Nginx to run Odoo with SSL protocol. I did this other times, but now, I cannot manage it and I do not why.

I have created this site in Nginx in sites-available folder (I have checked that the respective symbolic link in sites-enabled is OK):

upstream backend-odoo {
    server 127.0.0.1:30081;
}

upstream backend-odoo-im {
    server 127.0.0.1:32081;
}

server {
    listen 80;
    add_header Strict-Transport-Security max-age=2592000;
    rewrite ^/.*$ https://$host$request_uri? permanent;
}

server {
    listen 443 default;

    # ssl settings
    ssl on;
    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/key.pem;
    keepalive_timeout 60;

    # proxy header and settings
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;

    # odoo log files access_log /var/log/nginx/odoo-access.log;
    error_log /var/log/nginx/odoo-error.log;

    # increase proxy buffer size
    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    # force timeouts if the backend dies
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

    # enable data compression
    gzip on;
    gzip_min_length 1100;
    gzip_buffers 4 32k;
    gzip_types text/plain application/x-javascript text/xml text/css;
    gzip_vary on;

    location / {
        proxy_pass http://backend-odoo;
    }

    location ~* /web/static/ {
        # cache static data
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://backend-odoo;
    }

    location /longpolling {
        proxy_pass http://backend-odoo-im;
    }
}

I have reloaded and restarted Nginx. I have also modified the following parameters in Odoo configuration file:

longpolling_port = 32081
proxy_mode = True
secure_cert_file = /etc/nginx/ssl/cert.pem
secure_pkey_file = /etc/nginx/ssl/key.pem
workers = 33
xmlrpc = True
xmlrpc_interface = 127.0.0.1
xmlrpc_port = 30081
xmlrpcs = True
xmlrpcs_interface = 127.0.0.1
xmlrpcs_port = 31081

I restarted Odoo service. I have checked the opened ports at the server executing the command nmap -sT -O localhost at the server. The result:

PORT     STATE SERVICE
80/tcp   open  http
139/tcp  open  netbios-ssn
443/tcp  open  https
445/tcp  open  microsoft-ds
5432/tcp open  postgresql
8022/tcp open  oa-system

To access the server from a browser I type local.example.com on the URL. And it remains loading forever. I have also tried with https://local.example.com but same result. I can only see the message Failed to load resource: net::ERR_CONNECTION_TIMED_OUT at the browser JS console.

What have I forgotten? Can anyone help me, please? I am very lost now.

forvas
  • 903

2 Answers2

0

First of all, we are not clear here what type of SSL certificate you are using.

The type of SSL certificate question has been raised here because you are trying to access sub-domain name through local.example.com. If your certificate is domain validated or standard SSL certificate then it will not work.

Now, we may think that the concern issue is here, you should add your intermediate, and root certificate in Cert.pem folder while installing an SSL certificate.

Go with above solution and try to re-install your certificate. But you should first confirm your type of SSL certificate because you are trying to access sub-domain name and it requires Wildcard SSL Certificate.

Kamil Maciorowski
  • 81,893
Jim Aron
  • 1
0

Using Apache2 setup with https://letsencrypt.org/

In sites enabled create:

  <VirtualHost *:80>
       ServerName trump4ever.com
       ServerAlias www.trump4ever.com
       Redirect / https://trump4ever.com/
  </VirtualHost>

  <VirtualHost *:443>
       ServerName trump4ever.com
       ServerAlias trump4ever.com

       LogLevel warn
       ErrorLog /var/log/apache2/trump4ever.com.error.log
       CustomLog /var/log/apache2/trump4ever.com.access.log combined

       SSLEngine on
       SSLProxyEngine on
       SSLCertificateFile /etc/letsencrypt/live/trump4ever.com/fullchain.pem
       SSLCertificateKeyFile /etc/letsencrypt/live/trump4ever.com/privkey.pem

       ProxyPreserveHost On
       ProxyPass / http://localhost:9960/ retry=0
       ProxyPassReverse / http://localhost:9960/
  </VirtualHost>
Phoenix Sampras
  • 1